Last active
January 2, 2016 16:59
-
-
Save subhashb/8333764 to your computer and use it in GitHub Desktop.
Course Access Specs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Courses | |
| GET /courses/:id | |
| when accessing an archived course | |
| as a superadmin | |
| responds with 403 | |
| as a publisher | |
| responds with 403 | |
| as an admin | |
| responds with 403 | |
| as a learner | |
| responds with 403 | |
| when accessing an active course | |
| as a superadmin | |
| responds with 200 | |
| as a publisher | |
| responds with 200 for a course published in his security zone | |
| responds with 403 for a course published outside his security zone | |
| responds with 200 for a course published as public | |
| responds with 200 for a course targeted to his group | |
| responds with 403 for a course NOT targeted to his group | |
| responds with 200 for another publishers course | |
| responds with 200 for own course | |
| responds with 403 for a course NOT targeted to him | |
| responds with 200 for a course targeted to him | |
| responds with 200 for a course published outside his security zone, if he himself is not part of a security zone | |
| as an admin | |
| responds with 200 | |
| as a learner | |
| responds with 200 for a course published outside his security zone, if he himself is not part of a security zone | |
| responds with 403 for a course NOT targeted to his group | |
| responds with 403 for a course NOT targeted to him | |
| responds with 200 for a course published as public | |
| responds with 200 for a course targeted to him | |
| responds with 200 for a course published in his security zone | |
| responds with 403 for a course published outside his security zone | |
| responds with 200 for a course targeted to his group | |
| when accessing a draft course | |
| as a superadmin | |
| responds with 200 | |
| as a publisher | |
| responds with 403 for another publishers course | |
| responds with 200 for own course | |
| as an admin | |
| responds with 200 | |
| as a learner | |
| responds with 403 | |
| POST /courses | |
| when creating a course | |
| as a superadmin | |
| responds with 201 | |
| as a publisher | |
| responds with 201 | |
| as an admin | |
| responds with 201 | |
| as a learner | |
| responds with 403 | |
| PUT /courses/:id | |
| when updating an archived course | |
| as a superadmin | |
| responds with 403 | |
| as a publisher | |
| responds with 403 | |
| as an admin | |
| responds with 403 | |
| as a learner | |
| responds with 403 | |
| when updating an active course | |
| as a superadmin | |
| responds with 200 | |
| as a publisher | |
| responds with 403 for another publishers course | |
| responds with 200 for own course | |
| as an admin | |
| responds with 200 | |
| as a learner | |
| responds with 403 | |
| when updating a draft course | |
| as a superadmin | |
| responds with 200 | |
| as a publisher | |
| responds with 403 for another publishers course | |
| responds with 200 for own course | |
| as an admin | |
| responds with 200 | |
| as a learner | |
| responds with 403 | |
| DELETE /courses/:id | |
| when deleting an active course | |
| as a superadmin | |
| responds with 204 | |
| as a publisher | |
| responds with 403 for another publishers course | |
| responds with 204 for own course | |
| as an admin | |
| responds with 204 | |
| as a learner | |
| responds with 403 | |
| when deleting an archived course | |
| as a superadmin | |
| responds with 403 | |
| as a publisher | |
| responds with 403 | |
| as an admin | |
| responds with 403 | |
| as a learner | |
| responds with 403 | |
| when deleting a draft course | |
| as a superadmin | |
| responds with 204 | |
| as a publisher | |
| responds with 403 for another publishers course | |
| responds with 204 for own course | |
| as an admin | |
| responds with 204 | |
| as a learner | |
| responds with 403 |
Tom,
Added specs for the conditions you have mentioned above. Please check if any other condition is missing in the mix.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Subhash,
this is fine as far as it goes, but it does not take into account access restrictions. Publishers can only access courses which they have created, or are targeted to them, or targeted to a group of which they are a member, or which has been published as public. Learners can only access courses targeted to them, or target to a group of which they are a member, or which has been published as public.
Security zones provide additional restrictions. If a publisher is in a security zone, only other publishers and learners in that security zone can see courses he publishes, based on the access restrictions noted above.