144 lines
8.6 KiB
Plaintext
144 lines
8.6 KiB
Plaintext
--
|
|
-- Accesss granted via tags; default is no accesss.
|
|
-- Permission must be explicitly granted.
|
|
--
|
|
-- Access permission is the disjunction of permit tags
|
|
-- Tags are split on "AND" to encode conjunction.
|
|
--
|
|
-- Note that nested routes automatically inherit all tags from the parent.
|
|
--
|
|
-- Admins always have access to entities within their assigned schools.
|
|
--
|
|
-- Access Tags:
|
|
-- !free -- free for all
|
|
-- !lecturer -- lecturer for this course (or for any school, if route is not connected to a course)
|
|
-- !corrector -- corrector for this sheet (or the submission, if route is connected to a submission, or the course, if route is not connected to a sheet, or any course, if route is not connected to a course)
|
|
-- !course-registered -- participant for this course (no effect outside of courses)
|
|
-- !tutorial-registered -- participant for this tutorial (no effect outside of courses)
|
|
-- !participant -- connected with a given course (not necessarily registered), i.e. has a submission, is a corrector, etc. (no effect outside of courses)
|
|
--
|
|
-- !register-group -- user is member in no other tutorial with same register group
|
|
--
|
|
-- !owner -- part of the group of owners of this submission
|
|
-- !self -- route refers to the currently logged in user themselves
|
|
-- !capacity -- course this route is associated with has at least one unit of participant capacity
|
|
-- !empty -- course this route is associated with has no participants whatsoever
|
|
--
|
|
-- !materials -- only if course allows all materials to be free (no meaning outside of courses)
|
|
-- !time -- access depends on time somehow
|
|
-- !read -- only if it is read-only access (i.e. GET but not POST)
|
|
-- !write -- only if it is write access (i.e. POST only, included for completeness)
|
|
--
|
|
-- !no-escalation --
|
|
-- !deprecated -- like free, but logs and gives a warning; entirely disabled in production
|
|
-- !development -- like free, but only for development builds
|
|
|
|
/static StaticR EmbeddedStatic appStatic !free
|
|
/auth AuthR Auth getAuth !free
|
|
|
|
/favicon.ico FaviconR GET !free
|
|
/robots.txt RobotsR GET !free
|
|
|
|
/ HomeR GET !free
|
|
/users UsersR GET -- no tags, i.e. admins only
|
|
/users/#CryptoUUIDUser AdminUserR GET POST
|
|
/users/#CryptoUUIDUser/delete AdminUserDeleteR POST
|
|
/users/#CryptoUUIDUser/hijack AdminHijackUserR POST !adminANDno-escalation
|
|
/users/#CryptoUUIDUser/notifications UserNotificationR GET POST !self
|
|
/admin AdminR GET
|
|
/admin/features AdminFeaturesR GET POST
|
|
/admin/test AdminTestR GET POST
|
|
/admin/errMsg AdminErrMsgR GET POST
|
|
|
|
/health HealthR GET !free
|
|
/instance InstanceR GET !free
|
|
/info InfoR GET !free
|
|
/info/lecturer InfoLecturerR GET !lecturer
|
|
/info/data DataProtR GET !free
|
|
/impressum ImpressumR GET !free
|
|
/version VersionR GET !free
|
|
|
|
/help HelpR GET POST !free
|
|
|
|
/user ProfileR GET POST !free
|
|
/user/profile ProfileDataR GET !free
|
|
/user/authpreds AuthPredsR GET POST !free
|
|
|
|
/term TermShowR GET !free
|
|
/term/current TermCurrentR GET !free
|
|
/term/edit TermEditR GET POST
|
|
/term/#TermId/edit TermEditExistR GET POST
|
|
!/term/#TermId TermCourseListR GET !free
|
