Implement user record level permission for global admin, project admin, practice area lead, and team members #392
Labels
complexity: large
Many parts are unexplained and up to the implementer to figure out.
ethan
feature: security
milestone: missing
role: dev lead
s: PD team
stakeholder: People Depot Team
size: 3pt
Can be done in 13-18 hours
Overview
Restrict which records can be read or updated based on a user's role/permission type, project, and practice area assignment
Detail
All role/permission type, project, and practice area assignments are specified in user_permissions.
Technical
Read privileges - When getting a list of users, the list of users reading specified in query set specified in views.py. When retrieving a specific user, serializers.py checks if the requester has permission to read the identified user.
Update privilege - When updating a user, views.py checksif the requester has permission to update the specified user.
Action Items
The text was updated successfully, but these errors were encountered: