We should allow consultants, as well as admins, to create accounts in the UI.
- We'd need a simple API endpoint: POST
/api/v3_0/accounts. Fields that can be added initially: name (required), primary_color, secondary_color. If current user is a consultant, their account becomes the consultancy account. Look out: we need to provide a schema, so that the endpoint looks good in SwaggerDocs. Also add a test or two (one succeeding, but also some failing for auth reasons).
- The account creation should be a rather straightforward form on a new page, accessible from a button under the /accounts page
- All users with
admin role can see the page and use the API endpoint. Users with the "consultant" role should also have the account role "CONSULTANT_WITH_OWN_CLIENTS" (role name up for discussion, and see sketch for implementations of auth structure below).
To use the permission system here, we still need some work, We usually use the "create-children" permission to create new resources, looked up on the parent resource. Accounts have no parent. I propose to trial out creating a virtual "FlexMeasuresPlatform" resource with its own __acl__ - so the API endpoint can use the usual way to check permissions:
@permission_required_for_context(
"create-children", ctx_loader=FlexMeasuresPlatform.init
)
Also, the views can use check_access(FlexMeasuresPlatform.init(), "create-children") in a similar way to decide whether to show the button.
And the resource (can live in models/init.py):
FlexMeasuresPlatform(AuthModelMixin):
def __init__():
""" Objects don't really do anything but provide the ACL."""
return self
def __acl__(self):
"""
Virtual representation of the platform, to be able to describe create-children permission
"""
return {
"create-children": [
f"role:{ADMIN_ROLE}",
(
f"role:{CONSULTANT_ROLE}",
"account-role:CONSULTANT_WITH_OWN_CLIENTS"
]
}
We should allow consultants, as well as admins, to create accounts in the UI.
/api/v3_0/accounts. Fields that can be added initially: name (required), primary_color, secondary_color. If current user is a consultant, their account becomes the consultancy account. Look out: we need to provide a schema, so that the endpoint looks good in SwaggerDocs. Also add a test or two (one succeeding, but also some failing for auth reasons).adminrole can see the page and use the API endpoint. Users with the "consultant" role should also have the account role "CONSULTANT_WITH_OWN_CLIENTS" (role name up for discussion, and see sketch for implementations of auth structure below).To use the permission system here, we still need some work, We usually use the "create-children" permission to create new resources, looked up on the parent resource. Accounts have no parent. I propose to trial out creating a virtual "FlexMeasuresPlatform" resource with its own
__acl__- so the API endpoint can use the usual way to check permissions:Also, the views can use
check_access(FlexMeasuresPlatform.init(), "create-children")in a similar way to decide whether to show the button.And the resource (can live in models/init.py):