draft for debitor permission grant model (detailed)

This commit is contained in:
Michael Hoennig 2024-02-07 11:30:01 +01:00
parent 28c873212d
commit 1e7089702c

View File

@ -3,246 +3,109 @@
```mermaid ```mermaid
flowchart TB flowchart TB
subgraph external[ ]
style external fill:#fff
subgraph global subgraph global
style global fill:#eee style global fill:#eee
role:global.admin[global.admin] role:global.admin[global.admin]
end end
subgraph office subgraph partnerPerson[partnerPerson:anchor]
style office fill:#eee style partnerPerson fill:#eee
subgraph sepa role:partnerPerson.owner[partnerPerson.owner]
--> role:partnerPerson.admin[partnerPerson.admin]
subgraph bankaccount --> role:partnerPerson.referrer[partnerPerson.referrer]
style bankaccount fill: #e9f7ef
user:hsOfficeBankAccount.creator([bankaccount.creator])
role:hsOfficeBankAccount.owner[bankaccount.owner]
%% permissions
role:hsOfficeBankAccount.owner --> perm:hsOfficeBankAccount.*{{bankaccount.*}}
%% incoming
role:global.admin --> role:hsOfficeBankAccount.owner
user:hsOfficeBankAccount.creator ---> role:hsOfficeBankAccount.owner
role:hsOfficeBankAccount.admin[bankaccount.admin]
%% permissions
role:hsOfficeBankAccount.admin --> perm:hsOfficeBankAccount.edit{{bankaccount.edit}}
%% incoming
role:hsOfficeBankAccount.owner ---> role:hsOfficeBankAccount.admin
role:hsOfficeBankAccount.tenant[bankaccount.tenant]
%% incoming
role:hsOfficeBankAccount.admin ---> role:hsOfficeBankAccount.tenant
role:hsOfficeBankAccount.guest[bankaccount.guest]
%% permissions
role:hsOfficeBankAccount.guest --> perm:hsOfficeBankAccount.view{{bankaccount.view}}
%% incoming
role:hsOfficeBankAccount.tenant ---> role:hsOfficeBankAccount.guest
end end
subgraph hsOfficeSepaMandate subgraph billingPerson[billingPerson:holder]
style billingPerson fill:#eee
role:billingPerson.owner[billingPerson.owner]
--> role:billingPerson.admin[billingPerson.admin]
--> role:billingPerson.referrer[billingPerson.referrer]
end end
subgraph billingContact[billingContact]
style billingContact fill:#eee
role:billingContact.owner[contact.owner]
--> role:billingContact.admin[contact.admin]
--> role:billingContact.referrer[contact.referrer]
end
subgraph refundBankAccount
style refundBankAccount fill:#eee
role:refundBankAccount.admin[bankAccount.admin]
--> role:refundBankAccount.referrer[bankAccount.referrer]
end end
subgraph contact subgraph partnerRelationship[hsOfficeRelationship:PARTNER]
style contact fill: #e9f7ef direction TB
style partnerRelationship fill:#eee
user:hsOfficeContact.creator([contact.creator]) role:global.admin
--> role:partnerRelationship.owner[relationship.owner]
--> role:partnerRelationship.admin[relationship.admin]
--> role:partnerRelationship.agent[relationship.agent]
--> role:partnerRelationship.tenant[relationship.tenant]
role:hsOfficeContact.owner[contact.owner] role:partnerPerson.admin --> role:partnerRelationship.agent
%% permissions
role:hsOfficeContact.owner --> perm:hsOfficeContact.*{{contact.*}}
%% incoming
role:global.admin --> role:hsOfficeContact.owner
user:hsOfficeContact.creator ---> role:hsOfficeContact.owner
role:hsOfficeContact.admin[contact.admin]
%% permissions
role:hsOfficeContact.admin ---> perm:hsOfficeContact.edit{{contact.edit}}
%% incoming
role:hsOfficeContact.owner ---> role:hsOfficeContact.admin
role:hsOfficeContact.tenant[contact.tenant]
%% incoming
role:hsOfficeContact.admin ----> role:hsOfficeContact.tenant
role:hsOfficeContact.guest[contact.guest]
