8.7 KiB
8.7 KiB
Permission Updates Summary
This document summarizes all the permission decorator updates made to secure the PX360 application.
New Decorators Created (apps/core/decorators.py)
| Decorator | Description | Access Level |
|---|---|---|
@px_admin_required |
PX Admins only | Level 100 |
@hospital_admin_required |
PX Admins + Hospital Admins | Level 80+ |
@admin_required |
Any admin (PX, Hospital, Dept Manager) | Level 60+ |
@px_coordinator_required |
Coordinators and above | Level 50+ |
@staff_required |
All staff except Source Users | Level 10+ |
@source_user_required |
Source Users only | Level 5 |
@block_source_user |
Blocks Source Users | Blocks Level 5 |
@source_user_or_admin |
Source Users OR Admins | Level 5+ or 60+ |
Views Updated with Permission Decorators
1. Dashboard Views (apps/dashboard/views.py)
| View | Original | Updated |
|---|---|---|
admin_evaluation |
@login_required |
Added permission check inside |
admin_evaluation_chart_data |
@login_required |
Added permission check inside |
staff_performance_detail |
@login_required |
Added permission check inside |
department_benchmarks |
@login_required |
Added permission check inside |
export_staff_performance |
@login_required |
Added permission check inside |
performance_analytics_api |
@login_required |
Added permission check inside |
staff_performance_trends |
@login_required |
Added permission check inside |
Access: PX Admin and Hospital Admin only ❌ PX Coordinator
2. Analytics Views (apps/analytics/ui_views.py)
| View | Original | Updated |
|---|---|---|
analytics_dashboard |
@login_required |
@block_source_user + @login_required |
kpi_list |
@login_required |
@block_source_user + @login_required |
command_center |
@login_required |
@block_source_user + @login_required |
command_center_api |
@login_required |
@block_source_user + @login_required |
export_command_center |
@login_required |
@block_source_user + @login_required |
Access: All staff except Source Users
3. Surveys Views (apps/surveys/ui_views.py)
All 22 views updated:
@login_required→@block_source_user+@login_required
Access: All staff except Source Users
4. Organizations Views (apps/organizations/ui_views.py)
All views updated:
@login_required→@block_source_user+@login_required
Access: All staff except Source Users
5. Complaints Views (apps/complaints/ui_views.py)
| View | Original | Updated | Access |
|---|---|---|---|
complaint_list |
@login_required |
No change (has RBAC filtering) | All users (filtered) |
complaint_create |
@login_required |
No change | All staff + Source Users |
complaint_assign |
@login_required |
@hospital_admin_required |
Admin only |
complaint_activate |
@login_required |
Permission check inside | Admin + Dept Manager |
complaint_escalate |
@login_required |
Permission check inside | Admin only |
complaint_bulk_assign |
@login_required |
@hospital_admin_required |
Admin only |
complaint_bulk_status |
@login_required |
@hospital_admin_required |
Admin only |
complaint_bulk_escalate |
@login_required |
@hospital_admin_required |
Admin only |
6. Config Views (apps/core/config_views.py)
| View | Original | Updated |
|---|---|---|
config_dashboard |
@login_required |
@px_admin_required |
sla_config_list |
@login_required |
@px_admin_required |
routing_rules_list |
@login_required |
@px_admin_required |
Access: PX Admin only
7. PX Sources Views (apps/px_sources/ui_views.py)
Already had proper decorators:
- Admin views:
@block_source_user - Source User views:
@source_user_required
Permission Enforcement Summary by Role
PX Admin (Level 100)
✅ Full access to all views and functions
Hospital Admin (Level 80)
✅ Can access:
- Admin Evaluation (own hospital)
- Staff Management (own hospital)
- Complaint assignment/activation
- Survey management
- Analytics and reports
- Settings (hospital-level)
❌ Cannot access:
- PX Admin-only config (system settings)
- Other hospitals' data
Department Manager (Level 60)
✅ Can access:
