1. Home
  2. Docs
  3. NoCode-X Documentation
  4. Tutorials
  5. Create a secure medical platform with NoCode-X (Part IV): Differentiating account types

Create a secure medical platform with NoCode-X (Part IV): Differentiating account types

In Part I and Part II of this series, we have created an account system for our medical platform. At the moment however, there is no way for our application to differentiate between patients and doctors; all users have the same account type. Since doctors and patients should not have access to the same pages, this must be changed.

Groups and rights

Fortunately, NoCode-X provides a built-in system for handling user permissions. Users can have rights and can belong to groups. For more details, we refer to their respective documentation articles. This is basically how it works:

  • A right is a certain action that a user can perform, for example viewing the medical data of (some) patients. Rights are fully customizable in NoCode-X.
  • When a bunch of users need to have the same set of rights, it is often easier to create a group. This is simply a collection of rights. For example, let’s say every doctor has access to 5 unique rights. Instead of having to manually assign these 5 rights to every doctor account, you can bundle them into a group. This way, you only have one group to assign to every doctor instead of 5 rights.
  • Templates can be restricted in such a way that only users with a certain (set of) right(s) can access it. We have briefly touched on this in Part II of this series. Now we will explore this feature in detail.

We will now create a Patient group and a Doctor group.

Making the groups

Open the User management tab in the menu on the left, and click the Groups button. This is shown in the image below. Press the New button to make a new group.

The Group Management menu.

You will then see the screen below. Fill in the correct information.

Create a new patient group.

Repeat this procedure for the doctor group:

Create a new doctor group

Both groups now appear in the group list:

The list of groups with our new patient and doctor group.

You can add a third group Administrator that has access to everything both patients and doctors can access. This may no longer be desired when the application is deployed, because it can violate the privacy of your clients.

Doctor and patient page

Our groups only have a purpose when they have rights assigned to them. In the case of our medical web app, we need to create two restricted pages: one for patients and one for doctors.

Creating the pages

Following the same steps as in previous tutorials, go back to the navigation bar template and open the template hierarchy. Then create a doctor page and a patient page. Both pages appear in the template hierarchy:

The template hierarchy with the new doctor and patient page.

Creating the rights

Now we must create two rights: one that allows users to access the patient page and one that allows users to access the doctor page. Administrators have both rights.

Go to the User management tab in the menu on the left and click Rights. Click the New button and fill in the requested details:

Create a new role to access the patient page.

Repeat for the doctor page. The list of rights now looks like this:

The list of roles.

Assigning the rights

Now add these rights to the correct groups:

  1. Go back to the Groups menu.
  2. Edit each group by clicking the pen icon.
  3. You can now assign rights to this group. Drag them from the left to the right side of the screen. This is shown in the image below for the patient group.
  4. Press the Save button at the bottom of the page.
  5. Repeat until all rights have been assigned to every group.
Edit the patients group to add roles to it.

Add the authorization rules

Finally, we can add the authorization rules to the patient and doctor page. Follow these steps:

  1. Go to the Patient template.
  2. Open the Authorization tab in the menu on the right.
  3. Check the box. Your screen now looks like the first image below. Click the Add authorization rule button.
  4. Edit the new rule by clicking the pen icon. A window like the one in the second image below appears. Check the right Access patient page.
  5. Press Save. Done!
The authorization tab for the patient page.
Manage permissions window for the patient page.

Repeat the above procedure for the doctors page. Now only doctors can access the doctor page and only patients the patient page. Administrators can access both. This is exactly what we wanted!

Side note

You may be wondering why we didn’t just skip the making rights step and select the groups in the authorization rule immediately. Obviously that approach would also work, but if we added a new group in the future we would have to add it to every authorization rule for every page. Now we only have to assign the correct rights to the new group once. Working with rights and groups is the preferred approach for larger applications.

Up next

In the next tutorial we will create a secure form allowing patients to report their symptoms. They can also add images for a better chance at a correct diagnosis. In later tutorials we can display this information to the patient’s assigned doctor.

Was this article helpful to you? Yes No

How can we help?