In Part I and Part II of this series, we have created an account system for our medical platform. At the moment however, there is no way for our application to differentiate between patients and doctors; all users have the same account type. Since doctors and patients should not have access to the same pages, this must be changed.
Groups and rights
Fortunately, NoCode-X provides a built-in system for handling user permissions. Users can have rights and can belong to groups. For more details, we refer to their respective documentation articles. This is basically how it works:
- A right is a certain action that a user can perform, for example viewing the medical data of (some) patients. Rights are fully customizable in NoCode-X.
- When a bunch of users need to have the same set of rights, it is often easier to create a group. This is simply a collection of rights. For example, let’s say every doctor has access to 5 unique rights. Instead of having to manually assign these 5 rights to every doctor account, you can bundle them into a group. This way, you only have one group to assign to every doctor instead of 5 rights.
- Templates can be restricted in such a way that only users with a certain (set of) right(s) can access it. We have briefly touched on this in Part II of this series. Now we will explore this feature in detail.
We will now create a Patient group and a Doctor group.
Making the groups
Open the User management tab in the menu on the left, and click the Groups button. This is shown in the image below. Press the New button to make a new group.
You will then see the screen below. Fill in the correct information.
Repeat this procedure for the doctor group:
Both groups now appear in the group list:
You can add a third group Administrator that has access to everything both patients and doctors can access. This may no longer be desired when the application is deployed, because it can violate the privacy of your clients.
Doctor and patient page
Our groups only have a purpose when they have rights assigned to them. In the case of our medical web app, we need to create two restricted pages: one for patients and one for doctors.
Creating the pages
Following the same steps as in previous tutorials, go back to the navigation bar template and open the template hierarchy. Then create a doctor page and a patient page. Both pages appear in the template hierarchy:
Creating the rights
Now we must create two rights: one that allows users to access the patient page and one that allows users to access the doctor page. Administrators have both rights.
Go to the User management tab in the menu on the left and click Rights. Click the New button and fill in the requested details:
Repeat for the doctor page. The list of rights now looks like this:
Assigning the rights
Now add these rights to the correct groups:
- Go back to the Groups menu.
- Edit each group by clicking the pen icon.
- You can now assign rights to this group. Drag them from the left to the right side of the screen. This is shown in the image below for the patient group.
- Press the Save button at the bottom of the page.
- Repeat until all rights have been assigned to every group.
Add the authorization rules
Finally, we can add the authorization rules to the patient and doctor page. Follow these steps:
- Go to the Patient template.
- Open the Authorization tab in the menu on the right.
- Check the box. Your screen now looks like the first image below. Click the Add authorization rule button.
- Edit the new rule by clicking the pen icon. A window like the one in the second image below appears. Check the right Access patient page.
- Press Save. Done!
Repeat the above procedure for the doctors page. Now only doctors can access the doctor page and only patients the patient page. Administrators can access both. This is exactly what we wanted!
You may be wondering why we didn’t just skip the making rights step and select the groups in the authorization rule immediately. Obviously that approach would also work, but if we added a new group in the future we would have to add it to every authorization rule for every page. Now we only have to assign the correct rights to the new group once. Working with rights and groups is the preferred approach for larger applications.
In the next tutorial we will create a secure form allowing patients to report their symptoms. They can also add images for a better chance at a correct diagnosis. In later tutorials we can display this information to the patient’s assigned doctor.