Compare commits

...

7 Commits

Author SHA1 Message Date
Michael Hoennig
4c6b7beb2d Schema-F um Root-Objekt Beziehungen zu weiteren Objekten ergänzt 2024-02-07 13:47:46 +01:00
Michael Hoennig
4398299854 draft for debitor permission grant model (cleanup + with refundBankAccount) 2024-02-07 13:45:01 +01:00
Michael Hoennig
2bae7dee2f draft for debitor permission grant model (reduced) 2024-02-07 12:33:49 +01:00
Michael Hoennig
a71a7b308f draft for debitor permission grant model (reduced - WIP) 2024-02-07 12:25:47 +01:00
Michael Hoennig
1e7089702c draft for debitor permission grant model (detailed) 2024-02-07 11:30:01 +01:00
Michael Hoennig
28c873212d fixes for partner permission grant model 2024-02-07 11:29:49 +01:00
Michael Hoennig
b8cd633c5a draft for partner permission grant model 2024-02-06 16:57:21 +01:00
3 changed files with 123 additions and 294 deletions

View File

@ -24,6 +24,11 @@ Objektorientiert gedacht, enthalten solche Objekte die Zusatzdaten einer Subklas
- Delete (\*) <-- Owner des Hauptobjektes
- Edit <-- **Agent** des Hauptobjektes
- View <-- Agent des Hauptobjektes
- Für die Rollenzuordnung zwischen referenzierten Objekten gilt:
- Für Objekte vom Typ Root werden die Rollen des zugehörigen Aggregator-Objektes verwendet.
- Gibt es Referenzen auf hierarchisch verbundene Objekte (z.B. Debitor.refundBankAccount) gilt folgende Faustregel:
***Nach oben absteigen, nach unten halten oder aufsteigen.*** An einem fachlich übergeordneten Objekt wird also eine niedrigere Rolle (z.B. Debitor-admin -> Partner.agent), einem fachlich untergeordneten Objekt eine gleichwertige Rolle (z.B. Partner.admin -> Debitor.admin) zugewiesen oder sogar aufgestiegen (Debitor.admin -> Package.tenant).
- Für Referenzen zwischen Objekten, die nicht hierarchisch zueinander stehen (z.B. Debitor und Bankverbindung), wird auf beiden seiten abgestiegen (also Debitor.admin -> BankAccount.referrer und BankAccount.admin -> Debitor.tenant).
Anmerkung: Der Typ-Begriff *Root* bezieht sich auf die Rolle im fachlichen Datenmodell. Im Bezug auf den Teilgraphen eines fachlichen Kontexts ist dies auch eine Wurzel im Sinne der Graphentheorie. Aber in anderen fachlichen Kontexten können auch diese Objekte von anderen Teilgraphen referenziert werden und werden dann zum inneren Knoten.

