From 2bae7dee2fc185f2d2679fe435e78c88fbc78813 Mon Sep 17 00:00:00 2001
From: Michael Hoennig <michael@hoennig.de>
Date: Wed, 7 Feb 2024 12:31:09 +0100
Subject: [PATCH] draft for debitor permission grant model (reduced)

---
 .../changelog/273-hs-office-debitor-rbac.md   | 37 +++++++++----------
 1 file changed, 17 insertions(+), 20 deletions(-)

diff --git a/src/main/resources/db/changelog/273-hs-office-debitor-rbac.md b/src/main/resources/db/changelog/273-hs-office-debitor-rbac.md
index c54dc4cc..7f7097eb 100644
--- a/src/main/resources/db/changelog/273-hs-office-debitor-rbac.md
+++ b/src/main/resources/db/changelog/273-hs-office-debitor-rbac.md
@@ -73,30 +73,27 @@ subgraph internal[ ]
     subgraph debitor
         direction TB
         
-        role:debitor.owner[[debitor.owner]]
-        --> perm:debitor.*{{debitor.*}}
-        role:debitor.owner -.==.- role:debitorRelationship.owner
+        role:debitorRelationship.owner[[debitor.owner]]
+        %% permissions
+            ==> perm:debitor.*{{debitor.*}}
 
-        role:debitor.admin[[debitor.admin]]
-        role:debitor.owner --> role:debitor.admin
-        --> perm:debitor.edit{{debitor.edit}}
-        role:debitor.admin -.==.- role:debitorRelationship.admin
-        role:debitor.admin ==> role:partnerRelationship.agent
+        role:debitorRelationship.admin[[debitor.admin]]
+        %% permissions
+            ==> perm:debitor.edit{{debitor.edit}}
+        %% incoming        
+            role:partnerRelationship.admin ==> role:debitorRelationship.admin
+        %% outgoing
+            role:debitorRelationship.admin ==> role:partnerRelationship.agent
 
-        role:debitor.agent[[debitor.agent]]
-        role:debitor.admin --> role:debitor.agent
-        role:debitor.agent -.==.- role:debitorRelationship.agent
-        role:debitor.agent ==> role:partnerRelationship.tenant
+        role:debitorRelationship.agent[[debitor.agent]]
+        %% incoming
+            role:partnerRelationship.agent ==> role:debitorRelationship.agent
+        %% outgoing
+            role:debitorRelationship.agent ==> role:partnerRelationship.tenant
         
-        role:debitor.tenant[[debitor.tenant]]
-        --> perm:debitor.view{{debitor.view}}
-        role:debitor.agent --> role:debitor.tenant 
-        role:debitor.tenant -.==.- role:debitorRelationship.tenant
+        role:debitorRelationship.tenant[[debitor.tenant]]
+        ==> perm:debitor.view{{debitor.view}}
         
-        role:partnerRelationship.admin ==> role:debitor.admin
-        role:partnerRelationship.agent ==> role:debitor.agent
-        
-         
 end
 
 end