Use Case: Access Control

Summary

• Scope: Map Editor
• Level: User Goal
• Actors: User
• Brief: User is restricted to access and modify only maps they are allowed to.
• Status: Done
• Assignee: Justus
• Criticality: System Critical

Scenarios

• Precondition:

  • The user is logged in and wants to open a map.

• Main success scenario:

  • The user is able to open and modify maps according to the following matrix, showing the access level of the map as well as the user's role. | Access Level | Owner | Member | Collaborator | Other | |--------------|-------------|-------------|--------------|------------| | Public | Read/Modify | Read/Modify | Read/Modify | Read Only | | Protected | Read/Modify | Read/Modify | Read/Modify | No Access | | Private | Read/Modify | No Access | Read/Modify | No Access |

• Error scenario:

  • The user attempts to open a map he should not have access to by entering map IDs in the URL.
  • The user sees a 404, indicating the map does not exist or the user does not have permission to access it.

• Error scenario:

  • The user attempts to forge a request that would modify a map to which he has only read access.
  • The user sees a 403, indicating that the user does not have the required permissions for this operation.

• Postcondition:

  • The user is shown the map he clicked on and is able to view and perform interactions according to the access matrix above.

• Non-functional Constraints:

  • The authorization process should be invisible to the users unless an error occurs.

Leftovers

• None

Links

• #480