Skip to content

Commit

Permalink
Updated proposal authorization and created samples authorization
Browse files Browse the repository at this point in the history
  • Loading branch information
@nitrosx
nitrosx committed Nov 20, 2023
1 parent a906d68 commit 53285e3
Show file tree
Hide file tree
Showing 2 changed files with 164 additions and 34 deletions.
103 changes: 69 additions & 34 deletions Development/v4.x/backend/authorization/authorization_proposals.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,43 +3,78 @@
This is the list of the permissions methods available for Proposals and all their endpoints

### Endpoint Authorization
- ProposalsCreate
- ProposalsRead
- ProposalsUpdate
- ProposalsDelete
- ProposalCreate
- ProposalRead
- ProposalUpdate
- ProposalDelete
- ProposalAttachmentCreate
- ProposalAttachmentRead
- ProposalAttachmentUpdate
- ProposalAttachmentDelete
- ProposalDatasetRead


### (Data) Instance Authorization
- ProposalsCreateOwner
- ProposalsCreateAny
- ProposalsReadManyPublic
- ProposalsReadManyAccess
- ProposalsReadManyOwner
- ProposalsReadOnePublic
- ProposalsReadOneAccess
- ProposalsReadOneOwner
- ProposalsReadAny
- ProposalsUpdateOwner
- ProposalsUpdateAny
- ProposalsDeleteOwner
- ProposalsDeleteAny
- ProposalCreateOwner
- ProposalCreateAny
- ProposalReadManyPublic
- ProposalReadManyAccess
- ProposalReadManyOwner
- ProposalReadOnePublic
- ProposalReadOneAccess
- ProposalReadOneOwner
- ProposalReadAny
- ProposalUpdateOwner
- ProposalUpdateAny
- ProposalDeleteOwner
- ProposalDeleteAny
- ProposalAttachmentCreateOnwer
- ProposalAttachmentCreateAny
- ProposalAttachmentReadManyPublic
- ProposalAttachmentReadManyAccess
- ProposalAttachmentReadManyOwner
- ProposalAttachmentReadManyAny
- ProposalAttachmentUpdateOwner
- ProposalAttachmentUpdateAny
- ProposalAttachmentDeleteOwner
- ProposalAttachmentDeleteAny
- ProposalDatasetReadPublic
- ProposalDatasetReadAccess
- ProposalDatasetReadOwner
- ProposalDatasetReadAny


#### Priority
```mermaid
graph LR;
ProposalsCreate-->ProposalsCreateOwner;
ProposalsCreateOwner-->ProposalsCreateAny;
ProposalsRead-->ProposalsReadManyPublic;
ProposalsReadManyPublic-->ProposalsReadManyAccess;
ProposalsReadManyAccess-->ProposalsReadManyOwner;
ProposalsReadManyOwner-->ProposalsReadAny;
ProposalsRead-->ProposalsReadOnePublic;
ProposalsReadOnePublic-->ProposalsReadOneAccess;
ProposalsReadOneAccess-->ProposalsReadOneOwner;
ProposalsReadOneOwner-->ProposalsReadAny;
ProposalsUpdate-->ProposalsUpdateOwner;
ProposalsUpdateOwner-->ProposalsUpdateAny;
ProposalsDelete-->ProposalsDeleteOwner;
ProposalsDeleteOwner-->ProposalsDeleteAny;
ProposalCreate-->ProposalsCreateOwner;
ProposalCreateOwner-->ProposalCreateAny;
ProposalRead-->ProposalReadManyPublic;
ProposalReadManyPublic-->ProposalReadManyAccess;
ProposalReadManyAccess-->ProposalReadManyOwner;
ProposalReadManyOwner-->ProposalReadAny;
ProposalRead-->ProposalReadOnePublic;
ProposalReadOnePublic-->ProposalReadOneAccess;
ProposalReadOneAccess-->ProposalReadOneOwner;
ProposalReadOneOwner-->ProposalReadAny;
ProposalUpdate-->ProposalUpdateOwner;
ProposalUpdateOwner-->ProposalUpdateAny;
ProposalDelete-->ProposalDeleteOwner;
ProposalDeleteOwner-->ProposalDeleteAny;
ProposalAttachmentCreate-->ProposalAttachmentCreateOnwer;
ProposalAttachmentCreateOnwer-->ProposalAttachmentCreateAny;
ProposalAttachmentRead-->ProposalAttachmentReadManyPublic;
ProposalAttachmentReadManyPublic-->ProposalAttachmentReadManyAccess;
ProposalAttachmentReadManyAccess-->ProposalAttachmentReadManyOwner;
ProposalAttachmentReadManyOwner-->ProposalAttachmentReadManyAny;
ProposalAttachmentUpdate-->ProposalAttachmentUpdateOwner;
ProposalAttachmentUpdateOwner-->ProposalAttachmentUpdateAny;
ProposalAttachmentDelete-->ProposalAttachmentDeleteOwner;
ProposalAttachmentDeleteOwner-->ProposalAttachmentDeleteAny;
ProposalDatasetRead-->ProposalDatasetReadPublic;
ProposalDatasetReadPublic-->ProposalDatasetReadAccess;
ProposalDatasetReadAccess-->ProposalDatasetReadOwner;
ProposalDatasetReadOwner-->ProposalDatasetReadAny;
```

