From 7fe091b1ffeb4c22c513adef8e25533830688c69 Mon Sep 17 00:00:00 2001 From: SJost Date: Thu, 14 Mar 2019 18:04:32 +0100 Subject: [PATCH] DSGV model descriptions: user --- RoleDescriptions.txt | 42 +++++++++++++++++++ models/users | 97 ++++++++++++++++++++++++-------------------- 2 files changed, 96 insertions(+), 43 deletions(-) create mode 100644 RoleDescriptions.txt diff --git a/RoleDescriptions.txt b/RoleDescriptions.txt new file mode 100644 index 000000000..4f7be843f --- /dev/null +++ b/RoleDescriptions.txt @@ -0,0 +1,42 @@ +Most roles are school dependent, i.e. a lecturer for the Math-department can only create new lectures that have Math-department in their school field. + + +Administrator for a school +- top-level rights, can access everything other roles can within the same school +- restrictions only apply to routes containing a different school; then no special rights are given +- may appoint further administrators and lecturers for his school +- all school-independent routes, such as help-requests and user-list are accessible +- can impersonate any other user with lesser rights, i.e. lecturers within same school, all students, etc. +- a user can be administrator for more than one school + + +Lecturer for a school +- can create courses for their school for all active terms +- can view participants of his courses and record notes for participants +- can create sheets for their courses +- can view homework submissions for his courses, including marks and plain user-names +- can mark homework +- may appoint correctors for sheets belonging to his courses +- may assign submitted homework to correctors +- a user can be lecturer for more than one school +- all rights correctors for his courses have + + +Corrector for a sheet +- may download their assigned anonymous homework submissions (submissions are identify through crypto-ids, no user-names) +- may upload corrected and marked homework submissions for their assignments +- may always download solution and sheet description files for their sheet, ignoring deadline constraints + + +User (logged-in) +- all logged-in users may use this role +- no special school restrictions +- may enrol in courses from any school +- may submit homework for marking in enrolled courses +- all rights that not logged-in users have + + +User (not logged-in) +- can view course descriptions +- can download course materials from courses that allow this for all un-enrolled users +- can requests help from administrators \ No newline at end of file diff --git a/models/users b/models/users index 60909e42c..7e5a86465 100644 --- a/models/users +++ b/models/users @@ -1,53 +1,64 @@ --- Some comments needes -User json - ident (CI Text) - authentication AuthenticationMode - lastAuthentication UTCTime Maybe - matrikelnummer Text Maybe - email (CI Text) - displayName Text -- we always show the LDAP displayName only, but highlight the LDAP surname within (or appended if not contained) - surname Text -- Name displayed through 'nameWidget displayName surname' which highlights surname within displayName - maxFavourites Int default=12 -- Number of last used course names to be remembered for quick links for convenience - theme Theme default='Default' - dateTimeFormat DateTimeFormat "default='%a %d %b %Y %R'" - dateFormat DateTimeFormat "default='%d.%m.%Y'" - timeFormat DateTimeFormat "default='%R'" - downloadFiles Bool default=false -- Files should be opened in browser or downloaded - mailLanguages MailLanguages default='[]' - notificationSettings NotificationSettings -- Bit-array for which events email notification is requested by user - UniqueAuthentication ident - UniqueEmail email - deriving Show Eq Generic -UserAdmin +-- The files in /models determine the database scheme. +-- The organisational split into several files has no operational effects. +-- White-space and case matters: Each SQL table is named in 1st column of this file +-- Indendent lower-case lines describe the SQL-columns of the table with name, type and options +-- Nullable columns have "Maybe" written after their type +-- Option "default=xyz" is only used for database migrations due to changes in the SQL-schema, also see Model.Migration +-- Indendent upper-case lines usually impose Uniqueness constraints for rows by some columns. +-- Each table will also have an column storing a unique numeric row key, unless there is a row Primary columnname +-- +User Json -- Each Uni2work user has a corresponding row in this table; created upon first login. + ident (CI