search

abergs / mstest

0 stars 0 forks source link

UserCase Booking #22

Open joakim-hagglund opened 9 years ago

joakim-hagglund commented 9 years ago

Scenario: A user logs in to Caspeco Mobile and loads a booking.

  1. User goes to mobile.
  2. Enters username & password
  3. Client sends credentials (username & password) to ID-service /auth/CaspecoID
  4. ID-Service checks credentials against DB.
    1. ID-Service returns Access_token
    2. User can now use Access_token to perform actions with global permissions.
    3. Client fetches system metadata (/systems/me) for the systems that Access_token gives access to.
    4. Marc returns list of system metadata
    5. User selects a system
  5. Client/User can now use the Access_token + systemname to make system specific requests.
  6. Client requests /bookingMeta

  7. Look on permissions, return meta that user has permissions for. 

    {
   bookingUnits: {
       0: {
           name: "a",
           showTableMap: true
       },
       1: {
           name: "b",
           showTableMap: false
       },
       3: {
           name: "c",
           showTableMap: true
       }
   }
}
  8. Client requests a list of bookings from Marc GET /bookings?units=0,1,3&date=x
  9. Marc checks permissions against the units in the request.
joakim-hagglund commented 9 years ago

Alternative method of system handling, set in request header or param instead of one access_token per system.

  1. User goes to mobile.
  2. Enters username & password
  3. Client sends credentials (username & password) to ID-service /auth/CaspecoID
  4. ID-Service checks credentials against DB.
  5. ID-Service returns Access_token
  6. User can now use Access_token to perform actions with global permissions.
  7. Client fetches system metadata (/systems/me) for the systems that Access_token gives access to
  8. Marc returns list of system metadata
  9. User selects a system
  10. Client requests /bookingMeta with SYSTEM header set to selected system

  11. Look on permissions, return meta that user has permissions for. 

    {
    bookingUnits: {
        0: {
            name: "a",
            showTableMap: true
        },
        1: {
            name: "b",
            showTableMap: false
        },
        3: {
            name: "c",
            showTableMap: true
        }
    }
}
  12. Client requests a list of bookings from Marc GET /bookings?units=0,1,3&date=x
  13. Marc checks permissions against the units in the request.