#### Authorization table
Expand All @@ -56,7 +91,7 @@ graph LR;
|||||
| POST | Proposals/_pid_/attachements | _ProposalAttachementCreate_ | __no__ | __no__ | Any<br>_ProposalAttachmentCreateAny_ | Any<br>_ProposalAttachmentCreateAny_ | __no__ | |
| GET | Proposals/_pid_/attachements | _ProposalAttachmentRead_ | Public<br/>_ProposalAttachmentReadManyPublic_ | Has Access<br/>_ProposalAttachmentReadManyAccess_ | Has Access<br/>_ProposalAttachmentReadManyAccess_ | Any<br/>_ProposalAttachmentReadManyAny_ | __no__ | |
| PATCH | Proposals/_pid_/attachments/_aid_ | _ProposalAttachmentUpdate_ | __no__ | __no__ | Owner<br/>_ProposalAttachmentUpdateOwn_ | Any<br/>_ProposalAttachmentUpdateAny_ | __no__ | |
| DELETE | Proposals/_pid_/attachment/_aid_ | _ProposalAttachmentDelete_ | __no__ | __no__ | __no__ | __no__ | Any<br/>_ProposalAttachmentDeleteAny_ | |
| PATCH | Proposals/_pid_/attachments/_aid_ | _ProposalAttachmentUpdate_ | __no__ | __no__ | Owner<br/>_ProposalAttachmentUpdateOwner_ | Any<br/>_ProposalAttachmentUpdateAny_ | __no__ | |
| DELETE | Proposals/_pid_/attachment/_aid_ | _ProposalAttachmentDelete_ | __no__ | __no__ | Onwer<br/>_ProposalAttachmentDeleteOwner_ | Any<br/>_ProposalAttachmentDeleteAny_ | __no__ | |
|||||
| GET | Proposals/_pid_/datasets | _ProposalDatasetRead_ | Public<br/>_ProposalDatasetReadManyPublic_ | Has Access<br/>_ProposalDatasetReadManyAccess_ | Has Access<br/>_ProposalDatasetReadManyAccess_ | Any<br/>_ProposalDatasetReadManyAny_ | __no__ | |
| GET | Proposals/_pid_/datasets | _ProposalDatasetRead_ | Public<br/>_ProposalDatasetReadOnePublic_ | Has Access<br/>_ProposalDatasetReadOneAccess_ | Has Access<br/>_ProposalDatasetReadOneAccess_ | Any<br/>_ProposalDatasetReadOneAny_ | __no__ | |
95 changes: 95 additions & 0 deletions Development/v4.x/backend/authorization/authorization_samples.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,95 @@
# Samples Authorization
## CASL ability actions
This is the list of the permissions methods available for Samples and all their endpoints

### Endpoint Authorization
- SampleCreate
- SampleRead
- SampleUpdate
- SampleDelete
- SampleAttachmentCreate
- SampleAttachmentRead
- SampleAttachmentUpdate
- SampleAttachmentDelete
- SampleDatasetRead

### (Data) Instance Authorization
- SampleCreateOwner
- SampleCreateAny
- SampleReadManyPublic
- SampleReadManyAccess
- SampleReadManyOwner
- SampleReadOnePublic
- SampleReadOneAccess
- SampleReadOneOwner
- SampleReadAny
- SampleUpdateOwner
- SampleUpdateAny
- SampleDeleteOwner
- SampleDeleteAny
- SampleAttachmentCreateOnwer
- SampleAttachmentCreateAny
- SampleAttachmentReadManyPublic
- SampleAttachmentReadManyAccess
- SampleAttachmentReadManyOwner
- SampleAttachmentReadManyAny
- SampleAttachmentUpdateOwner
- SampleAttachmentUpdateAny
- SampleAttachmentDeleteOwner
- SampleAttachmentDeleteAny
- SampleDatasetReadPublic
- SampleDatasetReadAccess
- SampleDatasetReadOwner
- SampleDatasetReadAny

