We consider three roles 'super_user', 'validator' and 'other'.
'super_user' can do everything in calebasse.
'validator' can not add users and cannot modify the groups used for authorization. However, compared to others, they can: - delete an appointment, an act, an event - they can access to automated validation page - they can acces to the days not locked page - they can access to 'Saisie des actes' and 'Facturation' applications - they can delete a patient record
We use the Django auth Group model as follows. We need a group 'Administratifs' and a group 'Super utilisateurs'.
authorization: implement basic primitives.