%% permissions
role:hsOfficeContact.guest --> perm:hsOfficeContact.view{{contact.view}}
%% incoming
role:hsOfficeContact.tenant ---> role:hsOfficeContact.guest
end end
subgraph partner-person subgraph debitorRelationship[hsOfficeRelationship:DEBITOR]
direction TB
style debitorRelationship fill:#eee
subgraph person role:global.admin
style person fill: #e9f7ef --> role:debitorRelationship.owner[relationship.owner]
--> role:debitorRelationship.admin[relationship.admin]
--> role:debitorRelationship.agent[relationship.agent]
--> role:debitorRelationship.tenant[relationship.tenant]
user:hsOfficePerson.creator([personcreator]) role:partnerPerson.admin --> role:debitorRelationship.admin
role:debitorRelationship.tenant --> role:partnerPerson.referrer
role:hsOfficePerson.owner[person.owner] role:billingPerson.admin --> role:debitorRelationship.agent
%% permissions role:debitorRelationship.tenant --> role:billingPerson.referrer
role:hsOfficePerson.owner --> perm:hsOfficePerson.*{{person.*}}
%% incoming
user:hsOfficePerson.creator ---> role:hsOfficePerson.owner
role:global.admin --> role:hsOfficePerson.owner
role:hsOfficePerson.admin[person.admin] role:billingContact.admin --> role:debitorRelationship.agent
%% permissions role:debitorRelationship.tenant --> role:billingContact.referrer
role:hsOfficePerson.admin --> perm:hsOfficePerson.edit{{person.edit}} end
%% incoming
role:hsOfficePerson.owner ---> role:hsOfficePerson.admin
role:hsOfficePerson.tenant[person.tenant]
%% incoming
role:hsOfficePerson.admin -----> role:hsOfficePerson.tenant
role:hsOfficePerson.guest[person.guest]
%% permissions
role:hsOfficePerson.guest --> perm:hsOfficePerson.edit{{person.view}}
%% incoming
role:hsOfficePerson.tenant ---> role:hsOfficePerson.guest
end end
subgraph partner subgraph internal[ ]
direction TB
role:hsOfficePartner.owner[partner.owner] style internal fill:#fff
%% permissions
role:hsOfficePartner.owner --> perm:hsOfficePartner.*{{partner.*}}
%% incoming
role:global.admin ---> role:hsOfficePartner.owner
role:hsOfficePartner.admin[partner.admin]
%% permissions
role:hsOfficePartner.admin --> perm:hsOfficePartner.edit{{partner.edit}}
%% incoming
role:hsOfficePartner.owner ---> role:hsOfficePartner.admin
%% outgoing
role:hsOfficePartner.admin --> role:hsOfficePerson.tenant
role:hsOfficePartner.admin --> role:hsOfficeContact.tenant
role:hsOfficePartner.agent[partner.agent]
%% incoming
role:hsOfficePartner.admin --> role:hsOfficePartner.agent
role:hsOfficePerson.admin --> role:hsOfficePartner.agent
role:hsOfficeContact.admin --> role:hsOfficePartner.agent
role:hsOfficePartner.tenant[partner.tenant]
%% incoming
role:hsOfficePartner.agent ---> role:hsOfficePartner.tenant
%% outgoing
role:hsOfficePartner.tenant --> role:hsOfficePerson.guest
role:hsOfficePartner.tenant --> role:hsOfficeContact.guest
role:hsOfficePartner.guest[partner.guest]
%% permissions
role:hsOfficePartner.guest --> perm:hsOfficePartner.view{{partner.view}}
%% incoming
role:hsOfficePartner.tenant ---> role:hsOfficePartner.guest
end
end
subgraph debitor subgraph debitor
style debitor stroke-width:6px direction TB
user:hsOfficeDebitor.creator([debitor.creator]) role:debitor.owner[[debitor.owner]]
%% created by role --> perm:debitor.*{{debitor.*}}
user:hsOfficeDebitor.creator --> role:hsOfficePartner.agent role:debitor.owner -.- role:debitorRelationship.owner
role:hsOfficeDebitor.owner[debitor.owner] role:debitor.admin[[debitor.admin]]