View File

@ -3,76 +3,70 @@
```mermaid
flowchart TB
subgraph global
subgraph external[ ]
style external fill:#fff
subgraph global
style global fill:#eee
role:global.admin[global.admin]
end
end
subgraph hsOfficeContact
subgraph partnerPerson
style partnerPerson fill:#eee
role:partnerPerson.admin[global.admin]
end
subgraph otherRelatedPerson
style otherRelatedPerson fill:#eee
role:otherRelatedPerson.admin[global.admin]
end
subgraph hsOfficeRelationship[hsOfficeRelationship:PARTNER]
direction TB
style hsOfficeContact fill:#eee
style hsOfficeRelationship fill:#eee
role:hsOfficeContact.admin[contact.admin]
--> role:hsOfficeContact.tenant[contact.tenant]
--> role:hsOfficeContact.guest[contact.guest]
role:global.admin
--> role:hsOfficeRelationship.owner[relationship.owner]
--> role:hsOfficeRelationship.admin[relationship.admin]
--> role:hsOfficeRelationship.agent[relationship.agent]
--> role:hsOfficeRelationship.tenant[relationship.tenant]
role:partnerPerson.admin --> role:hsOfficeRelationship.agent
role:otherRelatedPerson.admin --> role:hsOfficeRelationship.tenant
end
end
subgraph hsOfficePerson
subgraph internal[ ]
subgraph hsOfficePartner
style hsOfficePartner fill:#fff
perm:hsOfficePartner.*{{partner.*}}
role:hsOfficeRelationship.owner ==> perm:hsOfficePartner.*
perm:hsOfficePartner.edit{{partner.edit}}
role:hsOfficeRelationship.admin ==> perm:hsOfficePartner.edit
perm:hsOfficePartner.view{{partner.view}}
role:hsOfficeRelationship.tenant ==> perm:hsOfficePartner.view
end
subgraph hsOfficePartnerDetails
direction TB
style hsOfficePerson fill:#eee
style hsOfficePartnerDetails fill:#eee
role:hsOfficePerson.admin[person.admin]
--> role:hsOfficePerson.tenant[person.tenant]
--> role:hsOfficePerson.guest[person.guest]
end
perm:hsOfficePartnerDetails.*{{partnerDetails.*}}
role:hsOfficeRelationship.owner ==> perm:hsOfficePartnerDetails.*
subgraph hsOfficePartnerDetails
direction TB
perm:hsOfficePartnerDetails.edit{{partnerDetails.edit}}
role:hsOfficeRelationship.agent ==> perm:hsOfficePartnerDetails.edit
role:hsOfficeRelationship.agent ==> perm:hsOfficePartnerDetails.view
perm:hsOfficePartnerDetails.*{{partner.*}}
perm:hsOfficePartnerDetails.edit{{partner.edit}}
perm:hsOfficePartnerDetails.view{{partner.view}}
end
perm:hsOfficePartnerDetails.view{{partnerDetails.view}}
end
subgraph hsOfficePartner
role:hsOfficePartner.owner[partner.owner]
%% permissions
role:hsOfficePartner.owner --> perm:hsOfficePartner.*{{partner.*}}
role:hsOfficePartner.owner --> perm:hsOfficePartnerDetails.*{{partner.*}}
%% incoming
role:global.admin ---> role:hsOfficePartner.owner
role:hsOfficePartner.admin[partner.admin]
%% permissions
role:hsOfficePartner.admin --> perm:hsOfficePartner.edit{{partner.edit}}
role:hsOfficePartner.admin --> perm:hsOfficePartnerDetails.edit{{partner.edit}}
%% incoming
role:hsOfficePartner.owner ---> role:hsOfficePartner.admin
%% outgoing
role:hsOfficePartner.admin --> role:hsOfficePerson.tenant
role:hsOfficePartner.admin --> role:hsOfficeContact.tenant
role:hsOfficePartner.agent[partner.agent]
%% permissions
role:hsOfficePartner.agent --> perm:hsOfficePartnerDetails.view{{partner.view}}
%% incoming
role:hsOfficePartner.admin ---> role:hsOfficePartner.agent
role:hsOfficePerson.admin --> role:hsOfficePartner.agent
role:hsOfficeContact.admin --> role:hsOfficePartner.agent
role:hsOfficePartner.tenant[partner.tenant]
%% incoming
role:hsOfficePartner.agent --> role:hsOfficePartner.tenant
%% outgoing
role:hsOfficePartner.tenant --> role:hsOfficePerson.guest
role:hsOfficePartner.tenant --> role:hsOfficeContact.guest
role:hsOfficePartner.guest[partner.guest]
%% permissions
role:hsOfficePartner.guest --> perm:hsOfficePartner.view{{partner.view}}
%% incoming
role:hsOfficePartner.tenant --> role:hsOfficePartner.guest
end
```