|
!/term/#TermId/#SchoolId TermSchoolCourseListR GET !free
|
|
|
|
/school SchoolListR GET !development
|
|
/school/#SchoolId SchoolShowR GET !development
|
|
|
|
|
|
-- For Pattern Synonyms see Foundation
|
|
/course/ CourseListR GET !free
|
|
!/course/new CourseNewR GET POST !lecturer
|
|
/course/#TermId/#SchoolId/#CourseShorthand CourseR !lecturer:
|
|
/ CShowR GET !free
|
|
/register CRegisterR GET POST !timeANDcapacity
|
|
/edit CEditR GET POST
|
|
/lecturer-invite/#UserEmail CLecInviteR GET POST
|
|
/delete CDeleteR GET POST !lecturerANDempty
|
|
/users CUsersR GET POST
|
|
/users/#CryptoUUIDUser CUserR GET POST !lecturerANDparticipant
|
|
/correctors CHiWisR GET
|
|
/communication CCommR GET POST
|
|
/notes CNotesR GET POST !corrector
|
|
/subs CCorrectionsR GET POST
|
|
/ex SheetListR GET !course-registered !materials !corrector
|
|
/ex/new SheetNewR GET POST
|
|
/ex/current SheetCurrentR GET !course-registered !materials !corrector
|
|
/ex/unassigned SheetOldUnassigned GET
|
|
/ex/#SheetName SheetR:
|
|
/show SShowR GET !timeANDcourse-registered !timeANDmaterials !corrector
|
|
/edit SEditR GET POST
|
|
/delete SDelR GET POST
|
|
/subs SSubsR GET POST -- for lecturer only
|
|
!/subs/new SubmissionNewR GET POST !timeANDcourse-registeredANDuser-submissions
|
|
!/subs/own SubmissionOwnR GET !free -- just redirect
|
|
/subs/#CryptoFileNameSubmission SubmissionR:
|
|
/ SubShowR GET POST !ownerANDtime !ownerANDread !correctorANDread
|
|
/archive/#{ZIPArchiveName SubmissionFileType} SubArchiveR GET !owner !corrector
|
|
/delete SubDelR GET POST !ownerANDtime
|
|
/assign SAssignR GET POST !lecturerANDtime
|
|
/correction CorrectionR GET POST !corrector !ownerANDreadANDrated
|
|
!/#SubmissionFileType/*FilePath SubDownloadR GET !owner !corrector
|
|
/correctors SCorrR GET POST
|
|
/pseudonym SPseudonymR GET POST !course-registeredANDcorrector-submissions
|
|
/corrector-invite/#UserEmail SCorrInviteR GET POST
|
|
!/#SheetFileType/*FilePath SFileR GET !timeANDcourse-registered !timeANDmaterials !corrector
|
|
/file MaterialListR GET !course-registered !materials !corrector !tutor
|
|
/file/new MaterialNewR GET POST
|
|
/file/#MaterialName MaterialR:
|
|
/edit MEditR GET POST
|
|
/delete MDelR GET POST
|
|
/show MShowR GET !timeANDcourse-registered !timeANDmaterials !corrector !tutor
|
|
/load/*FilePath MFileR GET !timeANDcourse-registered !timeANDmaterials !corrector !tutor
|
|
/tuts CTutorialListR GET !tutor
|
|
/tuts/new CTutorialNewR GET POST
|
|
/tuts/#TutorialName TutorialR:
|
|
/edit TEditR GET POST
|
|
/delete TDeleteR GET POST
|
|
/participants TUsersR GET POST !tutor
|
|
/register TRegisterR POST !timeANDcapacityANDcourse-registeredANDregister-group !timeANDtutorial-registered
|
|
/communication TCommR GET POST !tutor
|
|
|
|
|
|
/subs CorrectionsR GET POST !corrector !lecturer
|
|
/subs/upload CorrectionsUploadR GET POST !corrector !lecturer
|
|
/subs/create CorrectionsCreateR GET POST !corrector !lecturer
|
|
/subs/grade CorrectionsGradeR GET POST !corrector !lecturer
|
|
|
|
|
|
/msgs MessageListR GET POST
|
|
/msg/#{CryptoUUIDSystemMessage} MessageR GET POST !timeANDreadANDauthentication
|
|
|
|
|
|
!/#UUID CryptoUUIDDispatchR GET !free -- just redirect
|
|
-- !/*{CI FilePath} CryptoFileNameDispatchR GET !free -- Disabled until preliminary check for valid cID exists
|