Roles & Permissions in Opal
Opal provides some global per-user flags, which are set in the UserProfile model, as well as more detailed permissions available via roles.
The UserProfile model
Some global properties about Users are set in the opal.models.UserProfile
model.
UserProfile._can_extract
Boolean flag to determine whether this user is allowed to download data extracts from the system
UserProfile._force_password_change
Boolean flag to determine whether we would like to force this user to change
their password on their next login. This defaults to True when the User is
first created.
UserProfile._readonly
Boolean flag to determine whether this user has read-only access.
UserProfile._restricted_only
Boolean flag to determine whether this user should be only shown teams for which they have explicitly been given permission to view or whether they should also see the list of general access teams.
UserProfile.get_roles()
Return a dictionary of roles in various contexts for our user
profile.get_roles() # ->
{
'default': ['doctor'],
'some_research_study': ['Clinical Lead']
}
UserProfile.get_teams()
Return a list of Team objects that this user should be allowed to see.
Roles
A user may be given a particular role. These can be either global - in which case they are
returned in the 'default' section of the roles dict from get_roles(), or specific to
a team.