Skip to content

Add Role-Based Access Control for Mentee, Mentor, and Observer Roles #15

New issue
New issue
Open
Open
Add Role-Based Access Control for Mentee, Mentor, and Observer Roles#15
@MartinAAcebeyL

Description

@MartinAAcebeyL
MartinAAcebeyL
opened on Aug 29, 2024

Summary

Summary

Implement Role-Based Access Control in the project to differentiate between users as Mentee, Mentor, and Observer. This will enable the assignment of specific permissions and access levels based on the user's role, allowing the system to manage who can fill out, view, and manage forms effectively.

Provide examples of real-world use cases that this would enable and how it solves the problem you described.

  1. Form Access Control:
  • Mentee: Can fill out a specific form related to their progress or feedback.
  • Mentor: Can fill out another form that provides their assessment or guidance to the mentee.
  • Observer: Can view both forms to monitor the relationship but cannot modify the content.
  1. Content Restriction:

Only mentors and observers should have access to certain reports or evaluations that are sensitive and not meant for mentees.
Task Assignment:

  1. Managers can assign specific tasks or forms to users based on their roles, ensuring that only the appropriate users are responsible for specific actions.

What's the problem this feature will solve?

Currently, the project does not have a mechanism to differentiate users by roles (e.g., Mentee, Mentor, Observer). This limitation prevents us from assigning appropriate permissions, such as who can fill out a form, who can view it, and who can manage the assignment of forms. Without this feature, we are unable to enforce proper access control, which is critical for the functionality of mentor-mentee relationships and the correct handling of survey forms.

Have you tried to work around the problem?

No

Could there be a different approach to solving this issue?

Implementing a role management system using Django’s built-in Groups or extending the User model with a custom role field would provide a scalable and maintainable solution. This system would allow us to define clear permissions for each role and enforce them consistently across the project.

Additional Information



Code of Conduct


    

  •  I agree to follow the Code of Conduct
    • 

Metadata
Metadata
Assignees
No one assigned
    Labels
    No labels
    No labels
    Type
    No type
    Projects
    No projects
    Milestone
    No milestone
    Relationships
    None yet
    Development
    No branches or pull requests
    Issue actions