Add permission for related objects
requested to merge Permission_Managment_for_related_objects into 67-implement-a-right-management-prototyp
Solve #67 (closed)
GET
- Without a Valid JWT lists only actions related to public objects.
- With JWT lists action from both public and internal objects.
POST
- Prevent an action if the user not in the same group as the related object.
📝 Mount & Unmount
- Prevent mounting an object if it is still active in a configuration.
PATCH
- check before patch if related object in a group.
- If so, then only members and admins of this group my do a patch.
DELETE
- Only admins in the related object group may delete an action.
TODO
-
add Tests
Edited by Kotyba Alhaj Taha