--
--  Accesss granted via tags; default is no accesss.
--  Permission must be explicitly granted.
--
--  Access permission is the disjunction of permit tags
--  Tags are split on "AND" to encode conjunction.
--
--  Note that nested routes automatically inherit all tags from the parent.
--
--  Admins always have access to entities within their assigned schools.
--
--  Access Tags:
--    !free           -- free for all
--    !lecturer       -- lecturer    for this course (or for any school, if route is not connected to a course)
--    !corrector      -- corrector   for this sheet  (or the submission, if route is connected to a submission, or the course, if route is not connected to a sheet, or any course, if route is not connected to a course)
--    !course-registered     -- participant for this course (no effect outside of courses)
--    !tutorial-registered   -- participant for this tutorial (no effect outside of courses)
--    !participant    -- connected with a given course (not necessarily registered), i.e. has a submission, is a corrector, etc. (no effect outside of courses)
--
--    !register-group -- user is member in no other tutorial with same register group
--
--    !owner          -- part of the group of owners of this submission
--    !self           -- route refers to the currently logged in user themselves
--    !capacity       -- course this route is associated with has at least one unit of participant capacity
--    !empty          -- course this route is associated with has no participants whatsoever
--
--    !is-ldap        -- user has authentication mode set to LDAP
--    !is-pw-hash     -- user has authentication mode set to PWHash
--
--    !materials      -- only if course allows all materials to be free (no meaning outside of courses)
--    !time           -- access depends on time somehow
--    !read           -- only if it is read-only access (i.e. GET but not POST)
--    !write          -- only if it is write access     (i.e. POST only, included for completeness)
--
--    !no-escalation  --
--    !deprecated     -- like free, but logs and gives a warning; entirely disabled in production
--    !development    -- like free, but only for development builds

/static StaticR EmbeddedStatic appStatic                      !free
/auth   AuthR   Auth   getAuth                                !free

/metrics     MetricsR GET

/                             NewsR            GET            !free
/users                        UsersR           GET POST       -- no tags, i.e. admins only
/users/#CryptoUUIDUser        AdminUserR       GET POST
/users/#CryptoUUIDUser/delete AdminUserDeleteR     POST
/users/#CryptoUUIDUser/hijack AdminHijackUserR     POST       !adminANDno-escalation
/users/#CryptoUUIDUser/notifications UserNotificationR GET POST   !self
/users/#CryptoUUIDUser/password      UserPasswordR     GET POST   !selfANDis-pw-hash
!/users/functionary-invite/new AdminNewFunctionaryInviteR  GET POST
!/users/functionary-invite     AdminFunctionaryInviteR     GET POST
!/users/add                   AdminUserAddR    GET POST
/admin                        AdminR           GET
/admin/features               AdminFeaturesR   GET POST
/admin/test                   AdminTestR       GET POST
/admin/errMsg                 AdminErrMsgR     GET POST
/admin/tokens                 AdminTokensR     GET POST
/admin/crontab                AdminCrontabR    GET

/health                       HealthR          GET             !free
/instance                     InstanceR        GET             !free
/info                         InfoR            GET             !free
/info/lecturer                InfoLecturerR    GET             !free
/info/legal                   LegalR           GET             !free
/info/allocation              InfoAllocationR  GET             !free
/info/glossary                GlossaryR        GET             !free
/info/faq                     FaqR             GET             !free
/version                      VersionR         GET             !free

/help                         HelpR            GET POST        !free

/user                      ProfileR            GET POST        !free
/user/profile              ProfileDataR        GET             !free
/user/authpreds            AuthPredsR          GET POST        !free
/user/set-display-email    SetDisplayEmailR    GET POST        !free
/user/csv-options          CsvOptionsR         GET POST        !free
/user/lang                 LangR                   POST        !free
/user/storage-key          StorageKeyR             POST        !free

/exam-office               ExamOfficeR                         !exam-office:
  /                        EOExamsR            GET             !system-exam-office
  /fields                  EOFieldsR           GET POST
  /users                   EOUsersR            GET POST        !system-exam-office
  /users/invite            EOUsersInviteR      GET POST        !system-exam-office

/external-exam             EExamListR          GET             !lecturer !¬empty
/external-exam/new         EExamNewR           GET POST        !lecturer
/external-exam/#TermId/#SchoolId/#CourseName/#ExamName EExamR  !lecturer:
  /                        EEShowR             GET             !exam-office !exam-result
  /edit                    EEEditR             GET POST
  /users                   EEUsersR            GET POST
  /grades                  EEGradesR           GET POST        !exam-office
  /staff-invite            EEStaffInviteR      GET POST
  /correct                 EECorrectR          GET POST
  

/term                      TermShowR           GET             !free
/term/current              TermCurrentR        GET             !free
/term/edit                 TermEditR           GET POST
/term/#TermId/edit         TermEditExistR      GET POST
!/term/#TermId             TermCourseListR     GET             !free
!/term/#TermId/#SchoolId   TermSchoolCourseListR  GET          !free

