Use Case: Access Control
Summary
- Scope: Map Editor
- Level: User Goal
- Actors: User
- Brief: User is restricted to access their own maps.
- Status: Current
- Assignee: Justus
- Criticality: System Critical
Scenarios
- 
Precondition: - The user is logged in and wants to open a map.
 
- 
Main success scenario: - The user is able to open their maps.
 
- 
Error scenario: - The user attempts to open a map he should not have access to by entering map IDs in the URL.
- The user sees a 404, indicating the map does not exist (even if it might exist).
 
- 
Postcondition: - The user is shown the map he clicked on and is able to view and interact with it.
 
- 
Non-functional Constraints: - Users should not have to deal or see anything related to authentication themselves, only error messages saying the map they access is private.
- For maps they do have access to, this authorization check should be done in the background and not show anything to the user.
 
Development Progress
- Frontend done (404 is handled), backend missing
Leftovers
- None
Links
Notes
- TODO: include info table from issue #480