Permissions Rules - WApp-Solutions/team-manager GitHub Wiki
To define the permissions for each user we defined the following structures.
Roles
- Owner
- Administrator
- Manager
- anything inbetween?
- Member
Owner
Owner is reserved for the developers. This role is needed to perform any critical changes for authorization, database related configurations or similar.
Administrator
This role allows the user to perform any action. He is enabled to read all business objects and can create new ones. Editing and updating objects is also included in this role. An administrator can:
- create new users and assign them to a member instance
- change the permissions of an existing member
- modify member information
- add user to a group
- remove user from a group
- delete a member
- lock a user (to avoid logging in)
- create new groups
- modify groups
- delete groups
- create new sub-groups
- modify sub-groups
- delete sub-groups
- create events
- modify events
- delete events
Manager
Is responsible on the second layer to manage members and groups for his sub-group.
- create member and add automatically to his sub-group or a sub-sub-group below
- modify members assigned to his sub-group
- remove member from sub-group (in case he left)
- mark member for deletion (to be approved by administrator)
- create events and assign own sub-groups and sub-sub-groups to this event
- modify events for his sub-group
- delete events from his sub-group
- edit sub-group
- create new sub-sub-group
- delete sub-sub-groups
- add members to sub-sub-group
- remove member to sub-sub-group
Member
Member is the lowest level of permissions and is only used for viewing purposes.
- update his own member information
- read events from groups, sub-groups and sub-sub-groups
Roles for users on group level
Groups can include sub- and parent-groups. To get a granular overview of permissions for a specific user, we introduce roles and assign them to users. A user can than have a specific role for each group