View File

@ -3,248 +3,78 @@
```mermaid
flowchart TB
subgraph global
style global fill:#eee
subgraph bank[ ]
style bank fill:#fff
role:global.admin[global.admin]
subgraph refundBankAccount
direction TB
style refundBankAccount fill:#eee
role:refundBankAccount.owner[bankAccount.owner]
--> role:refundBankAccount.admin[bankAccount.admin]
--> role:refundBankAccount.referrer[bankAccount.referrer]
end
end
subgraph office
style office fill:#eee
subgraph partner[ ]
style partner fill:#fff
subgraph sepa
subgraph partnerRelationship[hsOfficeRelationship:PARTNER]
direction TB
style partnerRelationship fill:#eee
subgraph bankaccount
style bankaccount fill: #e9f7ef
role:partnerRelationship.owner[relationship.owner]
--> role:partnerRelationship.admin[relationship.admin]
--> role:partnerRelationship.agent[relationship.agent]
--> role:partnerRelationship.tenant[relationship.tenant]
user:hsOfficeBankAccount.creator([bankaccount.creator])
role:hsOfficeBankAccount.owner[bankaccount.owner]
%% permissions
role:hsOfficeBankAccount.owner --> perm:hsOfficeBankAccount.*{{bankaccount.*}}
%% incoming
role:global.admin --> role:hsOfficeBankAccount.owner
user:hsOfficeBankAccount.creator ---> role:hsOfficeBankAccount.owner
role:hsOfficeBankAccount.admin[bankaccount.admin]
%% permissions
role:hsOfficeBankAccount.admin --> perm:hsOfficeBankAccount.edit{{bankaccount.edit}}
%% incoming
role:hsOfficeBankAccount.owner ---> role:hsOfficeBankAccount.admin
role:hsOfficeBankAccount.tenant[bankaccount.tenant]
%% incoming
role:hsOfficeBankAccount.admin ---> role:hsOfficeBankAccount.tenant
role:hsOfficeBankAccount.guest[bankaccount.guest]
%% permissions
role:hsOfficeBankAccount.guest --> perm:hsOfficeBankAccount.view{{bankaccount.view}}
%% incoming
role:hsOfficeBankAccount.tenant ---> role:hsOfficeBankAccount.guest
partnerPerson[e.g. partnerPerson.admin] --> role:partnerRelationship.agent
otherPerson[e.g. operationalPerson.admin] --> role:partnerRelationship.tenant
end
end
subgraph hsOfficeSepaMandate
end
subgraph internal[ ]
direction TB
style internal fill:#fff
end
subgraph contact
style contact fill: #e9f7ef
user:hsOfficeContact.creator([contact.creator])
role:hsOfficeContact.owner[contact.owner]
%% permissions
role:hsOfficeContact.owner --> perm:hsOfficeContact.*{{contact.*}}
%% incoming
role:global.admin --> role:hsOfficeContact.owner
user:hsOfficeContact.creator ---> role:hsOfficeContact.owner
role:hsOfficeContact.admin[contact.admin]
%% permissions
role:hsOfficeContact.admin ---> perm:hsOfficeContact.edit{{contact.edit}}
%% incoming
role:hsOfficeContact.owner ---> role:hsOfficeContact.admin
role:hsOfficeContact.tenant[contact.tenant]
%% incoming
role:hsOfficeContact.admin ----> role:hsOfficeContact.tenant
role:hsOfficeContact.guest[contact.guest]
%% permissions
role:hsOfficeContact.guest --> perm:hsOfficeContact.view{{contact.view}}
%% incoming
role:hsOfficeContact.tenant ---> role:hsOfficeContact.guest
end
subgraph partner-person
subgraph person
style person fill: #e9f7ef
user:hsOfficePerson.creator([personcreator])
role:hsOfficePerson.owner[person.owner]
%% permissions