Text) -- Case-insensitive user-identifier + authentication AuthenticationMode -- 'AuthLDAP' or ('AuthPWHash'+password-hash) + lastAuthentication UTCTime Maybe -- last login date + matrikelnummer Text Maybe -- optional immatriculation-string; usually a number, but not always (e.g. lecturers, pupils, guests,...) + email (CI Text) -- Case-insensitive eMail address + displayName Text -- we only show LDAP-DisplayName, and highlight LDAP-Surname within (appended if not contained) + surname Text -- Display user names always through 'nameWidget displayName surname' + maxFavourites Int default=12 -- Number of last used course names to be remembered for quick links for convenience + theme Theme default='Default' -- Color-theme of the frontend, chosen by user + dateTimeFormat DateTimeFormat "default='%a %d %b %Y %R'" -- preferred Date+Time display format for user + dateFormat DateTimeFormat "default='%d.%m.%Y'" -- preferred Date-only display format for user + timeFormat DateTimeFormat "default='%R'" -- preferred Time-only display format for user + downloadFiles Bool default=false -- Should files be opened in browser or downloaded? (users often oblivious that their browser has a setting for this) + mailLanguages MailLanguages default='[]' -- Preferred language for eMail; i18n not yet implemented + notificationSettings NotificationSettings -- Bit-array for which events email notifications are requested by user + UniqueAuthentication ident -- Column 'ident' can be used as a row-key in this table + UniqueEmail email -- Column 'email' can be used as a row-key in this table + deriving Show Eq Generic -- Haskell-specific settings for runtime-value representing a row in memory +UserAdmin -- Each row in this table grants school-specific administrator-rights to a specific user user UserId school SchoolId - UniqueUserAdmin user school -UserLecturer + UniqueUserAdmin user school -- combination of user+school must be unique, i.e. no duplicate rows +UserLecturer -- Each row in this table grants school-specific lecturer-rights to a specific user user UserId school SchoolId - UniqueSchoolLecturer user school -StudyFeatures -- Abschluss, Studiengang, Haupt/Nebenfachh und Fachsemester + UniqueSchoolLecturer user school -- combination of user+school must be unique, i.e. no duplicate rows +StudyFeatures -- multiple entries possible for students pursuing several degrees at once, usually created upon LDAP login user UserId - degree StudyDegreeId - field StudyTermsId - type StudyFieldType + degree StudyDegreeId -- Abschluss, i.e. Master, Bachelor, etc. + field StudyTermsId -- Fach, i.e. Informatics, Philosophy, etc. + type StudyFieldType -- Major or minor, i.e. Haupt-/Nebenfach semester Int - updated UTCTime default='NOW()' -- zuletzt als gültig gesehen - valid Bool default=true + updated UTCTime default='NOW()' -- last update from LDAP + valid Bool default=true -- marked as active in LDAP (students may switch, but LDAP never forgets) UniqueStudyFeatures user degree field type semester -- UniqueUserSubject ubuser degree field -- There exists a counterexample StudyDegree -- Studienabschluss - key Int - shorthand Text Maybe - name Text Maybe - Primary key + key Int -- LMU-internal key + shorthand Text Maybe -- admin determined shorthand + name Text Maybe -- description given by LDAP + Primary key -- column key is used as actual DB row key StudyTerms -- Studiengang - key Int - shorthand Text Maybe - name Text Maybe - Primary key -StudyTermCandidate - incidence UUID --random id per login to associate matching pairs - key Int - name Text - deriving Show Eq Ord \ No newline at end of file + key Int -- LMU-internal key + shorthand Text Maybe -- admin determined shorthand + name Text Maybe -- description given by LDAP + Primary key -- column key is used as actual DB row key +StudyTermCandidate -- No one at LMU is willing and able to tell us the meaning of the keys for StudyDegrees and StudyTerms. + -- Each LDAP login provides an unordered set of keys and an unordered set of plain text description with an unknown 1-1 correspondence. + -- This table helps us to infer which key belongs to which plain text by recording possible combinations at login. + -- If a login provides n keys and n plan texts, then n^2 rows with the same incidence are created, storing all combinations + incidence UUID -- random id, generated once per login to associate matching pairs + key Int -- a possible key for the studyTermName + name Text -- studyTermName as plain text from LDAP + deriving Show Eq Ord