Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support logging in multiple users (of the same team) when online #2330

Open
LZRS opened this issue May 10, 2023 · 7 comments · May be fixed by #2779
Open

Support logging in multiple users (of the same team) when online #2330

LZRS opened this issue May 10, 2023 · 7 comments · May be fixed by #2779
Assignees
@LZRS @ellykits @DebbieArita @Rkareko

Comments

@LZRS
Copy link
Contributor

LZRS commented May 10, 2023

Describe the feature request.
Support for multiple members of the same team logging in on the same device without requiring data to be purged/fresh synced.

Additional context
Team implies the sync strategy assigned by the health provider at deployment e.g Sync By Team, CareTeam, Organisation, Location

Relates to #2283 (comment)

Acceptance criteria

Implementation plan (For Engineers)
Documented here
@LZRS LZRS added the FHIR Core label May 10, 2023
@LZRS LZRS assigned LZRS and Rkareko May 10, 2023
@LZRS
Copy link
Contributor Author

LZRS commented May 10, 2023

@pld here's the issue that would track the work on multi-tenancy. On the question of unsynced data, I'm still not sure how to handle that, since we'd only allow users of the same team to login and they could probably share data

cc @ndegwamartin @f-odhiambo

@pld
Copy link
Member

pld commented May 10, 2023

Agree, not an issue if we only allow users who have access to the same set of data to log-in then we don't have to worry about unsynced data.

If access to data is only controlled by the CareTeam, then verifying that the user trying to log in is a member of that care team would be sufficient.

If people in the same CareTeam can have varying data access, then that would not work.

@pld pld unassigned Rkareko May 10, 2023
@pld pld removed the FHIR Core label Aug 7, 2023
@LZRS LZRS linked a pull request Sep 22, 2023 that will close this issue
Draft
11 tasks
@pld
Copy link
Member

pld commented Sep 22, 2023

The ideas in the PR look good, I do want us all to think really hard about any edge cases or scenarios where people on the same team should not have access to the same data, think it over, please note any ideas or concerns you have here.

@ellykits
Copy link
Collaborator

ellykits commented Oct 6, 2023

There is a possibility for two users (belonging to the same team) to have different permissions/keycloak roles. @dubdabasoduba will this be a concern?

@pld
Copy link
Member

pld commented Oct 6, 2023 via email

@ellykits
Copy link
Collaborator

Yes that is a problem, they must have the same permission (data access rights) in this modelOn Oct 6, 2023, at 08:36, Elly Kitoto @.> wrote: There is a possibility for two users (belonging to the same team) to have different permissions/keycloak roles. @dubdabasoduba will this be a concern? —Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: @.>

@LZRS Is it possible to add this check for multi-user login implementation?

@LZRS
Copy link
Contributor Author

LZRS commented Oct 11, 2023

Yes that is a problem, they must have the same permission (data access rights) in this modelOn Oct 6, 2023, at 08:36, Elly Kitoto @.> wrote: There is a possibility for two users (belonging to the same team) to have different permissions/keycloak roles. @dubdabasoduba will this be a concern? —Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: _@**.**_>

@LZRS Is it possible to add this check for multi-user login implementation?

Yeah I think it should be possible...we'd probably need to check and compare out roles as encoded in the jwt tokens

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@LZRS LZRS

@ellykits ellykits

@DebbieArita DebbieArita

@Rkareko Rkareko

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Support login for multiple users opensrp/fhircore
5 participants
@pld @LZRS @ellykits @DebbieArita @Rkareko