duckbytes
commented
2 years ago Looking at what permissions should be allowed for users when looking at an individual task.
At the moment I have something working with these checks:
- is the user an admin and view set to ALL? Full access to make edits.
- Is the user a coordinator and has the view set to ALL or COORDINATOR? Full access to make edits.
- Is the user assigned as a coordinator and has the view set to ALL or COORDINATOR? Full access to make edits.
- Is the user a coordinator and has the view set to RIDER? No access.
- Is the user assigned as a coordinator and has the view set to RIDER? Full access to make edits.
- Is the user only a rider (no coordinator role for that user) and not assigned to the task? No access.
- Is the user assigned as a rider? Access to Actions panel only (set time picked up, etc.)
We could also go with the simpler:
- is the user an admin and view set to ALL or COORDINATOR? Full access.
- is the user assigned as a coordinator? Full access.
- is the user assigned as a rider? Access to Actions panel only.
- Otherwise no access.
This means if a coord was looking at a task not assigned to them, they would need to assign themselves as a coordinator (or rider) to make changes.
There's also no restriction on writing comments or assigning users to a task (except someone without the appropriate role can't be assigned, i.e. a rider can't assign themselves as a coordinator unless they have the coordinator role, but could assign themselves as a rider).
For demonstration: Full access.
Rider access:
No access:
@PaulFreewheelersEVS can you have a look please and let me know what you think?
PaulFreewheelersEVS
The task overview should only allow certain actions for someone that is assigned to it as a rider compared to a coordinator.
The rider should only be able to update items under the Actions panel.
The React Context feature may be good for this so that checks don't need to be made in each component.
https://reactjs.org/docs/context.html