/school                    SchoolListR         GET
!/school/new               SchoolNewR          GET POST
/school/#SchoolId          SchoolR:
  /                        SchoolEditR         GET POST

/allocation/               AllocationListR     GET             !free
/allocation/#TermId/#SchoolId/#AllocationShorthand AllocationR:
  /                                              AShowR         GET             !free
  /register                                      ARegisterR         POST        !time
  /course/#CryptoUUIDCourse/apply                AApplyR            POST        !timeANDallocation-registered
  /users                                         AUsersR        GET POST        !allocation-admin
  /priorities                                    APriosR        GET POST        !allocation-admin
  /compute                                       AComputeR      GET POST        !allocation-admin
  /accept                                        AAcceptR       GET POST        !allocation-admin

/participants                   ParticipantsListR GET            !evaluation
/participants/#TermId/#SchoolId ParticipantsR     GET            !evaluation
/participants/intersect         ParticipantsIntersectR GET POST  !evaluation


-- For Pattern Synonyms see Foundation
/course/                    CourseListR        GET             !free
!/course/new                CourseNewR         GET POST        !lecturer
/course/#TermId/#SchoolId/#CourseShorthand CourseR             !lecturer:
  /                           CShowR           GET             !tutor !corrector !exam-corrector !course-registered !course-time !evaluation !exam-office !allocation-admin
  /favourite                  CFavouriteR          POST
  /register                   CRegisterR       GET POST        !timeANDcapacityANDallocation-timeAND¬course-registeredANDcourse-time !timeANDallocation-timeAND¬exam-resultANDcourse-registered !lecturerANDallocation-time
  /register-template          CRegisterTemplateR GET           !course-time
  /edit                       CEditR           GET POST
  /lecturer-invite            CLecInviteR      GET POST
  /delete                     CDeleteR         GET POST        !lecturerANDemptyANDallocation-time
  /users                      CUsersR          GET POST
  !/users/new                 CAddUserR        GET POST        !lecturerANDallocation-time
  !/users/invite              CInviteR         GET POST
  /users/#CryptoUUIDUser      CUserR           GET POST        !lecturerANDparticipant !lecturerANDapplicant
  /correctors                 CHiWisR          GET
  /communication              CCommR           GET POST
  /notes                      CNotesR          GET POST        !corrector -- THIS route is used to check for overall course corrector access!
  /exam-office                CExamOfficeR     GET POST        !course-registered
  /subs                       CCorrectionsR    GET POST
  /subs/assigned              CAssignR         GET POST
  /sheet                      SheetListR       GET             !course-registered !materialsANDcourse-time !corrector !tutor
  /sheet/new                  SheetNewR        GET POST
  /sheet/current              SheetCurrentR    GET             !course-registered !materialsANDcourse-time !corrector !tutor
  /sheet/unassigned           SheetOldUnassignedR  GET
  /sheet/#SheetName SheetR:
    /show                       SShowR         GET             !timeANDcourse-registered !timeANDmaterialsANDcourse-time !corrector !timeANDtutor
    /show/download              SArchiveR      GET             !timeANDcourse-registeredANDexam-registered !timeANDmaterialsANDexam-registeredANDcourse-time !corrector !timeANDtutor
    /edit                       SEditR         GET POST
    /delete                     SDelR          GET POST
    /subs                       SSubsR         GET POST        -- for lecturer only
    !/subs/new                  SubmissionNewR GET POST        !timeANDcourse-registeredANDuser-submissionsANDsubmission-groupANDexam-registeredANDpersonalised-sheet-files
    !/subs/own                  SubmissionOwnR GET             !free
    !/subs/assign               SAssignR       GET POST        !lecturerANDtime
    /subs/#CryptoFileNameSubmission SubmissionR:
      /                         SubShowR       GET POST        !ownerANDtimeANDuser-submissionsANDsubmission-groupANDexam-registeredANDpersonalised-sheet-files !ownerANDread !correctorANDread
      /delete                   SubDelR        GET POST        !ownerANDtimeANDuser-submissionsANDexam-registeredANDpersonalised-sheet-files
      /assign                   SubAssignR     GET POST        !lecturerANDtime
      /correction               CorrectionR    GET POST        !corrector !ownerANDreadANDrated
      /invite                   SInviteR       GET POST        !ownerANDtimeANDuser-submissionsANDsubmission-groupANDexam-registeredANDpersonalised-sheet-files
      !/#SubmissionFileType     SubArchiveR    GET             !owner !corrector
      !/#SubmissionFileType/*FilePath SubDownloadR  GET        !owner !corrector
    /iscorrector                SIsCorrR       GET             !corrector -- Route is used to check for corrector access to this sheet
