Permissions

These are the defined Permissions in Cryptopus

The Permissions are defined by the Development Team of Cryptopus.

There are 3 Roles in general, Admins, Conf Admins and normal Users.

Pundit gem

To implement the Permissions into Cryptopus, we used Pundit.

Every Model has it's associated Policy. In this, the Permissions are set.

Team Related

Cryptopus has private and non private Teams. The difference is just that Admins are added automatically to non private Teams.

Most permissions are Teammember dependant

Team

	Admin	Conf Admin	User	Teammember
Create Team	X	X	X
Update Team	X			X
Delete Team	X	(X)		(X)
Add Teammember	X		X	X
Remove Teammember	X			X
Add Group	X		X
Remove Group	X			X
Index All	X	X		X
List Members	X	X		X

                         ↳ Only if Team non private

Teammembers

Users belong to Teams, which consist of Groups, Groups consist of Accounts, and Accounts can have Items.

Only Teammembers can create, edit or delete the Groups, Accounts or Items of a Team.

	Group	Account	Item
Create	X	X	X
Update	X	X	X
Delete	X	X	X
Move		X

Admin

	Admin	Conf Admin	User
Change Password	X	X
Change own Password	X	X	X
Change LDAP Password	X	X	X
Update Settings	X	X
Send Recrypt Requests	X
Send own Recrypt Requests	X		X
Recieve Recrypt Requests	X
Handle Recrypt Requests	X
Prepare MT	X	X
Excecute MT	X	X
New Root Password MT	X	X
Removed LDAP Users MT	X	X

*MT = Maintenance Task

Other Permissions

Manage Users

	Admin	Conf Admin
Create User	X	*
Delete User	X	*NA
Edit Firstname	X	*NA
Edit Lastname	X	*NA
Edit Username	X
Edit Password	X
Make Conf Admin	X
Make Admin	X	X
Unlock	X	X

*NA = only if selected User is not Admin

* same as above and User whose LDAP has been deleted

Manage API Users

Every User can create their own Api Users. For them you have the Following Permissions:

Allowed Actions
Index
Renew Token
Delete API User
Lock
Unlock

*To access this Page you need to be a User::Human