Logo: Relish

  1. Sign in

Project: Dblgbc

Security - Permissions and Roles

Digital Bible Library participants
In order to abide by rules of copyright and workflow
Can belong to one or more groups of users (roles)
And, depending on those memberships, perform only certain operations
And, depending on those memberships, see only certain things

Scenarios
Recognize different roles
Given
that I am logged in as an administrator
And
that there is an organization called "nbs1" based in "Antartica"
When
I assign a user the specific role "role"
Then
they will be part of generic class "role_class"
And
they we be able to do "operation"
Examples: Global Administrator
role role_class operation
/role/administrator Global Administrator create global administrator
/role/administrator Global Administrator create global librarian
/role/administrator Global Administrator create global publisher
Examples: Global Librarian
role role_class operation
/role/librarian Global Librarian create organization
/role/librarian Global Librarian create organizational administrator
/role/librarian Global Librarian create organizational archivist
/role/librarian Global Librarian create organizational licenser
/role/librarian Global Librarian create organizational publisher
/role/librarian Global Librarian create organizational rebrander
/role/librarian Global Librarian search the whole library
/role/librarian Global Librarian associate entries with organizations
Examples: Global Publisher
role role_class operation
/role/publisher Global Publisher create API key
/role/publisher Global Publisher download data for entries licensed to them
Examples: Organizational Administrator
role role_class operation
/org/aq/administrator Organizational Administrator create organizational Administrator
/org/aq/administrator Organizational Administrator create organizational archivist
/org/aq/administrator Organizational Administrator create organizational licenser
/org/aq/administrator Organizational Administrator create organizational publisher
/org/aq/administrator Organizational Administrator create organizational rebrander
Examples: Organizational Archivist
role role_class operation
/org/aq/archivist Organizational Archivist see content belonging to /org/aq/pbs
/org/aq/archivist Organizational Archivist upload data for a new entry for that org
/org/aq/archivist Organizational Archivist upload revised data for an existing entry
/org/aq/archivist Organizational Archivist upload revised metadata for an existing entry
Examples: Organizational Licenser
role role_class operation
/org/aq/licenser Organizational Licenser see content belonging to /org/aq/pbs
/org/aq/licenser Organizational Licenser grant licenses content belonging to /org/aq/pbs to any /org/aq/publisher
/org/aq/licenser Organizational Licenser grant licenses content belonging to /org/aq/pbs to any Global Publisher
Examples: Organizational Publisher
role role_class operation
/org/aq/publisher Organizational Publisher create API key
/org/aq/publisher Organizational Publisher download data for entries licensed to them
/org/aq/publisher Organizational Publisher can see entries they have licenses to
/org/aq/publisher Organizational Publisher cannot see entries they don't have licenses to
Developer Permissions Relaxed in Dev environment
Given
that I am logged in as a developer
When
we are running in development mode
Then
I can make myself a member of any group
And
I can remove myself from any group
Every user is owned by a single organization
Given
a user doesn't exist
When
that user is created
Then
they belong to a single "owning" organization

Last published over 6 years ago by bradobro.