#### Priority
```mermaid
graph LR;
SampleCreate-->SampleCreateOwner;
SampleCreateOwner-->SampleCreateAny;
SampleRead-->SampleReadManyPublic;
SampleReadManyPublic-->SampleReadManyAccess;
SampleReadManyAccess-->SampleReadManyOwner;
SampleReadManyOwner-->SampleReadAny;
SampleRead-->SampleReadOnePublic;
SampleReadOnePublic-->SampleReadOneAccess;
SampleReadOneAccess-->SampleReadOneOwner;
SampleReadOneOwner-->SampleReadAny;
SampleUpdate-->SampleUpdateOwner;
SampleUpdateOwner-->SampleUpdateAny;
SampleDelete-->SampleDeleteOwner;
SampleDeleteOwner-->SampleDeleteAny;
SampleAttachmentCreate-->SampleAttachmentCreateOnwer;
SampleAttachmentCreateOnwer-->SampleAttachmentCreateAny;
SampleAttachmentRead-->SampleAttachmentReadManyPublic;
SampleAttachmentReadManyPublic-->SampleAttachmentReadManyAccess;
SampleAttachmentReadManyAccess-->SampleAttachmentReadManyOwner;
SampleAttachmentReadManyOwner-->SampleAttachmentReadManyAny;
SampleAttachmentUpdate-->SampleAttachmentUpdateOwner;
SampleAttachmentUpdateOwner-->SampleAttachmentUpdateAny;
SampleAttachmentDelete-->SampleAttachmentDeleteOwner;
SampleAttachmentDeleteOwner-->SampleAttachmentDeleteAny;
SampleDatasetRead-->SampleDatasetReadPublic;
SampleDatasetReadPublic-->SampleDatasetReadAccess;
SampleDatasetReadAccess-->SampleDatasetReadOwner;
SampleDatasetReadOwner-->SampleDatasetReadAny;
```

#### Authorization table
| HTTP method | Endpoint | Endpoint Authentication | Anonymous | Authenticated User | Sample Groups | Admin Groups | Delete Groups | Notes |
| -------- | ------- | ------- | ------- | ------- | ------- | ------- | ------- | ------- |
| POST | Samples | _SampleCreate_ | __no__ | __no__ | Any<br>_SampleCreateAny_ | Any<br>_SampleCreateAny_ | __no__ | |
| GET | Samples | _SampleRead_ | Public<br/>_SampleReadManyPublic_ | Has Access<br/>_SampleReadManyAccess_ | Has Access<br/>_SampleReadManyAccess_ | Any<br/>_SampleReadAny_ | __no__ | |
| GET | Samples/fullquery | _SampleRead_ | Public<br/>_SampleReadManyPublic_ | Has Access<br/>_SampleReadManyAccess_ | Has Access<br/>_SampleReadManyAccess_ | Any<br/>_SampleReadAny_ | __no__ | |
| GET | Samples/fullfacet | _SampleRead_ | Public<br/>_SampleReadManyPublic_ | Has Access<br/>_SampleReadManyAccess_ | Has Access<br/>_SampleReadManyAccess_ | Any<br/>_SampleReadAny_ | __no__ | |
| GET | Samples/_pid_ | _SampleRead_ | Public<br/>_SampleReadOnePublic_ | Has Access<br/>_SampleReadOneAccess_ | Has Access<br/>_SampleReadOneAccess_ | Any<br/>_SampleReadAny_ | __no__ | |
| GET | Samples/fullquery | _SampleRead_ | Public<br/>_SampleReadOnePublic_ | Has Access<br/>_SampleReadOneAccess_ | Has Access<br/>_SampleReadOneAccess_ | Any<br/>_SampleReadAny_ | __no__ | |
| PATCH | Samples/_pid_ | _SampleUpdate_ | __no__ | __no__ | Owner<br/>_SampleUpdateOwn_ | Any<br/>_SampleUpdateAny_ | __no__ | |
| DELETE | Samples/_pid_ | _SampleDelete_ | __no__ | __no__ | __no__ | __no__ | Any<br/>_SampleDeleteAny_ | |
|||||
| POST | Samples/_pid_/attachements | _SampleAttachementCreate_ | __no__ | __no__ | Any<br>_SampleAttachmentCreateAny_ | Any<br>_SampleAttachmentCreateAny_ | __no__ | |
| GET | Samples/_pid_/attachements | _SampleAttachmentRead_ | Public<br/>_SampleAttachmentReadManyPublic_ | Has Access<br/>_SampleAttachmentReadManyAccess_ | Has Access<br/>_SampleAttachmentReadManyAccess_ | Any<br/>_SampleAttachmentReadManyAny_ | __no__ | |
| PATCH | Samples/_pid_/attachments/_aid_ | _SampleAttachmentUpdate_ | __no__ | __no__ | Owner<br/>_SampleAttachmentUpdateOwner_ | Any<br/>_SampleAttachmentUpdateAny_ | __no__ | |
| DELETE | Samples/_pid_/attachment/_aid_ | _SampleAttachmentDelete_ | __no__ | __no__ | Onwer<br/>_SampleAttachmentDeleteOwner_ | Any<br/>_SampleAttachmentDeleteAny_ | __no__ | |
|||||
| GET | Samples/_pid_/datasets | _SampleDatasetRead_ | Public<br/>_SampleDatasetReadOnePublic_ | Has Access<br/>_SampleDatasetReadOneAccess_ | Has Access<br/>_SampleDatasetReadOneAccess_ | Any<br/>_SampleDatasetReadOneAny_ | __no__ | |

0 comments on commit 53285e3

Please sign in to comment.