Steps to making ADSM Multi User Friendly.

Currently, the server only keeps track of a single active session. So if multiple people access the site, there will be conflicts as they are all accessing the same activeSession.sqlite file. In fact, there aren't user accounts at all.

The first thing that needs to be done is to enable Django's user accounts. For now, the best thing to do would be to create a third database that houses just the tables related to Django's user models and permissions. This will need to be edited in the database router. This is Issue #573.

Second, a basic landing page will need to be created. This landing page should notify the users that they are accessing a Cloud version of ADSM and require them to log in. This is Issue #552. ALL other views should @require_login. Nothing, except the landing page, should be accessible without being logged in.

Next, we will need to add additional information to user accounts with a userinfo model one-to-one back to the user. You can hold user organization info here (possibly used for sharing and permissions later). Users should own scenarios (created_by). Users also need to link to a SMSession object. This is generally in Issue #540.

ActiveSession needs to be kept separate for each user/session. One way to do this is to have the router and or settings swap out db files for the sceanario_db on a per session basis. Possibly via a middleware, or something in the db router and having the session passed in. This is in #541.

Ideally, we had hoped to move away from using sqlite files on the Cloud version and actually merge in all user's data into a single postgres database. Each scenario would need to be encapsulated in a larger project object and have foreignkeys to all the required data and the user who owns it. There would need to be a method for extracting results out and storing it in a sqlite file for download to the user's machine.

It should be noted that if you stay with uploaded sqlite files, you need to protect them. Keep all uploaded files in the media folder (possibly sorted into sub folders). Add a url to media in the main url file to override anything on the main hosting server (don't have a media override in apache or nginx). Then do permission checking before serving up files. A good reference is this http://stackoverflow.com/questions/15951014/django-private-file-upload

HTTPS should be enforced at some point. Remember to keep an eye on this project: https://letsencrypt.org/