Permissions - DigitalExcellence/dex-backend GitHub Wiki

Roles

Role Description
Administrator Administrator of the dex platform
Pr User Public relation user. e.g. someone who takes care of the communication for Fontys, these people need to be able to highlight projects and create embeds
Registered User A normal user
Guest Someone who is not logged in
Data Officer Someone who is able to retrieve and delete personal data from someone else on the same institution
Alumni Someone who is graduated. This account is converted from registered to alumni.

Scopes

Permission Roles
Administrator PrUser (public relations) RegisteredUser Guest Data Officer Alumni
EmbedRead x x x x x
EmbedWrite x x x x
HighlightRead x x x x x
HighlightWrite x
ProjectWrite x x x x
UserWrite x x x x x
UserRead x x x x x
RoleRead x
RoleWrite x
HighlightRead x x x x x
HighlightWrite x
EmbedRead x x x x x
EmbedWrite x
FileWrite x
InstitutionUserRead x
InstitutionUserWrite x
InstitutionProjectWrite x
InstitutionEmbedWrite x
InstitutionRead x
InstitutionWrite x
CallToActionOptionWrite x

Permissions per endpoint

Endpoint Required scope Particulatirity
GetAllEmbeddedProjects The user needs scope: EmbedRead to reach the endpoint.
GetEmbeddedProject
CreateEmbeddedProject The user should be at least registered to reach the endpoint (Role: RegisteredUser)
DeleteEmbeddedProject The user should be at least registered to reach the endpoint (Role: RegisteredUser) The endpoint checks if the user is the owner of the embedded project or has Scope: EmbedWrite and/or should have scope: InstitutionEmbedWrite and have the same institution.
GetFilesAsync The user should be at least registered to reach the endpoint (Role: RegisteredUser)
UploadSingleFile The user should be at least registered to reach the endpoint (Role: RegisteredUser)
GetSingleFile
DeleteSingleFile The user should be at least registered to reach the endpoint (Role: RegisteredUser) The endpoint checks if the user is the owner of the file or has scope: FileWrite
GetAllHighlights
GetHighlight
GetHighlightsByProjectId The user needs scope: HighlightRead to reach the endpoint.
CreateHighlight The user needs scope: HighlightWrite to reach the endpoint.
UpdateHighlight The user needs scope: HighlightWrite to reach the endpoint.
DeleteHighlight The user needs scope: HighlightWrite to reach the endpoint.
GetAllProjects
GetProject
CreateProjectAsync The user should be at least registered to reach the endpoint (Role: RegisteredUser)
UpdateProject The user should be at least registered to reach the endpoint (Role: RegisteredUser) The endpoint checks if the user is the owner of the project and/or the user has scope: ProjectWrite
DeleteProject The user should be at least registered to reach the endpoint (Role: RegisteredUser) The endpoint checks if the user is the owner of the project and/or the user has scope: ProjectWrite and/or should have scope: InstitutionProjectWrite and have the same institution
GetAllRoles The user needs scope: RoleRead to reach the endpoint.
GetAllPossibleScopes The user needs scope: RoleRead to reach the endpoint.
GetRole The user needs scope: RoleRead to reach the endpoint.
CreateRoleAsync The user needs scope: RoleWrite to reach the endpoint.
UpdateRole The user needs scope: RoleWrite to reach the endpoint.
DeleteRole The user needs scope: RoleWrite to reach the endpoint. If the user has role: Adminsitrator or RegisteredUser he/she is not authorized.
DeleteRole The user needs scope: RoleWrite to reach the endpoint. Scopes within Role.RegisteredUser or Role.Administrator can not be deleted.
SetRole The user needs scope: RoleWrite to reach the endpoint. Scopes within Role.RegisteredUser or Role.Administrator can not be deleted.
SearchInternalProjects
GetCurrentUser The user should be at least registered to reach the endpoint (Role: RegisteredUser)
GetUser The user should be at least registered to reach the endpoint (Role: RegisteredUser) Or should have scope: InstitutionUserRead and have the same institution
CreateAccountAsync The user should have scope UserWrite to reach the endpoint
UpdateAccount The user should be at least registered to reach the endpoint (Role: RegisteredUser) The user should be owner of the account and/or have scope: UserWrite
DeleteAccount The user should be at least registered to reach the endpoint (Role: RegisteredUser) The user should be owner of the account and/or have scope: UserWrite and/or should have scope: InstitutionUserWrite and have the same institution
GetAllInstitutions The user should have scope InstitutionRead to reach the endpoint (Role: Administrator)
GetInstitution The user should have scope InstitutionRead to reach the endpoint (Role: Administrator)
CreateInstitution The user should have scope InstitutionWrite to reach the endpoint (Role: Administrator)
UpdateInstitution The user should have scope InstitutionWrite to reach the endpoint (Role: Administrator)
DeleteInstitution The user should have scope InstitutionWrite to reach the endpoint (Role: Administrator)
GetAllCallToActionOptions The user should be at least registered to reach the endpoint (Role: RegisteredUser)
GetAllCallToActionOptionsFromType The user should be at least registered to reach the endpoint (Role: RegisteredUser)
GetOptionById The user should be at least registered to reach the endpoint (Role: RegisteredUser)
CreateCallToActionOption The user should have scope CallToActionOptionWrite to reach the endpoint
UpdateCallToActionOption The user should have scope CallToActionOptionWrite to reach the endpoint
DeleteCallToActionOption The user should have scope CallToActionOptionWrite to reach the endpoint
⚠️ **GitHub.com Fallback** ⚠️