Skip to content

Add permission for related objects

Kotyba Alhaj Taha requested to merge Permission_Managment_for_related_objects into 67-implement-a-right-management-prototyp

Solve #67 (closed)

GET

  • Without a Valid JWT lists only actions related to public objects.
  • With JWT lists action from both public and internal objects.

POST

  • Prevent an action if the user not in the same group as the related object.

📝 Mount & Unmount

  • Prevent mounting an object if it is still active in a configuration.

PATCH

  • check before patch if related object in a group.
    • If so, then only members and admins of this group my do a patch.

DELETE

  • Only admins in the related object group may delete an action.

TODO

  • add Tests
Edited by Kotyba Alhaj Taha

Merge request reports

A HIFIS Service | Privacy | Imprint | Support | Documentation | Changelog