Skip to content

GitLab

Permissions · Changes

Page history
Edited online authored by Andrea Pavlovic's avatar Andrea Pavlovic
Show whitespace changes
Inline Side-by-side
Permissions.md
View page @ 9036fa60
...@@ -31,20 +31,26 @@ See [Category] for an example. ...@@ -31,20 +31,26 @@ See [Category] for an example.
## Tickets ## Tickets
Apart from read, write and delete actions, there is an additional "set_department" action which Apart from read, create, edit and delete actions, there is an additional "set_department" action which
will set the value of the cost_bearing_department of a ticket. Here is a quick overview of who can do which will set the value of the cost_bearing_department of a ticket. Here is a quick overview of who can do which
action: action:
``` ```
list join on write delete set_department list join on create edit delete set_department
------------------------------------------------------------ -------------------------------------------------------------------
employee all [private,public] all all - employee all [private,public] yes all all -
customer own [public] own own - customer own [public] yes own own -
accounting all - - - only own departments accounting all - - - only own departments
------------------------------------------------------------ -------------------------------------------------------------------
``` ```
An employee can create a ticket on behalf of a different user. A customer can
only create tickets for herself.
A delete will automatically cascade to referenced instances, regardless of
permissions on the referenced instances.
## Category ## Category
The category table has no explicit permission set at all. But, to enable The category table has no explicit permission set at all. But, to enable
...@@ -53,12 +59,12 @@ access is granted to anyone who can create tickets: ...@@ -53,12 +59,12 @@ access is granted to anyone who can create tickets:
``` ```
list join on write delete list join on create edit delete
----------------------------------- -------------------------------------------------
employee all [ticket] - - employee all [ticket] - - -
customer all [ticket] - - customer all [ticket] - - -
accounting - [ticket] - - accounting - [ticket] - - -
------------------------------------ --------------------------------------------------
``` ```
Accounting has no direct read access but can still join any category which is being Accounting has no direct read access but can still join any category which is being
...@@ -67,4 +73,43 @@ a role has list rights on. ...@@ -67,4 +73,43 @@ a role has list rights on.
## Public Comments ## Public Comments
Public comments can be written by customers and employees, only the ticket creator
can edit or delete a ticket.
```
list join on create edit delete
-------------------------------------------------
employee created [ticket] created created created
customer created [ticket] created created created
accounting - - - - -
-------------------------------------------------
```
Because the binding of the actions on this table is the "creating_client", a listing
of this entity will returned only those owned by the user.
Nevertheless, joining this table on ticket will work and return any instances
that reference a ticket a user has rights to.
So, in our case, an employee has access to all tickets and will therefore be able to join
all public comments.
A customer will be able to join her own and any other user's comments onto
her own tickets.
## Private Comments ## Private Comments
Public comments are not accessable to customers.
```
list join on create edit delete
-------------------------------------------------
employee all [ticket] all all all
customer - - - - -
accounting - - - - -
-------
Because customers have no actions defined on this entity and it's not referenced
by any other entity (they have access to), they do not see it at all.
## Departments
\ No newline at end of file