Michael Hoennig
2022-10-28 b69af8fa578956246a3e9161ddf4883ab7c2e0fd
commit | author | age
c31956 1 ### hs_office_debitor RBAC Roles
MH 2
3 ```mermaid
0b60b9 4 flowchart TB
a93143 5
0b60b9 6 subgraph global
MH 7     style global fill:#eee
8     
9     role:global.admin[global.admin]    
10 end
a93143 11
0b60b9 12 subgraph office
MH 13     style office fill:#eee
14     
7f5b23 15     subgraph sepa
MH 16     
0b60b9 17     subgraph bankaccount
MH 18         style bankaccount fill: #e9f7ef
6b6f81 19         
0b60b9 20         user:hsOfficeBankAccount.creator([bankaccount.creator])        
MH 21     
22         role:hsOfficeBankAccount.owner[bankaccount.owner]
23         %% permissions
24             role:hsOfficeBankAccount.owner --> perm:hsOfficeBankAccount.*{{bankaccount.*}}
25         %% incoming
26             role:global.admin --> role:hsOfficeBankAccount.owner
27             user:hsOfficeBankAccount.creator ---> role:hsOfficeBankAccount.owner
28             
29         role:hsOfficeBankAccount.admin[bankaccount.admin]
30         %% permissions
31             role:hsOfficeBankAccount.admin --> perm:hsOfficeBankAccount.edit{{bankaccount.edit}}
32         %% incoming
33             role:hsOfficeBankAccount.owner ---> role:hsOfficeBankAccount.admin         
a93143 34         
0b60b9 35         role:hsOfficeBankAccount.tenant[bankaccount.tenant]
MH 36         %% incoming
37             role:hsOfficeBankAccount.admin ---> role:hsOfficeBankAccount.tenant
38         
39         role:hsOfficeBankAccount.guest[bankaccount.guest]
40         %% permissions
41             role:hsOfficeBankAccount.guest --> perm:hsOfficeBankAccount.view{{bankaccount.view}}
42         %% incoming
43             role:hsOfficeBankAccount.tenant ---> role:hsOfficeBankAccount.guest
7f5b23 44     end
MH 45     
46     subgraph hsOfficeSepaMandate
47     end
48     
0b60b9 49     end
MH 50    
51     subgraph contact
52         style contact fill: #e9f7ef
53         
54         user:hsOfficeContact.creator([contact.creator])
55     
56         role:hsOfficeContact.owner[contact.owner]
57         %% permissions
58             role:hsOfficeContact.owner --> perm:hsOfficeContact.*{{contact.*}}
59         %% incoming
60             role:global.admin --> role:hsOfficeContact.owner
61             user:hsOfficeContact.creator ---> role:hsOfficeContact.owner
62             
63         role:hsOfficeContact.admin[contact.admin]
64         %% permissions
65             role:hsOfficeContact.admin ---> perm:hsOfficeContact.edit{{contact.edit}}
66         %% incoming
67             role:hsOfficeContact.owner ---> role:hsOfficeContact.admin         
68         
69         role:hsOfficeContact.tenant[contact.tenant]
70         %% incoming
71             role:hsOfficeContact.admin ----> role:hsOfficeContact.tenant
72         
73         role:hsOfficeContact.guest[contact.guest]
74         %% permissions
75             role:hsOfficeContact.guest --> perm:hsOfficeContact.view{{contact.view}}
76         %% incoming
77             role:hsOfficeContact.tenant ---> role:hsOfficeContact.guest
78     end
79     
80     subgraph partner-person
81    
82     subgraph person
83         style person fill: #e9f7ef
84         
85         user:hsOfficePerson.creator([personcreator])
86         
87         role:hsOfficePerson.owner[person.owner]
88         %% permissions
89             role:hsOfficePerson.owner --> perm:hsOfficePerson.*{{person.*}}
90         %% incoming
91             user:hsOfficePerson.creator ---> role:hsOfficePerson.owner
92             role:global.admin --> role:hsOfficePerson.owner
93         
94         role:hsOfficePerson.admin[person.admin]
95         %% permissions
96             role:hsOfficePerson.admin --> perm:hsOfficePerson.edit{{person.edit}}
97         %% incoming
98             role:hsOfficePerson.owner ---> role:hsOfficePerson.admin
99         
100         role:hsOfficePerson.tenant[person.tenant]
101         %% incoming
102             role:hsOfficePerson.admin -----> role:hsOfficePerson.tenant
103         
104         role:hsOfficePerson.guest[person.guest]
105         %% permissions
106             role:hsOfficePerson.guest --> perm:hsOfficePerson.edit{{person.view}}
107         %% incoming
108             role:hsOfficePerson.tenant ---> role:hsOfficePerson.guest
109     end
110     
111     subgraph partner
112     
113        role:hsOfficePartner.owner[partner.owner]
114        %% permissions
115            role:hsOfficePartner.owner --> perm:hsOfficePartner.*{{partner.*}}
116        %% incoming
117            role:global.admin ---> role:hsOfficePartner.owner
118       
119        role:hsOfficePartner.admin[partner.admin]
120        %% permissions
121            role:hsOfficePartner.admin --> perm:hsOfficePartner.edit{{partner.edit}}
122        %% incoming
123            role:hsOfficePartner.owner ---> role:hsOfficePartner.admin
124        %% outgoing
125            role:hsOfficePartner.admin --> role:hsOfficePerson.tenant
126            role:hsOfficePartner.admin --> role:hsOfficeContact.tenant
127       
128        role:hsOfficePartner.agent[partner.agent]
129        %% incoming
