I think that making use of a custom ApplicationUser (explained in the security module notes) with a property practice may be necessary.
Then Practioners would either log in as a specific user depending on what practice they are working at, or you might be able to make a switch happen behind the scenes, such that they always login as one application user, with only 1 menu option allowing them to choose a practice and the system switches their application user to a practice specific generated user with a role giving full menu access. On Fri, Dec 1, 2017 at 1:58 AM, Patrick Pliessnig <[email protected]> wrote: > Hi Nikhil > > I guess this ultimately relates to the question how a practice knows about > its patients and the related access path. > > With tenancy the answer is: the patients are the ones with access rights > for the practice. > > Maybe you could use a practice attribute 'practicePatients'. Then the > answer is: the patients are the ones that use the services of the practice. > (Many to many). > > Patrick > > > Am 30.11.2017 12:58 nachm. schrieb "Nikhil Dhamapurkar" > <nikhil.dhamapurkar@ > healthengine.com.au>: > > Hi, > > I am working on supporting Multi Tenancy in Apache ISIS I have tried both > 1) ApplicationTenancyEvaluator and 2) HasAtPath interfaces to control what > the logged in user can see or execute. > > I have been able to make them work to an acceptable state but I face issue > when I come across collections that are part of the entity I am evaluating. > > My Domain model has Patient / Practitioner entity both these entity can be > associated with Different Practices at the same time. > > > Example : PractitionerA belongs to PracticeA and PracticeB both, logged > in User has “Role” to Access PracticeA. > > Issue with ApplicationTenancyEvaluator : since Practitioner and Practice > have many to many relation even if the role has access to only one practice > I’ll end up displaying PracticeB on wicket viewer which I want to prevent, > Is it possible ? > > > Issue with HasAtPath : > > I am creating Path programmatically with pattern as : > ORG/org/PRACTICE/<practiceName>/ pattern which models a tree, then I can > control user access to more than one Patient data if user at path is > /ORG/org Or restrict access to one practice /ORG/org/PRACTICE/practiceA > If the Patient Entity is associated with more than one practice My logic > will Break as I would not know what should be the context for the for > ORG/org/PRACTICE/<WhatShouldBeHere?> > > Does anyone have a better solution to tackle tenancy for a Collection > within an entity? > > Regards > Nikhil >
