mucadele-cs319/BilHealth

Some of the access control should be granular down to per-user level

vedxyz opened this issue · 0 comments

Currently, many of the controller methods do not check for access control beyond a user belonging to a role.
For example, this means that any doctor may be able to take actions on cases that they aren't assigned to.

There are currently two service methods implemented at a basic level to achieve some granularity. These are only used in a few places across the controllers.