role:hsOfficePerson.owner --> perm:hsOfficePerson.*{{person.*}}
%% incoming
user:hsOfficePerson.creator ---> role:hsOfficePerson.owner
role:global.admin --> role:hsOfficePerson.owner
role:hsOfficePerson.admin[person.admin]
%% permissions
role:hsOfficePerson.admin --> perm:hsOfficePerson.edit{{person.edit}}
%% incoming
role:hsOfficePerson.owner ---> role:hsOfficePerson.admin
role:hsOfficePerson.tenant[person.tenant]
%% incoming
role:hsOfficePerson.admin -----> role:hsOfficePerson.tenant
role:hsOfficePerson.guest[person.guest]
%% permissions
role:hsOfficePerson.guest --> perm:hsOfficePerson.edit{{person.view}}
%% incoming
role:hsOfficePerson.tenant ---> role:hsOfficePerson.guest
end
subgraph partner
role:hsOfficePartner.owner[partner.owner]
%% permissions
role:hsOfficePartner.owner --> perm:hsOfficePartner.*{{partner.*}}
%% incoming
role:global.admin ---> role:hsOfficePartner.owner
role:hsOfficePartner.admin[partner.admin]
%% permissions
role:hsOfficePartner.admin --> perm:hsOfficePartner.edit{{partner.edit}}
%% incoming
role:hsOfficePartner.owner ---> role:hsOfficePartner.admin
%% outgoing
role:hsOfficePartner.admin --> role:hsOfficePerson.tenant
role:hsOfficePartner.admin --> role:hsOfficeContact.tenant
role:hsOfficePartner.agent[partner.agent]
%% incoming
role:hsOfficePartner.admin --> role:hsOfficePartner.agent
role:hsOfficePerson.admin --> role:hsOfficePartner.agent
role:hsOfficeContact.admin --> role:hsOfficePartner.agent
role:hsOfficePartner.tenant[partner.tenant]
%% incoming
role:hsOfficePartner.agent ---> role:hsOfficePartner.tenant
%% outgoing
role:hsOfficePartner.tenant --> role:hsOfficePerson.guest
role:hsOfficePartner.tenant --> role:hsOfficeContact.guest
role:hsOfficePartner.guest[partner.guest]
%% permissions
role:hsOfficePartner.guest --> perm:hsOfficePartner.view{{partner.view}}
%% incoming
role:hsOfficePartner.tenant ---> role:hsOfficePartner.guest
end
subgraph debitorRelationship[hsOfficeRelationship:DEBITOR]
direction TB
style debitorRelationship fill:#eee
role:debitorRelationship.owner[relationship.owner]
--> role:debitorRelationship.admin[relationship.admin]
--> role:debitorRelationship.agent[relationship.agent]
--> role:debitorRelationship.tenant[relationship.tenant]
end
subgraph debitor
style debitor stroke-width:6px
direction TB
user:hsOfficeDebitor.creator([debitor.creator])
%% created by role
user:hsOfficeDebitor.creator --> role:hsOfficePartner.agent
role:hsOfficeDebitor.owner[debitor.owner]
role:debitorRelationship.owner[debitorRelationship.owner]
%% permissions
role:hsOfficeDebitor.owner --> perm:hsOfficeDebitor.*{{debitor.*}}
%% incoming
user:hsOfficeDebitor.creator --> role:hsOfficeDebitor.owner
role:global.admin --> role:hsOfficeDebitor.owner
==> perm:debitor.*{{debitor.*}}
role:hsOfficeDebitor.admin[debitor.admin]
role:debitorRelationship.admin[debitorRelationship.admin]
%% permissions
role:hsOfficeDebitor.admin --> perm:hsOfficeDebitor.edit{{debitor.edit}}
==> perm:debitor.edit{{debitorRelationship.edit}}
%% incoming
role:hsOfficeDebitor.owner ---> role:hsOfficeDebitor.admin
role:hsOfficeDebitor.agent[debitor.agent]
