Skip to content

Rights

Jump to bottom Edit New page
eric-basley edited this page May 31, 2016 · 7 revisions

Timetrack's rights

client's side rights are implemented in ./src/client/auth/<entity>.js and ./src/client/routes/<entity>.js

server's side in src/server/rights and locally in controlers code.

One can access timetrack only with access role and a registered email

Companies

  • create: users with roles (means auths.roles and routes.authRoles)
  • edit: users with roles can edit companies except tenant ones only editable by admin
  • delete: users with roles and targeted company should not have workers and missions. A tenant company can only be deleted by an admin
  • view/list : everybody

People

  • create: users with roles
  • edit: users with roles can edit companies except worker ones only editable by admin
  • delete: users with roles and targeted person should not have missions and events. A worker can only be deleted by an admin
  • view/list : everybody

Missions

  • create: admin role
  • delete/edit: admin role and mission is closed
  • view/list : everybody

Notes

  • create: everybody on all entities
  • edit/delete: admin and author
  • view/list : everybody, except private notes limited to admin

Events

  • create: everybody, only with status === 'toBeValidated'
  • edit: a locked event cannot be edited ; if user is admin or manager of the user for event's mission or the event's worker
  • delete: admin if status != locked, user or manager if status == 'toBaValidated'
  • view/list : everybody
Add a custom footer
Add a custom sidebar
Clone this wiki locally