Restrict User Profile Privileges

[joshdbarton]

As the Tabloid application owner I would like the privileges of users throughout the system to be restricted based on their user type so that unauthorized users cannot corrupt, delete or view data in the system.

The privileges of each user type are listed below:

NOTE: Implementing the features outlined in this story will require updating some existing functionality in the system.

NOTE: The dev team may find it useful to break this story into smaller stories in order to facilitate assigning tasks to team members and keeping track of the work.

NOTE: Some of the privileges listed below refer to features that are further down in this backlog. When those future stories are worked, please refer back to this story for a description of the privileges.

NOTE: The order of privileges is does not indicate their priority.

Unauthenticated users can...

• Register for an account
• Login to the system

Authors can...

• Login to the system
• Logout of the system
• View any active and published Posts
• View any Posts they have created
• Comment on a Post
• Edit Comments they created
• Delete Comments they created
• Add a Reaction to a Post
• Remove a Reaction from a Post
• Subscribe to a different User's Posts
• Unsubscribe from a user's Posts
• Write a new Post
• Publish a Post they have created
• Unpublish a Post they have created
• Edit a Post they have created
• Delete a Post they have created
• Add Tags to a Post they have created
• Remove Tags from a Post they have created
• Upload a Profile image
• Upload a Post Header image

Admins can...

• Do all the things Author users can do
• View any User Profile
• Deactivate a User Profile
• Change a User Profile's user type
• Add a Category
• Edit a Category
• Remove a Category
• Add a Tag
• Edit a Tag
• Remove a Tag
• Add a Reaction to the system
• Edit a Reaction in the system
• Remove a Reaction from the system
• Upload a Reaction image
• Delete any Post
• Delete any Comment

[hcrudge]

45 min