%% incoming
role:hsOfficeDebitor.admin ---> role:hsOfficeDebitor.agent
role:hsOfficePartner.admin --> role:hsOfficeDebitor.agent
role:partnerRelationship.admin ==> role:debitorRelationship.admin
%% outgoing
role:hsOfficeDebitor.agent --> role:hsOfficeBankAccount.tenant
role:debitorRelationship.admin ==> role:partnerRelationship.agent
role:hsOfficeDebitor.tenant[debitor.tenant]
role:debitorRelationship.agent[debitorRelationship.agent]
%% incoming
role:hsOfficeDebitor.agent ---> role:hsOfficeDebitor.tenant
role:hsOfficePartner.agent --> role:hsOfficeDebitor.tenant
role:hsOfficeBankAccount.admin --> role:hsOfficeDebitor.tenant
role:partnerRelationship.agent ==> role:debitorRelationship.agent
role:refundBankAccount.admin ==> role:debitorRelationship.agent
%% outgoing
role:hsOfficeDebitor.tenant --> role:hsOfficePartner.tenant
role:hsOfficeDebitor.tenant --> role:hsOfficeContact.guest
role:debitorRelationship.agent ==> role:partnerRelationship.tenant
role:debitorRelationship.agent ==> role:refundBankAccount.referrer
role:debitorRelationship.tenant[debitorRelationship.tenant]
==> perm:debitor.view{{debitor.view}}
role:hsOfficeDebitor.guest[debitor.guest]
%% permissions
role:hsOfficeDebitor.guest --> perm:hsOfficeDebitor.view{{debitor.view}}
%% incoming
role:hsOfficeDebitor.tenant --> role:hsOfficeDebitor.guest
end
end
subgraph hsOfficeSepaMandate
role:hsOfficeSepaMandate.owner[sepaMandate.owner]
%% permissions
role:hsOfficeSepaMandate.owner --> perm:hsOfficeSepaMandate.*{{sepaMandate.*}}
%% incoming
role:global.admin ---> role:hsOfficeSepaMandate.owner
role:hsOfficeSepaMandate.admin[sepaMandate.admin]
%% permissions
role:hsOfficeSepaMandate.admin --> perm:hsOfficeSepaMandate.edit{{sepaMandate.edit}}
%% incoming
role:hsOfficeSepaMandate.owner ---> role:hsOfficeSepaMandate.admin
role:hsOfficeSepaMandate.agent[sepaMandate.agent]
%% incoming
role:hsOfficeSepaMandate.admin ---> role:hsOfficeSepaMandate.agent
role:hsOfficeDebitor.admin --> role:hsOfficeSepaMandate.agent
role:hsOfficeBankAccount.admin --> role:hsOfficeSepaMandate.agent
%% outgoing
role:hsOfficeSepaMandate.agent --> role:hsOfficeDebitor.tenant
role:hsOfficeSepaMandate.admin --> role:hsOfficeBankAccount.tenant
role:hsOfficeSepaMandate.tenant[sepaMandate.tenant]
%% incoming
role:hsOfficeSepaMandate.agent --> role:hsOfficeSepaMandate.tenant
%% outgoing
role:hsOfficeSepaMandate.tenant --> role:hsOfficeDebitor.guest
role:hsOfficeSepaMandate.tenant --> role:hsOfficeBankAccount.guest
role:hsOfficeSepaMandate.guest[sepaMandate.guest]
%% permissions
role:hsOfficeSepaMandate.guest --> perm:hsOfficeSepaMandate.view{{sepaMandate.view}}
%% incoming
role:hsOfficeSepaMandate.tenant --> role:hsOfficeSepaMandate.guest
end
subgraph hosting
style hosting fill:#eee
subgraph package
style package fill: #e9f7ef
role:package.owner[package.owner]
--> role:package.admin[package.admin]
--> role:package.tenant[package.tenant]
role:hsOfficeDebitor.agent --> role:package.owner
role:package.admin --> role:hsOfficeDebitor.tenant
role:hsOfficePartner.tenant --> role:hsOfficeDebitor.guest
end
end
```