Skip to content

Permissions

Jump to bottom Edit New page
Luca Brügger edited this page Apr 28, 2020 · 63 revisions

These are the defined Permissions in Cryptopus

The Permissions are defined by the Development Team of Cryptopus.

There are 3 Roles in general, Admins, Conf Admins and normal Users.

Admins are automatically Teammembers of non private Teams.

Pundit gem

To implement the Permissions into Cryptopus, we used Pundit.

Every Model has it's associated Policy. In this, the Permissions are set.

Team Related

Most permissions are Teammember dependant

Team

Admin Conf Admin User Teammember
Create Team X X X
Update Team X X
Delete Team X (X) (X)
Add Teammember X X X
Remove Teammember X X
Add Group X X
Remove Group X X
Index All X X X
List Members X X X 
                         ↳ Only if Team non private

Teammembers

Group Account Item
Create X X X
Update X X X
Delete X X X
Move X

Admin

Admin Conf Admin User
Change Password X X
Change own Password X X X
Change LDAP Password X X X
Update Settings X X
Send Recrypt Requests X
Send own Recrypt Requests X X
Recieve Recrypt Requests X
Handle Recrypt Requests X
Prepare MT X X
Excecute MT X X
New Root Password MT X X
Removed LDAP Users MT X X

*MT = Maintenance Task

Other Permissions

Manage Users

Admin Conf Admin
Create User X *
Delete User X *NA
Edit Firstname X *NA
Edit Lastname X *NA
Edit Username X
Edit Password X
Make Conf Admin X
Make Admin X X
Unlock X X

*NA = only if selected User is not Admin

* same as above and User whose LDAP has been deleted

Manage API Users

Admin Conf Admin User Own API User
Index X X X
Renew Token X
Delete API User X
Lock X
Unlock X

*To access this Page you need to be a User::Human

*Own API User = API User created by one of the above Roles - needs to be API User of the User which created him, else is no access granted.

Add a custom footer
Add a custom sidebar
Clone this wiki locally