draft for partner permission grant model

This commit is contained in:
Michael Hoennig 2024-02-06 16:57:21 +01:00
parent 5ef16c11d5
commit b8cd633c5a

View File

@ -3,76 +3,69 @@
```mermaid ```mermaid
flowchart TB flowchart TB
subgraph global subgraph external[ ]
style global fill:#eee style external fill:#fff
role:global.admin[global.admin] subgraph global
style global fill:#eee
role:global.admin[global.admin]
end
subgraph partnerPerson
style partnerPerson fill:#eee
role:partnerPerson.admin[global.admin]
end
subgraph otherRelatedPerson
style otherRelatedPerson fill:#eee
role:otherRelatedPerson.admin[global.admin]
end
subgraph hsOfficeRelationship
direction TB
style hsOfficeRelationship fill:#eee
role:global.admin
--> role:hsOfficeRelationship.owner[relationship.owner]
--> role:hsOfficeRelationship.admin[relationship.admin]
--> role:hsOfficeRelationship.agent[relationship.agent]
--> role:hsOfficeRelationship.tenant[relationship.tenant]
role:partnerPerson.admin --> role:hsOfficeRelationship.agent
role:otherRelatedPerson.admin --> role:hsOfficeRelationship.tenant
end
end end
subgraph hsOfficeContact subgraph internal[ ]
direction TB style internal fill:#fff
style hsOfficeContact fill:#eee
role:hsOfficeContact.admin[contact.admin] subgraph hsOfficePartner
--> role:hsOfficeContact.tenant[contact.tenant]
--> role:hsOfficeContact.guest[contact.guest]
end
subgraph hsOfficePerson perm:hsOfficePartner.*{{partner.*}}
direction TB role:hsOfficeRelationship.owner --> perm:hsOfficePartner.*
style hsOfficePerson fill:#eee
role:hsOfficePerson.admin[person.admin] perm:hsOfficePartner.edit{{partner.edit}}
--> role:hsOfficePerson.tenant[person.tenant] role:hsOfficeRelationship.admin --> perm:hsOfficePartner.edit
--> role:hsOfficePerson.guest[person.guest]
end
subgraph hsOfficePartnerDetails perm:hsOfficePartner.view{{partner.view}}
direction TB role:hsOfficeRelationship.tenant --> perm:hsOfficePartner.view
end
perm:hsOfficePartnerDetails.*{{partner.*}} subgraph hsOfficePartnerDetails
perm:hsOfficePartnerDetails.edit{{partner.edit}} direction TB
perm:hsOfficePartnerDetails.view{{partner.view}}
end
subgraph hsOfficePartner perm:hsOfficePartnerDetails.*{{partnerDetails.*}}
role:hsOfficeRelationship.owner --> perm:hsOfficePartnerDetails.*
role:hsOfficePartner.owner[partner.owner] perm:hsOfficePartnerDetails.edit{{partnerDetails.edit}}
%% permissions role:hsOfficeRelationship.agent --> perm:hsOfficePartnerDetails.edit
role:hsOfficePartner.owner --> perm:hsOfficePartner.*{{partner.*}} role:hsOfficeRelationship.agent ----> perm:hsOfficePartnerDetails.view
role:hsOfficePartner.owner --> perm:hsOfficePartnerDetails.*{{partner.*}}
%% incoming
role:global.admin ---> role:hsOfficePartner.owner
role:hsOfficePartner.admin[partner.admin] perm:hsOfficePartnerDetails.view{{partnerDetails.view}}
%% permissions end
role:hsOfficePartner.admin --> perm:hsOfficePartner.edit{{partner.edit}}
role:hsOfficePartner.admin --> perm:hsOfficePartnerDetails.edit{{partner.edit}}
%% incoming
role:hsOfficePartner.owner ---> role:hsOfficePartner.admin
%% outgoing
role:hsOfficePartner.admin --> role:hsOfficePerson.tenant
role:hsOfficePartner.admin --> role:hsOfficeContact.tenant
role:hsOfficePartner.agent[partner.agent]
%% permissions
role:hsOfficePartner.agent --> perm:hsOfficePartnerDetails.view{{partner.view}}
%% incoming
role:hsOfficePartner.admin ---> role:hsOfficePartner.agent
role:hsOfficePerson.admin --> role:hsOfficePartner.agent
role:hsOfficeContact.admin --> role:hsOfficePartner.agent
role:hsOfficePartner.tenant[partner.tenant]
%% incoming
role:hsOfficePartner.agent --> role:hsOfficePartner.tenant
%% outgoing
role:hsOfficePartner.tenant --> role:hsOfficePerson.guest
role:hsOfficePartner.tenant --> role:hsOfficeContact.guest
role:hsOfficePartner.guest[partner.guest]
%% permissions
role:hsOfficePartner.guest --> perm:hsOfficePartner.view{{partner.view}}
%% incoming
role:hsOfficePartner.tenant --> role:hsOfficePartner.guest
end end
``` ```