Skip to content
This repository has been archived by the owner on Apr 23, 2021. It is now read-only.

Permissions Definition

Jump to bottom
Anja Kammer edited this page Jan 28, 2018 · 6 revisions

Definition of Actions

:manage => [:create, :read, :update, :delete]

Permission Table

Action Entity Condition Side effect
:create Course current_user.role === 'instructor' course.instructors << current_user
:manage Course instructors.include(current_user) ------
:read Course is_logged_in(current_user) ------
:manage Topic, Sprint course.instructors.include(current_user) ------
:read Sprint current_user.projects(where: course === sprint.course) ------
:read Topics current_user.projects(where: course === topic.course) ------
:create Project course.enrollment(true) OR instructor === current_user if current_user != instructor -> course.users << current_user
:manage Project (users.include(current_user) AND course.enrollment(true)) OR instructor === current_user ------
:read Project course.instructors.include(current_user) ------
:manage Story project.users.include(current_user) ------
:read Story project.course.instructors.include(current_user) ------
:create projects_users course.enrollment(true) project.users << current_user
:update projects_users users.include(current_user) AND course.enrollment(true) ------
:read projects_users project.course.instructors.include(current_user) ------
:manage Instructor course.instructors.include(current_user) ------
:create Instructor course.instructors.include(current_user) if instructor_to_add != InstanceOf(User) -> course.instructors << User.create!(email: instructor_to_add) else (course.instructors << instructor_to_add)
:delete Instructor course.instructors.include(current_user) AND instructor_to_delete !== current_user AND Course.instructors.size >= 1 ------
Clone this wiki locally