Use Case: Access Control
Summary
- Scope: Map Editor
- Level: User Goal
- Actors: User
- Brief: User is restricted to access and modify only maps they are allowed to.
- Status: Done
- Assignee: Justus
- Criticality: System Critical
Scenarios
-
Precondition:
- The user is logged in and wants to open a map.
-
Main success scenario:
-
The user is able to open and modify maps according to the following matrix, showing the access level of the map as well as the user's role. | Access Level | Owner or Admin | Member | Collaborator¹ | Testing² | Other | |--------------|----------------|--------|---------------|----------|------- | Public | Read/Modify | Read Only | Read/Modify | Read/Modify | Read Only | | Protected | Read/Modify | Read Only | Read/Modify | Read/Modify | No Access | | Private | Read/Modify | No Access | Read/Modify | No Access | No Access |
¹ Collaborators of maps need to be of group members.
² Users in groupTestingonly have extra privileges in non-productive environments, i.e., everywhere butwww.permaplant.netandwww.staging.permaplant.net.
-
-
Error scenario:
- The user attempts to open a map he should not have access to by entering map IDs in the URL.
- The user sees a 404, indicating the map does not exist or the user does not have permission to access it.
-
Error scenario:
- The user attempts to forge a request that would modify a map to which he has only read access.
- The user sees a 403, indicating that the user does not have the required permissions for this operation.
-
Postcondition:
- The user is shown the map he clicked on and is able to view and perform interactions according to the access matrix above.
-
Non-functional Constraints:
- The authorization process should be invisible to the users unless an error occurs.
Leftovers
- Collaborators being members is currently not checked.