hs.hsadmin.ng/src/main/resources/db/changelog/273-hs-office-debitor-rbac.md

### hs_office_debitor RBAC Roles

```mermaid
flowchart TB;

subgraph bankaccount;

    %% oversimplified version for now
    %%   
    %% Beware: role:debitor.tenant should NOT be granted role:bankaccount.tenent
    %% because otherwise, later in the development,
    %% e.g. package admins could see the debitors bank account,
    %% except if we do NOT use the debitor in the hosting super module.

    role:bankaccount.tenant --> perm:bankaccount.view{{bankaccount.view}};
end;

subgraph debitor[" "];
direction TB;

    role:debitor.owner[[debitor.owner]]
    role:debitor.owner --> perm:debitor.*{{debitor.*}};

    role:debitor.admin[[debitor.admin]]
    %% super-roles
        role:debitor.owner --> role:debitor.admin;
        role:partner.admin --> role:debitor.admin;
        role:person.admin --> role:debitor.admin;
        role:contact.admin --> role:debitor.admin;
    %% sub-roles
        role:debitor.admin --> role:partner.tenant;
        role:debitor.admin --> role:person.tenant;
        role:debitor.admin --> role:contact.tenant;
        role:debitor.admin --> role:bankaccount.tenant;

    role:debitor.tenant[[debitor.tenant]]
        role:debitor.tenant --> perm:debitor.view{{debitor.view}};
    %% super-roles
        role:debitor.admin --> role:debitor.tenant;
    %% sub-roles
        
end;

subgraph global;
    role:global.admin --> role:debitor.owner;
end;
        

```
adds HsOfficePartner 2022-10-03 11:09:36 +02:00			`### hs_office_debitor RBAC Roles`

			```mermaid
add HsOfficeBankAccount* 2022-10-04 19:09:37 +02:00			`flowchart TB;`

			`subgraph bankaccount;`

			`%% oversimplified version for now`
			`%%`
			`%% Beware: role:debitor.tenant should NOT be granted role:bankaccount.tenent`
			`%% because otherwise, later in the development,`
			`%% e.g. package admins could see the debitors bank account,`
			`%% except if we do NOT use the debitor in the hosting super module.`

add refundBankAccount to hs_office_debitor 2022-10-05 17:22:33 +02:00			`role:bankaccount.tenant --> perm:bankaccount.view{{bankaccount.view}};`
add HsOfficeBankAccount* 2022-10-04 19:09:37 +02:00			`end;`

			`subgraph debitor[" "];`
			`direction TB;`

add refundBankAccount to hs_office_debitor 2022-10-05 17:22:33 +02:00			`role:debitor.owner[[debitor.owner]]`
			`role:debitor.owner --> perm:debitor.{{debitor.}};`
adds HsOfficePartner 2022-10-03 11:09:36 +02:00
add refundBankAccount to hs_office_debitor 2022-10-05 17:22:33 +02:00			`role:debitor.admin[[debitor.admin]]`
			`%% super-roles`
			`role:debitor.owner --> role:debitor.admin;`
			`role:partner.admin --> role:debitor.admin;`
			`role:person.admin --> role:debitor.admin;`
			`role:contact.admin --> role:debitor.admin;`
			`%% sub-roles`
			`role:debitor.admin --> role:partner.tenant;`
			`role:debitor.admin --> role:person.tenant;`
			`role:debitor.admin --> role:contact.tenant;`
			`role:debitor.admin --> role:bankaccount.tenant;`
adds HsOfficePartner 2022-10-03 11:09:36 +02:00
add refundBankAccount to hs_office_debitor 2022-10-05 17:22:33 +02:00			`role:debitor.tenant[[debitor.tenant]]`
			`role:debitor.tenant --> perm:debitor.view{{debitor.view}};`
adds HsOfficePartner 2022-10-03 11:09:36 +02:00			`%% super-roles`
			`role:debitor.admin --> role:debitor.tenant;`
			`%% sub-roles`
add refundBankAccount to hs_office_debitor 2022-10-05 17:22:33 +02:00
add HsOfficeBankAccount* 2022-10-04 19:09:37 +02:00			`end;`

			`subgraph global;`
			`role:global.admin --> role:debitor.owner;`
			`end;`


adds HsOfficePartner 2022-10-03 11:09:36 +02:00			```