    /pseudonym                  SPseudonymR    GET POST        !course-registeredANDcorrector-submissionsANDexam-registered
    /corrector-invite/          SCorrInviteR   GET POST
    /personalised-files         SPersonalFilesR GET
    !/#SheetFileType            SZipR          GET             !timeANDcourse-registeredANDexam-registered !timeANDmaterialsANDexam-registered !corrector !timeANDtutor
    !/#SheetFileType/*FilePath  SFileR         GET             !timeANDcourse-registeredANDexam-registered !timeANDmaterialsANDexam-registered !corrector !timeANDtutor
  /file                          MaterialListR GET             !course-registered !materialsANDcourse-time !corrector !tutor
  /file/new                      MaterialNewR  GET POST
  /file/#MaterialName MaterialR:
    /edit                       MEditR         GET POST
    /delete                     MDelR          GET POST
    /show                       MShowR         GET             !timeANDcourse-registered !timeANDmaterialsANDcourse-time !corrector !tutor
    !/download                  MArchiveR      GET             !timeANDcourse-registered !timeANDmaterialsANDcourse-time !corrector !tutor
    !/download/*FilePath        MFileR         GET             !timeANDcourse-registered !timeANDmaterialsANDcourse-time !corrector !tutor
  /tuts                         CTutorialListR GET             !tutor -- THIS route is used to check for overall course tutor access!
  /tuts/new                     CTutorialNewR  GET POST
  /tuts/#TutorialName TutorialR:
    /edit                     TEditR           GET POST        !tutorANDtutor-control
    /delete                   TDeleteR         GET POST
    /participants             TUsersR          GET POST        !tutor
    /register                 TRegisterR           POST        !timeANDcapacityANDcourse-registeredANDregister-group !timeANDtutorial-registered
    /communication            TCommR           GET POST        !tutor
    /tutor-invite             TInviteR         GET POST        !tutorANDtutor-control
  /exams                        CExamListR     GET             !tutor !corrector !exam-corrector !course-registered !course-time !exam-office
  /exams/new                    CExamNewR      GET POST
  /exams/#ExamName ExamR:
    /show                       EShowR         GET             !timeANDtutor !timeANDcorrector !timeANDexam-corrector !timeANDcourse-registered !timeANDcourse-time !exam-office
    /edit                       EEditR         GET POST
    /corrector-invite           ECInviteR      GET POST
    /users                      EUsersR        GET POST
    /users/new                  EAddUserR      GET POST
    /users/invite               EInviteR       GET POST
    /register                   ERegisterR         POST        !timeANDcourse-registeredAND¬exam-registered !timeANDexam-registeredAND¬exam-result
    /register/#ExamOccurrenceName ERegisterOccR    POST        !exam-occurrence-registrationANDtimeANDcapacityANDcourse-registeredAND¬exam-occurrence-registered !exam-occurrence-registrationANDtimeANDexam-occurrence-registeredAND¬exam-result
    /grades                     EGradesR       GET POST        !exam-office
    /assign-occurrences         EAutoOccurrenceR   POST
    /correct                    ECorrectR      GET POST        !exam-correctorANDtime
  /apps                         CApplicationsR GET POST
  !/apps/files                  CAppsFilesR    GET
  /apps/#CryptoFileNameCourseApplication CourseApplicationR:
    /                           CAEditR        GET POST        !timeANDself !lecturerANDstaff-time !selfANDread
    /files                      CAFilesR       GET             !self !lecturerANDstaff-time
  !/news/add                    CNewsNewR      GET POST
  /news/#CryptoUUIDCourseNews CourseNewsR:
    /                           CNShowR        GET             !timeANDparticipant
    /edit                       CNEditR        GET POST
    /delete                     CNDeleteR      GET POST
    !/download                  CNArchiveR     GET             !timeANDparticipant
    !/download/*FilePath        CNFileR        GET             !timeANDparticipant
  !/events/add                  CEventsNewR    GET POST
  /events/#CryptoUUIDCourseEvent CourseEventR:
    /edit                       CEvEditR       GET POST
    /delete                     CEvDeleteR     GET POST
  /personalised-sheet-files     CPersonalFilesR GET


/subs          CorrectionsR          GET POST !corrector !lecturer
/subs/upload   CorrectionsUploadR    GET POST !corrector !lecturer
/subs/create   CorrectionsCreateR    GET POST !corrector !lecturer
/subs/grade    CorrectionsGradeR     GET POST !corrector !lecturer
/subs/download CorrectionsDownloadR  GET      !corrector !lecturer


/msgs                                MessageListR  GET POST
/msg/#{CryptoUUIDSystemMessage}      MessageR      GET POST        !timeANDreadANDauthentication
/msg/#{CryptoUUIDSystemMessage}/hide MessageHideR      POST        !timeANDauthentication

!/#UUID CryptoUUIDDispatchR GET                               !free -- just redirect
-- !/*{CI FilePath} CryptoFileNameDispatchR GET                  !free -- Disabled until preliminary check for valid cID exists

!/*WellKnownFileName WellKnownR GET !free
