Aller au contenu

Multi-tenant isolation

Status: Placeholder — to be developed. Last reviewed:

Scope

How practice-scoping works and the rules that prevent data leaks across practices: UserPracticeAccess model, the active-practice context (session? middleware? URL?), required queryset filtering on every view that reads practice-scoped data, how new models declare their practice FK, audit checklist for any view that does not filter by practice.

This is high blast radius — a missed filter exposes another practice's patient data.

Sources to mine when writing this

  • apps/accounts/ — custom User, UserPracticeAccess model and its enforcement points.
  • Existing list/detail views — enumerate the queryset-filtering pattern (mixin? base view? manual?).
  • Models with a practice FK vs models without one — document the rule for which is which.
  • Any past data-leak incident or near-miss (check roadmap/done/ for security-related items).