...
Use Case | ||
|---|---|---|
New admin account created with a sandbox in which studies can be created/edited that are not visible to others | ||
“Sandbox” can be converted to real study, with additional users in specific roles for that study | ||
Study is extended by creating a new study | Study recruits from existing user pool into a new study | |
Add someone to a study’s administration team | ||
Remove someone from a study’s administration team | ||
Create similar authorization model for assessments | We should be able to expand it to other things than studies, because it seems likely we’ll encounter something else that needs finer-grained authorization. |
Requirements
Permissions changes should register for users without them having to sign out and sign back in again (if cached they need to be separate from the session);
Organizations. “Teams” in Synapse impart an identical set of permissions to a project for a set of users. “Organizations” in Bridge are a scope for manipulating users, since our app is multi-tenanted. The roles related to organizations:
Role | Scope | |
|---|---|---|
Administrator | Organization |
|
Member | Organization |
|
Studies. Individuals can be given specific roles vis-a-vis a study.
...
| Code Block | ||
|---|---|---|
| ||
class Permission {
String guid; // natural key makes create/add/update ambiguous
String userId;
String role;
String objectType;
String objectId;
// Object ID may need to be compound
void setStudyObjectId(String appId, String studyId) {
this.objectId = appId + ":" + studyId;
}
} |
...