Skip to content

Permissions Model

Jump to bottom
Varun Patil edited this page Oct 24, 2018 · 13 revisions

Permissions are implemented using roles. Each role is granted certain permissions and multiple users may satisfy a role, and a user may satisfy multiple roles.

For example, the role WnCC Convener may be satisfied by five people, and the role would be granted permission to create events for the body WnCC. At the same time, two of them may also be a Mood Indigo Hospitality Co-ordinator, which may grant permissions to the MI-Hospi body etc.

Role

There are two types of roles:

  1. Body Role - A role that directly grants permissions to a body. These include:

    1. AddE - Add an event for the body.
    2. UpdE - Update an event for the body. This permission is required to associate an existing event with the body.
    3. DelE - Delete an event which is associated with the body.
    4. UpdB - Update the body's details.
    5. Role - Create, update and delete roles for the body. Updating includes assigning roles to users.

    This role is explicitly bound to a body. If the bodies associated with an event is being edited, the user must have the appropriate permissions to delete events for the bodies dissociating and add-event and update permissions for the new bodies to be associated. Updating an event (including adding new bodies) requires the UpdE permission on at least one of the associated bodies.

  2. Institute Role - An institute wide role that grants major permissions to the user. There are:

    1. AddB - Create a new body.
    2. DelB - Destroy a body.
    3. BodyChild - (WIP) Create, modify and remove BodyChildRelations.
    4. Location - (WIP) Special location permissions
    5. Role - (TODO) Create, modify and remove Institute Roles. Updating includes assigning institute roles to users.
    6. RoleB - Create, modify and remove roles for all bodies. This is necessary since the user will have no permissions over a newly created body. To create roles in the body, this permission is required.

Note: Institute Roles are extra functionality not yet in active use at insti.app

A user may satisfy multiple institute and body roles simultaneously. Roles of a user are returned in the user's profile. To assign rules to users, update the role to include the user's ids. This would require the appropriate Role permission.

Inheritance

Roles may be inherited to child bodies, by setting the inheritable flag on the role to true. This gives the user the permissions granted on the body by the role to all children of the body as well. For example, if Tech@IITB has the child body WnCC, and the role GSTA on Tech@IITB is marked inheritable, then all permissions granted to the role would be applicable on WnCC as well. If the body InstiApp is a child of WnCC, then the permissions would further be applicable on this body as well. If the role is not marked inheritable, it would be applicable only on the body it is for, i.e. Tech@IITB.

InstiApp is not endorsed or supported, in any way, by the Indian Institute of Technology, Bombay.

Clone this wiki locally