- Department complaints
- Department staff
- Department analytics
❌ Cannot access:
- Admin Evaluation
- Bulk actions
- Complaint assignment
- Settings
PX Coordinator (Level 50)
✅ Can access:
- Complaints (create, manage - but NOT assign/activate)
- PX Actions
- Surveys
- Analytics (basic)
❌ Cannot access:
- Admin Evaluation (NEW)
- Staff Management
- Settings
- Complaint assignment/activation
Source User (Level 5)
✅ Can access:
- Create complaints (their own)
- Create inquiries (their own)
- View own created complaints/inquiries
- Automatically redirected to
/px-sources/dashboard/when visiting/or/dashboard/my/
❌ Cannot access:
- Surveys (NEW - blocked → redirected)
- Analytics (NEW - blocked → redirected)
- Staff/Organizations (NEW - blocked → redirected)
- Settings (NEW - blocked → redirected)
- PX Actions (NEW - blocked → redirected)
- Acknowledgements (NEW - blocked → redirected)
- Command Center (
/- redirected to source dashboard) - My Dashboard (
/dashboard/my/- redirected to source dashboard)
Key Security Fixes
- Fixed: PX Coordinator could access Admin Evaluation (now blocked)
- Fixed: Source Users could access Surveys (now blocked)
- Fixed: Source Users could access Analytics (now blocked)
- Fixed: Source Users could access Staff Management (now blocked)
- Fixed: Source Users could access Settings (now blocked)
Source User Strict Access Control
STRICT POLICY: Source Users can ONLY access:
/px-sources/*- Their dashboard, complaints, and inquiries/accounts/password/change/- Password change/accounts/settings/- Basic settings/accounts/logout/- Logout
ALL other pages are BLOCKED and redirected to /px-sources/dashboard/
Middleware Enforcement
The SourceUserRestrictionMiddleware enforces this at the request level:
- Checks every request from source users
- Only allows whitelisted paths
- Silently redirects to source dashboard for blocked paths
- Runs after authentication middleware
Allowed URLs for Source Users:
| URL | Access |
|---|---|
/px-sources/dashboard/ |
✅ Yes |
/px-sources/complaints/ |
✅ Yes |
/px-sources/inquiries/ |
✅ Yes |
/px-sources/complaints/new/ |
✅ Yes |
/px-sources/inquiries/new/ |
✅ Yes |
/accounts/password/change/ |
✅ Yes |
/accounts/settings/ |
✅ Yes |
/accounts/logout/ |
✅ Yes |
/ (root) |
❌ Redirected |
/dashboard/my/ |
❌ Redirected |
/surveys/* |
❌ Redirected |
/analytics/* |
❌ Redirected |
/organizations/* |
❌ Redirected |
/config/* |
❌ Redirected |
/actions/* |
❌ Redirected |
/complaints/ (main list) |
❌ Redirected |
/complaints/inquiries/ (main) |
❌ Redirected |
Technical Implementation
# SourceUserRestrictionMiddleware
ALLOWED_PATH_PREFIXES = ['/px-sources/']
ALLOWED_URL_NAMES = {
'accounts:password_change',
'accounts:settings',
'accounts:logout',
}
# Everything else is BLOCKED for source users
Testing Checklist
- PX Admin can access everything
- Hospital Admin can access their hospital data only
- Department Manager can access their department only
- PX Coordinator CANNOT access Admin Evaluation
- PX Coordinator can create complaints but NOT assign them
- Source User visiting
/gets redirected to/px-sources/dashboard/ - Source User visiting
/dashboard/my/gets redirected to/px-sources/dashboard/ - Source User can create/view their own complaints only
- Source User CANNOT access Surveys (redirects to their dashboard)
- Source User CANNOT access Analytics (redirects to their dashboard)
- Source User CANNOT access Staff Management (redirects to their dashboard)
- Source User CANNOT access Settings (redirects to their dashboard)
Decorator Usage Examples
# PX Admin only
@px_admin_required
def system_settings(request):
pass
# Hospital Admin and above
@hospital_admin_required
def hospital_settings(request):
pass
# Any admin
@admin_required
def department_management(request):
pass
# Block source users
@block_source_user
def staff_list(request):
pass
# Source users only
@source_user_required
def source_dashboard(request):
pass
Last Updated: 2026-02-25