You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Consider the case, where a doctor is assigned patients, and is from a specific hospital
e.g. Hospital_A->Doctor_A->Patient_A
, Hospital_A->Doctor_B->Patient_B
, and Hospital_C->Doctor_C->Patient_C
Doctors have permissions such that they are able to read all records from their assigned hospital, and update the medical record of their assigned patients
In this case, an instance of a doctor should be able to update ONLY the medical record of the patients he/she has been assigned to, i.e. Doctor_B is not allowed to access the records of other patients, e.g. Patient_A, but he can view the records of his assigned patient, Patient_B.
Furthermore, the queryset of patient records should be filtered based on the Hospital that the Doctors belong to. E.g. Doctors A and B can view records originating from Hospital_A, but not from Hospital_C
Is it then possible to implement this level of access control via the concept of Roles through this package?
Thanks
The text was updated successfully, but these errors were encountered:
@filipeximenes Thanks for the recommendation. The object permission checkers were a good fit for my use case. I was able to utilize the checkers inside permission classes, which are mapped to the different usable HTTP specific methods present in the respective viewset.
Consider the case, where a doctor is assigned patients, and is from a specific hospital
e.g. Hospital_A->Doctor_A->Patient_A
, Hospital_A->Doctor_B->Patient_B
, and Hospital_C->Doctor_C->Patient_C
Doctors have permissions such that they are able to read all records from their assigned hospital, and update the medical record of their assigned patients
In this case, an instance of a doctor should be able to update ONLY the medical record of the patients he/she has been assigned to, i.e. Doctor_B is not allowed to access the records of other patients, e.g. Patient_A, but he can view the records of his assigned patient, Patient_B.
Furthermore, the queryset of patient records should be filtered based on the Hospital that the Doctors belong to. E.g. Doctors A and B can view records originating from Hospital_A, but not from Hospital_C
Is it then possible to implement this level of access control via the concept of Roles through this package?
Thanks
The text was updated successfully, but these errors were encountered: