draft for partner permission grant model

src/main/resources/db/changelog/233-hs-office-partner-rbac.md

@@ -3,76 +3,69 @@
 ```mermaid
 flowchart TB
 
-subgraph global
+subgraph external[ ]
-    style global fill:#eee
+    style external fill:#fff
     
-    role:global.admin[global.admin]    
+    subgraph global
+        style global fill:#eee
+        
+        role:global.admin[global.admin]    
+    end
+
+    subgraph partnerPerson
+        style partnerPerson fill:#eee
+        
+        role:partnerPerson.admin[global.admin]
+    end
+
+    subgraph otherRelatedPerson
+        style otherRelatedPerson fill:#eee
+        
+        role:otherRelatedPerson.admin[global.admin]
+    end
+
+    subgraph hsOfficeRelationship
+        direction TB
+        style hsOfficeRelationship fill:#eee
+
+        role:global.admin
+        --> role:hsOfficeRelationship.owner[relationship.owner]    
+        --> role:hsOfficeRelationship.admin[relationship.admin]    
+        --> role:hsOfficeRelationship.agent[relationship.agent]    
+        --> role:hsOfficeRelationship.tenant[relationship.tenant]
+        
+        role:partnerPerson.admin --> role:hsOfficeRelationship.agent
+        role:otherRelatedPerson.admin --> role:hsOfficeRelationship.tenant
+    end
 end
 
-subgraph hsOfficeContact
+subgraph internal[ ]
-    direction TB
+    style internal fill:#fff
-    style hsOfficeContact fill:#eee
-    
-    role:hsOfficeContact.admin[contact.admin]    
-    --> role:hsOfficeContact.tenant[contact.tenant]    
-    --> role:hsOfficeContact.guest[contact.guest]    
-end
 
-subgraph hsOfficePerson
+    subgraph hsOfficePartner
-    direction TB
+        
-    style hsOfficePerson fill:#eee
+        perm:hsOfficePartner.*{{partner.*}}
-    
+        role:hsOfficeRelationship.owner --> perm:hsOfficePartner.*
-    role:hsOfficePerson.admin[person.admin]    
+        
-    --> role:hsOfficePerson.tenant[person.tenant]    
+        perm:hsOfficePartner.edit{{partner.edit}}
-    --> role:hsOfficePerson.guest[person.guest]    
+        role:hsOfficeRelationship.admin --> perm:hsOfficePartner.edit
-end
+        
+        perm:hsOfficePartner.view{{partner.view}}
+        role:hsOfficeRelationship.tenant --> perm:hsOfficePartner.view
+    end
 
-subgraph hsOfficePartnerDetails
+    subgraph hsOfficePartnerDetails
-    direction TB
+        direction TB
-    
+        
-    perm:hsOfficePartnerDetails.*{{partner.*}}
+        perm:hsOfficePartnerDetails.*{{partnerDetails.*}}
-    perm:hsOfficePartnerDetails.edit{{partner.edit}}
+        role:hsOfficeRelationship.owner --> perm:hsOfficePartnerDetails.*
-    perm:hsOfficePartnerDetails.view{{partner.view}}
-end
 
-subgraph hsOfficePartner
+        perm:hsOfficePartnerDetails.edit{{partnerDetails.edit}}
-                    
+        role:hsOfficeRelationship.agent --> perm:hsOfficePartnerDetails.edit
-   role:hsOfficePartner.owner[partner.owner]
+        role:hsOfficeRelationship.agent ----> perm:hsOfficePartnerDetails.view
-   %% permissions
+        
-       role:hsOfficePartner.owner --> perm:hsOfficePartner.*{{partner.*}}
+        perm:hsOfficePartnerDetails.view{{partnerDetails.view}}
-       role:hsOfficePartner.owner --> perm:hsOfficePartnerDetails.*{{partner.*}}
+    end
-   %% incoming
-       role:global.admin ---> role:hsOfficePartner.owner
-  
-   role:hsOfficePartner.admin[partner.admin]
-   %% permissions
-       role:hsOfficePartner.admin --> perm:hsOfficePartner.edit{{partner.edit}}
-       role:hsOfficePartner.admin --> perm:hsOfficePartnerDetails.edit{{partner.edit}}
-   %% incoming
-       role:hsOfficePartner.owner ---> role:hsOfficePartner.admin
-   %% outgoing
-       role:hsOfficePartner.admin --> role:hsOfficePerson.tenant
-       role:hsOfficePartner.admin --> role:hsOfficeContact.tenant
-  
-   role:hsOfficePartner.agent[partner.agent]
-   %% permissions
-       role:hsOfficePartner.agent --> perm:hsOfficePartnerDetails.view{{partner.view}}
-   %% incoming
-       role:hsOfficePartner.admin ---> role:hsOfficePartner.agent
-       role:hsOfficePerson.admin --> role:hsOfficePartner.agent
-       role:hsOfficeContact.admin --> role:hsOfficePartner.agent
-  
-   role:hsOfficePartner.tenant[partner.tenant]
-   %% incoming
-       role:hsOfficePartner.agent --> role:hsOfficePartner.tenant
-   %% outgoing   
-       role:hsOfficePartner.tenant --> role:hsOfficePerson.guest
-       role:hsOfficePartner.tenant --> role:hsOfficeContact.guest
 
-   role:hsOfficePartner.guest[partner.guest]
-   %% permissions
-       role:hsOfficePartner.guest -->  perm:hsOfficePartner.view{{partner.view}}
-   %% incoming
-       role:hsOfficePartner.tenant --> role:hsOfficePartner.guest
 end
 ```