webwork3/conf/permissions.dist.yml at a23b877d4a5a90e0a9dd0b2a75adb41fe57d0f1e · openwebwork/webwork3 · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
---
# This file defines the default roles and permissions for webwork 3. If you wish to add or
# change any roles, copy this file to conf/permissions.yml and make changes.
# Whether or not you have made changes, run /bin/update_role_db.pl to load all roles
# in the database.

roles:
  - course_admin
  - instructor
  - ta
  - student

# This defines the permisions for each role for the backend/database.
#
# This hash has each of the Controllers (Logger, Permission, Course, ...) as a field
# and each action as a subfield.  For each Controller/action, there are three possibilities
#
# - authenticated: true      this route can be accessed by any user who has been authenticated.
# - admin_required: true     this route can only be accessed by a user with admin flag (no course role)
# - allow_self_access: true  this route can be accessed by a user matching the user_id
# - allowed_roles: Array     this route can be accessed by a user with a role in the given array.
#                            and '*' can be used for all roles.

db_permissions:
  Logger:
    clientLog:
      authenticated: true
  Permission:
    getRoles:
      authenticated: true
    getUIRoutePermissions:
      authenticated: true
    checkPermission:
      authenticated: true

  Course:
    getCourses:
      authenticated: true
    getCourse:
      authenticated: true
    updateCourse:
      admin_required: true
    addCourse:
      admin_required: true
    deleteCourse:
      admin_required: true
  User:
    getGlobalUsers:
      admin_required: true
    getGlobalUser:
      allow_self_access: true
    checkGlobalUser:
      allowed_roles: ['course_admin', 'instructor']
    updateGlobalUser:
      admin_required: true
    addGlobalUser:
      admin_required: true
    deleteGlobalUser:
      admin_required: true
    # The following actions are needed for instructors to handle global users
    getGlobalUsersFromCourse:
      allowed_roles: ['course_admin', 'instructor']
    getGlobalUserFromCourse:
      allowed_roles: ['course_admin', 'instructor']
    getUserCoursesFromCourse:
      allowed_roles: ['course_admin', 'instructor']
    updateGlobalUserFromCourse:
      allowed_roles: ['course_admin', 'instructor']
    addGlobalUserFromCourse:
      allowed_roles: ['course_admin', 'instructor']
    deleteGlobalUserFromCourse:
      allowed_roles: ['course_admin', 'instructor']
    getCourseUsers:
      allowed_roles: ['course_admin', 'instructor']
    getUserCourses:
      allow_self_access: true
      allowed_roles: ['course_admin', 'instructor']
    getGlobalCourseUsers:
      allowed_roles: ['course_admin', 'instructor']
    getCourseUser:
      allow_self_access: true
      allowed_roles: ['course_admin', 'instructor']
    addCourseUser:
      allowed_roles: ['course_admin', 'instructor']
    updateCourseUser:
      allowed_roles: ['course_admin', 'instructor']
    deleteCourseUser:
      allowed_roles: ['course_admin', 'instructor']
  ProblemSet:
    getProblemSets:
      allowed_roles: ['course_admin', 'instructor', 'student']
    getProblemSet:
      allowed_roles: ['course_admin', 'instructor']
    addProblemSet:
      allowed_roles: ['course_admin', 'instructor']
    updateProblemSet:
      allowed_roles: ['course_admin', 'instructor']
    deleteProblemSet:
      allowed_roles: ['course_admin', 'instructor']
    getAllUserSets:
      allowed_roles: ['course_admin', 'instructor']
    getUserSets:
      allow_self_access: true
      allowed_roles: ['course_admin', 'instructor']
    getUserSet:
      allow_self_access: true
      allowed_roles: ['course_admin', 'instructor']
    addUserSet:
      allowed_roles: ['course_admin', 'instructor']
    updateUserSet:
      allowed_roles: ['course_admin', 'instructor']
    deleteUserSet:
      allowed_roles: ['course_admin', 'instructor']
  Problem:
    getAllProblems:
      allowed_roles: ['course_admin', 'instructor', 'student']
    getProblem:
      allowed_roles: ['course_admin', 'instructor', 'student']
    addProblem:
      allowed_roles: ['course_admin', 'instructor']
    updateProblem:
      allowed_roles: ['course_admin', 'instructor']
    deleteProblem:
      allowed_roles: ['course_admin', 'instructor']

    # UserProblem Routes

    getUserProblemsForSet:
      allowed_roles: ['course_admin', 'instructor']
    getUserProblemsForUser:
      allowed_roles: ['course_admin', 'instructor']
      allow_self_access: true
    getUserProblem:
      allowed_roles: ['course_admin', 'instructor']
      allow_self_access: true
    addUserProblem:
      allowed_roles: ['course_admin', 'instructor']
    updateUserProblem:
      allowed_roles: ['course_admin', 'instructor']
      allow_self_access: true
    deleteUserProblem:
      allowed_roles: ['course_admin', 'instructor']

    # ProblemPool routes
    getProblemPools:
      allowed_roles: ['course_admin', 'instructor']
    getProblemPool:
      allowed_roles: ['course_admin', 'instructor']
    addProblemPool:
      allowed_roles: ['course_admin', 'instructor']
    updateProblemPool:
      allowed_roles: ['course_admin', 'instructor']
    deleteProblemPool:
      allowed_roles: ['course_admin', 'instructor']

    # PoolProblem routes
    getPoolProblems:
      allowed_roles: ['course_admin', 'instructor']
    getPoolProblem:
      allowed_roles: ['course_admin', 'instructor']
    addProblemToPool:
      allowed_roles: ['course_admin', 'instructor']
    updatePoolProblem:
      allowed_roles: ['course_admin', 'instructor']
    removePoolProblem:
      allowed_roles: ['course_admin', 'instructor']
  Settings:
    getDefaultCourseSettings:
      allowed_roles: ['*']
    getCourseSettings:
      allowed_roles: ['*']
    updateCourseSettings:
      allowed_roles: ['course_admin', 'instructor']

# This defines the permisions for each role for the frontend/UI layer.

# This object is a list of routes, followed by an array of roles allowed.

ui_permissions:
  /login:
    allowed_roles: ['*']
  /users/*/courses:
    allowed_roles: ['instructor', 'course_admin']
    allow_self_access: true
  /courses/*/instructor:
    allowed_roles: ['instructor', 'course_admin']
  /courses/*/student:
    allowed_roles: ['student', 'instructor', 'course_admin']
  /admin:
    admin_required: true