130            role:hsOfficePartner.admin --> role:hsOfficePartner.agent
131            role:hsOfficePerson.admin --> role:hsOfficePartner.agent
132            role:hsOfficeContact.admin --> role:hsOfficePartner.agent
133       
134        role:hsOfficePartner.tenant[partner.tenant]
135        %% incoming
136            role:hsOfficePartner.agent ---> role:hsOfficePartner.tenant
137        %% outgoing   
138            role:hsOfficePartner.tenant --> role:hsOfficePerson.guest
139            role:hsOfficePartner.tenant --> role:hsOfficeContact.guest
140     
141        role:hsOfficePartner.guest[partner.guest]
142        %% permissions
143            role:hsOfficePartner.guest -->  perm:hsOfficePartner.view{{partner.view}}
144        %% incoming
145            role:hsOfficePartner.tenant ---> role:hsOfficePartner.guest
146     end
147     
148     end
149     
150     subgraph debitor
151         style debitor stroke-width:6px
152     
153         user:hsOfficeDebitor.creator([debitor.creator])
154         %% created by role
155             user:hsOfficeDebitor.creator --> role:hsOfficePartner.agent
156     
157         role:hsOfficeDebitor.owner[debitor.owner]
158         %% permissions
159             role:hsOfficeDebitor.owner --> perm:hsOfficeDebitor.*{{debitor.*}}
160         %% incoming
161             user:hsOfficeDebitor.creator --> role:hsOfficeDebitor.owner
162             role:global.admin --> role:hsOfficeDebitor.owner
163             
164         role:hsOfficeDebitor.admin[debitor.admin]
165         %% permissions
166             role:hsOfficeDebitor.admin --> perm:hsOfficeDebitor.edit{{debitor.edit}}
167         %% incoming
168             role:hsOfficeDebitor.owner ---> role:hsOfficeDebitor.admin         
169             
170         role:hsOfficeDebitor.agent[debitor.agent]
171         %% incoming
172             role:hsOfficeDebitor.admin ---> role:hsOfficeDebitor.agent         
173             role:hsOfficePartner.admin --> role:hsOfficeDebitor.agent
174         %% outgoing
175             role:hsOfficeDebitor.agent --> role:hsOfficeBankAccount.tenant
176     
177         role:hsOfficeDebitor.tenant[debitor.tenant]
178         %% incoming
179             role:hsOfficeDebitor.agent ---> role:hsOfficeDebitor.tenant
180             role:hsOfficePartner.agent --> role:hsOfficeDebitor.tenant
181             role:hsOfficeBankAccount.admin --> role:hsOfficeDebitor.tenant
182         %% outgoing
183             role:hsOfficeDebitor.tenant --> role:hsOfficePartner.tenant
184             role:hsOfficeDebitor.tenant --> role:hsOfficeContact.guest
185         
186         role:hsOfficeDebitor.guest[debitor.guest]
187         %% permissions
188             role:hsOfficeDebitor.guest --> perm:hsOfficeDebitor.view{{debitor.view}}
189         %% incoming
190             role:hsOfficeDebitor.tenant --> role:hsOfficeDebitor.guest
191     end
192     
193 end
194
7f5b23 195 subgraph hsOfficeSepaMandate
MH 196                     
197    role:hsOfficeSepaMandate.owner[sepaMandate.owner]
198    %% permissions
199        role:hsOfficeSepaMandate.owner --> perm:hsOfficeSepaMandate.*{{sepaMandate.*}}
200    %% incoming
201        role:global.admin ---> role:hsOfficeSepaMandate.owner
202   
203    role:hsOfficeSepaMandate.admin[sepaMandate.admin]
204    %% permissions
205        role:hsOfficeSepaMandate.admin --> perm:hsOfficeSepaMandate.edit{{sepaMandate.edit}}
206    %% incoming
207        role:hsOfficeSepaMandate.owner ---> role:hsOfficeSepaMandate.admin
208   
209    role:hsOfficeSepaMandate.agent[sepaMandate.agent]
210    %% incoming
211        role:hsOfficeSepaMandate.admin ---> role:hsOfficeSepaMandate.agent
212        role:hsOfficeDebitor.admin --> role:hsOfficeSepaMandate.agent
213        role:hsOfficeBankAccount.admin --> role:hsOfficeSepaMandate.agent
214    %% outgoing
215        role:hsOfficeSepaMandate.agent --> role:hsOfficeDebitor.tenant
216        role:hsOfficeSepaMandate.admin --> role:hsOfficeBankAccount.tenant
217   
218    role:hsOfficeSepaMandate.tenant[sepaMandate.tenant]
219    %% incoming
220        role:hsOfficeSepaMandate.agent --> role:hsOfficeSepaMandate.tenant
221    %% outgoing   
222        role:hsOfficeSepaMandate.tenant --> role:hsOfficeDebitor.guest
223        role:hsOfficeSepaMandate.tenant --> role:hsOfficeBankAccount.guest
224
225    role:hsOfficeSepaMandate.guest[sepaMandate.guest]
226    %% permissions
227        role:hsOfficeSepaMandate.guest -->  perm:hsOfficeSepaMandate.view{{sepaMandate.view}}
228    %% incoming
229        role:hsOfficeSepaMandate.tenant --> role:hsOfficeSepaMandate.guest
230 end
0b60b9 231
MH 232 subgraph hosting
233     style hosting fill:#eee
234     
235     subgraph package
236         style package fill: #e9f7ef
237         
238         role:package.owner[package.owner]
239          --> role:package.admin[package.admin]
240          --> role:package.tenant[package.tenant]
241          
242         role:hsOfficeDebitor.agent --> role:package.owner        
243         role:package.admin --> role:hsOfficeDebitor.tenant
244         role:hsOfficePartner.tenant --> role:hsOfficeDebitor.guest
245     end
246 end
247
a93143 248
c31956 249 ```
0b60b9 250