Permissions
| Role | Description |
|---|---|
| Administrator | Administrator of the dex platform |
| Pr User | Public relation user. e.g. someone who takes care of the communication for Fontys, these people need to be able to highlight projects and create embeds |
| Registered User | A normal user |
| Guest | Someone who is not logged in |
| Data Officer | Someone who is able to retrieve and delete personal data from someone else on the same institution |
| Alumni | Someone who is graduated. This account is converted from registered to alumni. |
| Permission | Roles | |||||
|---|---|---|---|---|---|---|
| Administrator | PrUser (public relations) | RegisteredUser | Guest | Data Officer | Alumni | |
| EmbedRead | x | x | x | x | x | |
| EmbedWrite | x | x | x | x | ||
| HighlightRead | x | x | x | x | x | |
| HighlightWrite | x | |||||
| ProjectWrite | x | x | x | x | ||
| UserWrite | x | x | x | x | x | |
| UserRead | x | x | x | x | x | |
| RoleRead | x | |||||
| RoleWrite | x | |||||
| HighlightRead | x | x | x | x | x | |
| HighlightWrite | x | |||||
| EmbedRead | x | x | x | x | x | |
| EmbedWrite | x | |||||
| FileWrite | x | |||||
| InstitutionUserRead | x | |||||
| InstitutionUserWrite | x | |||||
| InstitutionProjectWrite | x | |||||
| InstitutionEmbedWrite | x | |||||
| InstitutionRead | x | |||||
| InstitutionWrite | x | |||||
| CallToActionOptionWrite | x | |||||
| Endpoint | Required scope | Particulatirity |
|---|---|---|
| GetAllEmbeddedProjects | The user needs scope: EmbedRead to reach the endpoint. | |
| GetEmbeddedProject | ||
| CreateEmbeddedProject | The user should be at least registered to reach the endpoint (Role: RegisteredUser) | |
| DeleteEmbeddedProject | The user should be at least registered to reach the endpoint (Role: RegisteredUser) | The endpoint checks if the user is the owner of the embedded project or has Scope: EmbedWrite and/or should have scope: InstitutionEmbedWrite and have the same institution. |
| GetFilesAsync | The user should be at least registered to reach the endpoint (Role: RegisteredUser) | |
| UploadSingleFile | The user should be at least registered to reach the endpoint (Role: RegisteredUser) | |
| GetSingleFile | ||
| DeleteSingleFile | The user should be at least registered to reach the endpoint (Role: RegisteredUser) | The endpoint checks if the user is the owner of the file or has scope: FileWrite |
| GetAllHighlights | ||
| GetHighlight | ||
| GetHighlightsByProjectId | The user needs scope: HighlightRead to reach the endpoint. | |
| CreateHighlight | The user needs scope: HighlightWrite to reach the endpoint. | |
| UpdateHighlight | The user needs scope: HighlightWrite to reach the endpoint. | |
| DeleteHighlight | The user needs scope: HighlightWrite to reach the endpoint. | |
| GetAllProjects | ||
| GetProject | ||
| CreateProjectAsync | The user should be at least registered to reach the endpoint (Role: RegisteredUser) | |
| UpdateProject | The user should be at least registered to reach the endpoint (Role: RegisteredUser) | The endpoint checks if the user is the owner of the project and/or the user has scope: ProjectWrite |
| DeleteProject | The user should be at least registered to reach the endpoint (Role: RegisteredUser) | The endpoint checks if the user is the owner of the project and/or the user has scope: ProjectWrite and/or should have scope: InstitutionProjectWrite and have the same institution |
| GetAllRoles | The user needs scope: RoleRead to reach the endpoint. | |
| GetAllPossibleScopes | The user needs scope: RoleRead to reach the endpoint. | |
| GetRole | The user needs scope: RoleRead to reach the endpoint. | |
| CreateRoleAsync | The user needs scope: RoleWrite to reach the endpoint. | |
| UpdateRole | The user needs scope: RoleWrite to reach the endpoint. | |
| DeleteRole | The user needs scope: RoleWrite to reach the endpoint. | If the user has role: Adminsitrator or RegisteredUser he/she is not authorized. |
| DeleteRole | The user needs scope: RoleWrite to reach the endpoint. | Scopes within Role.RegisteredUser or Role.Administrator can not be deleted. |
| SetRole | The user needs scope: RoleWrite to reach the endpoint. | Scopes within Role.RegisteredUser or Role.Administrator can not be deleted. |
| SearchInternalProjects | ||
| GetCurrentUser | The user should be at least registered to reach the endpoint (Role: RegisteredUser) | |
| GetUser | The user should be at least registered to reach the endpoint (Role: RegisteredUser) | Or should have scope: InstitutionUserRead and have the same institution |
| CreateAccountAsync | The user should have scope UserWrite to reach the endpoint | |
| UpdateAccount | The user should be at least registered to reach the endpoint (Role: RegisteredUser) | The user should be owner of the account and/or have scope: UserWrite |
| DeleteAccount | The user should be at least registered to reach the endpoint (Role: RegisteredUser) | The user should be owner of the account and/or have scope: UserWrite and/or should have scope: InstitutionUserWrite and have the same institution |
| GetAllInstitutions | The user should have scope InstitutionRead to reach the endpoint (Role: Administrator) | |
| GetInstitution | The user should have scope InstitutionRead to reach the endpoint (Role: Administrator) | |
| CreateInstitution | The user should have scope InstitutionWrite to reach the endpoint (Role: Administrator) | |
| UpdateInstitution | The user should have scope InstitutionWrite to reach the endpoint (Role: Administrator) | |
| DeleteInstitution | The user should have scope InstitutionWrite to reach the endpoint (Role: Administrator) | |
| GetAllCallToActionOptions | The user should be at least registered to reach the endpoint (Role: RegisteredUser) | |
| GetAllCallToActionOptionsFromType | The user should be at least registered to reach the endpoint (Role: RegisteredUser) | |
| GetOptionById | The user should be at least registered to reach the endpoint (Role: RegisteredUser) | |
| CreateCallToActionOption | The user should have scope CallToActionOptionWrite to reach the endpoint | |
| UpdateCallToActionOption | The user should have scope CallToActionOptionWrite to reach the endpoint | |
| DeleteCallToActionOption | The user should have scope CallToActionOptionWrite to reach the endpoint |
