Add permission for related objects (!287) · Merge requests · HUB Terra / SMS / Backend · GitLab

Kotyba Alhaj Taha requested to merge Permission_Managment_for_related_objects into 67-implement-a-right-management-prototyp Jan 10, 2022

Solve #67 (closed)

GET

Without a Valid JWT lists only actions related to public objects.
With JWT lists action from both public and internal objects.

POST

Prevent an action if the user not in the same group as the related object.

📝 Mount & Unmount

Prevent mounting an object if it is still active in a configuration.

PATCH

check before patch if related object in a group.
- If so, then only members and admins of this group my do a patch.

DELETE

Only admins in the related object group may delete an action.

TODO

add Tests

Edited Apr 06, 2022 by Kotyba Alhaj Taha

A HIFIS Service | Privacy | Imprint | Support | Documentation | Changelog | Status