Use Case: Access Control

Summary

• Scope: Map Editor
• Level: User Goal
• Actors: User
• Brief: User is restricted to access their own maps.
• Status: Current
• Assignee: Justus
• Criticality: System Critical

Scenarios

• Precondition:

  • The user is logged in and wants to open a map.

• Main success scenario:

  • The user is able to open their maps.

• Error scenario:

  • The user attempts to open a map he should not have access to by entering map IDs in the URL.
  • The user sees a 404, indicating the map does not exist (even if it might exist).

• Postcondition:

  • The user is shown the map he clicked on and is able to view and interact with it.

• Non-functional Constraints:

  • Users should not have to deal or see anything related to authentication themselves, only error messages saying the map they access is private.
  • For maps they do have access to, this authorization check should be done in the background and not show anything to the user.

Development Progress

• Frontend done (404 is handled), backend missing

Leftovers

• None

Links

• #480

Notes

• TODO: include info table from issue #480