search

motionbank / piecemaker2-api

An api at the core of piecemaker
7 stars 0 forks source link

super_admin auth change #92

Closed mattes closed 10 years ago

mattes commented 10 years ago

^^

mattes commented 10 years ago

should we add a new relation from users to user_roles? so table users would have a key like user_role_id.

otherwise we don't have any way to distinguish between roles/rights for user routes IF we remove the :super_admin_only part.

mattes commented 10 years ago

authorize! :get_my_event_groups, User get "/" #/api/v1/groups in api/event_groups.rb:16 returns all event_groups for currently logged in user

authorize! :get_all_event_groups, User get "/all" #/api/v1/groups/all in api/event_groups.rb:27 returns really all event_groups

authorize! :create_new_event, @event_group post "/:id/event" #/api/v1/group/:id/event in api/event_groups.rb:56 creates and returns new event and event_fields

authorize! :create_new_event_group, User post "/" #/api/v1/group in api/event_groups.rb:95 create new event_group (together with user_has_event_groups record)

authorize! :get_event_group, @event_group get "/:id" #/api/v1/group/:id in api/event_groups.rb:126 returns event_group with id

authorize! :update_event_group, @event_group put "/:id" #/api/v1/group/:id in api/event_groups.rb:147 updates event_group with id

authorize! :delete_event_group, @event_group delete "/:id" #/api/v1/group/:id in api/event_groups.rb:168 deletes event_group with id

authorize! :get_events, @event_group get "/:id/events" #/api/v1/group/:id/events in api/event_groups.rb:194 returns all events (filter options are connected with AND)

authorize! :get_users_for_event_group, @event_group get "/:id/users" #/api/v1/group/:id/users in api/event_groups.rb:288 returns all users for event_group with id

authorize! :add_user_to_event_group, @event_group post "/:event_group_id/user/:user_id" in api/event_groups.rb:310 adds a user to an event_group

authorize! :update_users_attributes_for_event_group, @event_group put "/:event_group_id/user/:user_id" in api/event_groups.rb:348 updates attributes for user <-> event_group relation

authorize! :delete_user_in_event_group, @event_group delete "/:event_group_id/user/:user_id" in api/event_groups.rb:386 deletes a user from an event_group

authorize! :get_events, @event get "/:id" #/api/v1/event/:id in api/events.rb:23 returns event with id

authorize! :update_event, @event put "/:id" #/api/v1/event/:id in api/events.rb:48 updates an event with id

authorize! :delete_event, @event delete "/:id" #/api/v1/event/:id in api/events.rb:110 deletes event with id

authorize! :get_roles, User get "/" #/api/v1/roles in api/user_roles.rb:16 get all user roles

authorize! # no further permission here! ;-) post "/logout" #/api/v1/user/logout in api/users.rb:45 Log out user. (logged in user only)

authorize! :create_new_user, User post "/" #/api/v1/user in api/users.rb:68 Creates new user.

authorize! :get_user, User get "/:id" #/api/v1/user/:id in api/users.rb:118 returns user for id (logged in user only)

authorize! :update_user, User put "/:id" #/api/v1/user/:id in api/users.rb:144 updates user with id

authorize! :delete_user, User delete "/:id" #/api/v1/user/:id in api/users.rb:188 deletes user with id

authorize! :get_event_groups_for_user, User get "/:id/groups" #/api/v1/user/:id/groups in api/users.rb:206 returns all event_groups for user with id

authorize! :get_users, User get "/" #/api/v1/users in api/users.rb:234 Returns all users.

mattes commented 10 years ago

lots of tests have been updated. lots with just find & replace. hopefully, everything still works.