User permissions
At the moment we use the require_login feature of Flask-Security to restrict access to users with valid accounts. As part of the introduction of teams (#1 (closed)) we need to add stronger access control to different aspects of the application. We will use the roles_required feature of Flask-Security for this.
Related Issues
- #1 (closed) - Teams and escalations
Assumptions
- A few Roles will cover the majority of users
- Granular permissions for each feature can be used where Roles don't cover specific use cases.
Suggested roles
- Guest
- Trainee staff
- On-call staff
- Team manager (user with permissions to create new users in a team, etc)
Granular permissions
We should also add granular permissions for access to pages and the ability to do certain tasks such as performing a handover.
Edited by James Forman