Currently, front end 'security' is only for cosmetic purposes. A user who logs only sees those modules they are permitted to see.
If a user somehow hacks localstorage + javascript and sees modules they don't have access to, but can't use them (because they don't have appropriate back end permissions to view patients/create lab orders/etc), then that isn't a major concern.
If this is a major concern however, we can encrypt the permissions in localStorage, and sign our javascript files to make sure they haven't been tampered with.
A user will be required to log in:
Currently, we use basic authentication as a placeholder.
Our requirements for authentication + communication are:
Our options for authentication in v1.0: