-
Notifications
You must be signed in to change notification settings - Fork 7
EQ Author Permissions Model
rmccar edited this page Jan 8, 2019
·
17 revisions
List of users
| Id | Name |
|---|---|
| 1 | Sam |
| 2 | Rich |
List of questionnaires
| Id | Name |
|---|---|
| 1 | OPN |
| 2 | UKIS |
List of roles
| Id | Name | Read | Write | Delete | Publish |
|---|---|---|---|---|---|
| 1 | Owner | Y | Y | Y | Y |
| 2 | Reader | Y | N | N | N |
| 3 | Writer | Y | Y | N | N |
| 4 | Publisher | Y | Y | N | Y |
This is the table that says what permissions a user has on each questionnaire by virtue of their role.
| Questionnaire Id | User Id | Role Id |
|---|---|---|
| 1 | 1 | 1 |
| 1 | 2 | 3 |
- Work out what questionnaire is being fetched by the query.
- Get the current user Id from the token.
- Look up the role of the user on the questionnaire.
- If the user has no roles defined we should favour privacy return an error.
- If the user has a role defined.
- Check that the role has questionnaire read permission by looking up in questionnaire permissions table.
- If the role has read permissions continue with the request.
- If the role does not have read permissions return an error.