Hi Anna, welcome :)
On 19 June 2013 15:44, Anna Morgan <
ajmor...@gmail.com> wrote:
> Our disaster organization
Are you allowed to say which?
Yes of course :)
There are very powerful Authorisation options, although obviously with
this power comes a little complexity, so it's not as accessible as
we'd like.
The documentation is here:
http://eden.sahanafoundation.org/wiki/UserGuidelines/Admin/Permissions
So you first enable differential authorisations via the overall
security policy (probably to table, so settings.security.policy = 5)
A complex example of a security policy is the IFRC one:
https://github.com/flavour/eden/blob/7ebd5d7db3cd240eca24086836c89237a3fef980/private/templates/IFRC/auth_roles.csv
Currently Medical Conditions are held as a single free-text field in
the pr_physical_description table, so that would be the one to
restrict access to.
- although I'm guessing that you'll be creating a custom table for
this info anyway?
The data can be either accessed by a tab which isn't present if the
user doesn't have access (& they'll also fail if they try the URL
manually!)
Fields from restricted tables can also be included into the main
person form using S3SQLCustomForm & it automatically detects if the
user has access or not & simply hides the field if they don't.
Overall this shouldn't be too hard as you describe it, but of course
you'll want to do proper testing to be sure that your security policy
is working as you'd like.
Best Wishes,
Fran.