hostsharing/hs.hsadmin.ng
6
0
Fork 0
Code Pull Requests 3 Activity
61473abf68
hs.hsadmin.ng/src/main/resources/db/changelog/303-hs-office-membership-rbac.md
Michael Hoennig e6f9484f99 add hs-office-membership entity+repo + fix rbac
2022-10-17 19:42:14 +02:00

2.5 KiB
Raw Blame History

hs_office_membership RBAC

flowchart TB

subgraph global
    style global fill:#eee
    
    role:global.admin[global.admin]    
end

subgraph hsOfficeDebitor
    direction TB
    style hsOfficeDebitor fill:#eee
    
    role:hsOfficeDebitor.owner[debitor.owner]    
    --> role:hsOfficeDebitor.admin[debitor.admin]    
    --> role:hsOfficeDebitor.tenant[debitor.tenant]    
    --> role:hsOfficeDebitor.guest[debitor.guest]    
end

subgraph hsOfficePartner
    direction TB
    style hsOfficePartner fill:#eee
    
    role:hsOfficePartner.owner[partner.admin]    
    --> role:hsOfficePartner.admin[partner.admin]    
    --> role:hsOfficePartner.agent[partner.agent]    
    --> role:hsOfficePartner.tenant[partner.tenant]    
    --> role:hsOfficePartner.guest[partner.guest]    
end

subgraph hsOfficeMembership
                    
   role:hsOfficeMembership.owner[membership.owner]
   %% permissions
       role:hsOfficeMembership.owner --> perm:hsOfficeMembership.*{{membership.*}}
   %% incoming
       role:global.admin ---> role:hsOfficeMembership.owner
  
   role:hsOfficeMembership.admin[membership.admin]
   %% permissions
       role:hsOfficeMembership.admin --> perm:hsOfficeMembership.edit{{membership.edit}}
   %% incoming
       role:hsOfficeMembership.owner ---> role:hsOfficeMembership.admin
  
   role:hsOfficeMembership.agent[membership.agent]
   %% incoming
       role:hsOfficeMembership.admin ---> role:hsOfficeMembership.agent
       role:hsOfficePartner.admin --> role:hsOfficeMembership.agent
       role:hsOfficeDebitor.admin --> role:hsOfficeMembership.agent
   %% outgoing
       role:hsOfficeMembership.agent --> role:hsOfficePartner.tenant
       role:hsOfficeMembership.agent --> role:hsOfficeDebitor.tenant
  
   role:hsOfficeMembership.tenant[membership.tenant]
   %% incoming
       role:hsOfficeMembership.agent --> role:hsOfficeMembership.tenant
       role:hsOfficePartner.agent --> role:hsOfficeMembership.tenant
       role:hsOfficeDebitor.agent --> role:hsOfficeMembership.tenant
   %% outgoing   
       role:hsOfficeMembership.tenant --> role:hsOfficePartner.guest
       role:hsOfficeMembership.tenant --> role:hsOfficeDebitor.guest

   role:hsOfficeMembership.guest[membership.guest]
   %% permissions
       role:hsOfficeMembership.guest -->  perm:hsOfficeMembership.view{{membership.view}}
   %% incoming
       role:hsOfficeMembership.tenant --> role:hsOfficeMembership.guest
       role:hsOfficePartner.tenant --> role:hsOfficeMembership.guest
       role:hsOfficeDebitor.tenant --> role:hsOfficeMembership.guest
end