%% permissions role:debitor.owner --> role:debitor.admin
role:hsOfficeDebitor.owner --> perm:hsOfficeDebitor.*{{debitor.*}} --> perm:debitor.edit{{debitor.edit}}
%% incoming role:debitor.admin -.- role:debitorRelationship.admin
user:hsOfficeDebitor.creator --> role:hsOfficeDebitor.owner role:debitor.admin ==> role:partnerRelationship.tenant
role:global.admin --> role:hsOfficeDebitor.owner
role:hsOfficeDebitor.admin[debitor.admin] role:debitor.agent[[debitor.agent]]
%% permissions role:debitor.admin --> role:debitor.agent
role:hsOfficeDebitor.admin --> perm:hsOfficeDebitor.edit{{debitor.edit}} role:debitor.admin -.- role:debitorRelationship.admin
%% incoming
role:hsOfficeDebitor.owner ---> role:hsOfficeDebitor.admin
role:hsOfficeDebitor.agent[debitor.agent] role:debitor.tenant[[debitor.tenant]]
%% incoming --> perm:debitor.view{{debitor.view}}
role:hsOfficeDebitor.admin ---> role:hsOfficeDebitor.agent role:debitor.agent --> role:debitor.tenant
role:hsOfficePartner.admin --> role:hsOfficeDebitor.agent role:debitor.tenant -.- role:debitorRelationship.tenant
%% outgoing
role:hsOfficeDebitor.agent --> role:hsOfficeBankAccount.tenant
role:hsOfficeDebitor.tenant[debitor.tenant]
%% incoming
role:hsOfficeDebitor.agent ---> role:hsOfficeDebitor.tenant
role:hsOfficePartner.agent --> role:hsOfficeDebitor.tenant
role:hsOfficeBankAccount.admin --> role:hsOfficeDebitor.tenant
%% outgoing
role:hsOfficeDebitor.tenant --> role:hsOfficePartner.tenant
role:hsOfficeDebitor.tenant --> role:hsOfficeContact.guest
role:hsOfficeDebitor.guest[debitor.guest]
%% permissions
role:hsOfficeDebitor.guest --> perm:hsOfficeDebitor.view{{debitor.view}}
%% incoming
role:hsOfficeDebitor.tenant --> role:hsOfficeDebitor.guest
end
end end
subgraph hsOfficeSepaMandate
role:hsOfficeSepaMandate.owner[sepaMandate.owner]
%% permissions
role:hsOfficeSepaMandate.owner --> perm:hsOfficeSepaMandate.*{{sepaMandate.*}}
%% incoming
role:global.admin ---> role:hsOfficeSepaMandate.owner
role:hsOfficeSepaMandate.admin[sepaMandate.admin]
%% permissions
role:hsOfficeSepaMandate.admin --> perm:hsOfficeSepaMandate.edit{{sepaMandate.edit}}
%% incoming
role:hsOfficeSepaMandate.owner ---> role:hsOfficeSepaMandate.admin
role:hsOfficeSepaMandate.agent[sepaMandate.agent]
%% incoming
role:hsOfficeSepaMandate.admin ---> role:hsOfficeSepaMandate.agent
role:hsOfficeDebitor.admin --> role:hsOfficeSepaMandate.agent
role:hsOfficeBankAccount.admin --> role:hsOfficeSepaMandate.agent
%% outgoing
role:hsOfficeSepaMandate.agent --> role:hsOfficeDebitor.tenant
role:hsOfficeSepaMandate.admin --> role:hsOfficeBankAccount.tenant
role:hsOfficeSepaMandate.tenant[sepaMandate.tenant]
%% incoming
role:hsOfficeSepaMandate.agent --> role:hsOfficeSepaMandate.tenant
%% outgoing
role:hsOfficeSepaMandate.tenant --> role:hsOfficeDebitor.guest
role:hsOfficeSepaMandate.tenant --> role:hsOfficeBankAccount.guest
role:hsOfficeSepaMandate.guest[sepaMandate.guest]
%% permissions
role:hsOfficeSepaMandate.guest --> perm:hsOfficeSepaMandate.view{{sepaMandate.view}}
%% incoming
role:hsOfficeSepaMandate.tenant --> role:hsOfficeSepaMandate.guest
end
subgraph hosting
style hosting fill:#eee
subgraph package
style package fill: #e9f7ef
role:package.owner[package.owner]
--> role:package.admin[package.admin]
--> role:package.tenant[package.tenant]
role:hsOfficeDebitor.agent --> role:package.owner
role:package.admin --> role:hsOfficeDebitor.tenant
role:hsOfficePartner.tenant --> role:hsOfficeDebitor.guest
end
end end