-
Notifications
You must be signed in to change notification settings - Fork 2
Users, permissions and groups
Dave Lawrence edited this page Oct 14, 2020
·
1 revision
We use Django Guardian for per-user object permissions.
Subclass models with GuardianPermissionsMixin which provides a number of utility functions to handle permissions.
In views, use:
patient = Patient.get_for_user(request.user, patient_id) instead of ```get_object_or_404(Patient, pk=patient_id)``
To test views that accesses private data, add a entry to test_urls.py to ensure that PermissionDenied is raised for those without permission.
User creation calls a signal + adds all users to the "public" group, which is used to share data with everyone.
Administrators create groups and add users to them via Django admin