293 lines
19 KiB
Plaintext
293 lines
19 KiB
Plaintext
-- SPDX-FileCopyrightText: 2022 Gregor Kleen <gregor.kleen@ifi.lmu.de>,Sarah Vaupel <sarah.vaupel@ifi.lmu.de>,Steffen Jost <jost@tcs.ifi.lmu.de>,Wolfgang Witt <Wolfgang.Witt@campus.lmu.de>
|
|
--
|
|
-- SPDX-License-Identifier: AGPL-3.0-or-later
|
|
|
|
--
|
|
-- Accesss granted via tags; default is no accesss.
|
|
-- Permission must be explicitly granted.
|
|
--
|
|
-- Access permission is the disjunction of permit tags
|
|
-- Tags are split on "AND" to encode conjunction.
|
|
--
|
|
-- Note that nested routes automatically inherit all tags from the parent.
|
|
--
|
|
-- Admins always have access to entities within their assigned schools.
|
|
--
|
|
-- Access tags are defined in Model.Types.Security
|
|
--
|
|
-- Access Tags:
|
|
-- !free -- free for all
|
|
-- !lecturer -- lecturer for this course (or for any school, if route is not connected to a course)
|
|
-- !corrector -- corrector for this sheet (or the submission, if route is connected to a submission, or the course, if route is not connected to a sheet, or any course, if route is not connected to a course)
|
|
-- !course-registered -- participant for this course (no effect outside of courses)
|
|
-- !tutorial-registered -- participant for this tutorial (no effect outside of courses)
|
|
-- !participant -- connected with a given course (not necessarily registered), i.e. has a submission, is a corrector, etc. (no effect outside of courses)
|
|
--
|
|
-- !register-group -- user is member in no other tutorial with same register group
|
|
--
|
|
-- !owner -- part of the group of owners of this submission
|
|
-- !self -- route refers to the currently logged in user themselves
|
|
-- !capacity -- course this route is associated with has at least one unit of participant capacity
|
|
-- !empty -- course this route is associated with has no participants whatsoever
|
|
--
|
|
-- !is-ldap -- user has authentication mode set to LDAP
|
|
-- !is-pw-hash -- user has authentication mode set to PWHash
|
|
--
|
|
-- !materials -- only if course allows all materials to be free (no meaning outside of courses)
|
|
-- !time -- access depends on time somehow
|
|
-- !read -- only if it is read-only access (i.e. GET but not POST)
|
|
-- !write -- only if it is write access (i.e. POST only, included for completeness)
|
|
--
|
|
-- !token -- requires bearer token
|
|
-- !no-escalation --
|
|
-- !deprecated -- like free, but logs and gives a warning; entirely disabled in production
|
|
-- !development -- like free, but only for development builds
|
|
|
|
/static StaticR EmbeddedStatic appStatic !free
|
|
/auth AuthR Auth getAuth !free
|
|
|
|
/metrics MetricsR GET !free -- verify if this can be free
|
|
|
|
/err ErrorR GET !free
|
|
|
|
/ NewsR GET !free
|
|
/users UsersR GET POST -- no tags, i.e. admins only
|
|
/users/#CryptoUUIDUser AdminUserR GET POST
|
|
/users/#CryptoUUIDUser/delete AdminUserDeleteR POST
|
|
/users/#CryptoUUIDUser/hijack AdminHijackUserR POST !adminANDno-escalation
|
|
/users/#CryptoUUIDUser/notifications UserNotificationR GET POST !self
|
|
/users/#CryptoUUIDUser/password UserPasswordR GET POST !selfANDis-pw-hash
|
|
!/users/functionary-invite/new AdminNewFunctionaryInviteR GET POST
|
|
!/users/functionary-invite AdminFunctionaryInviteR GET POST
|
|
!/users/add AdminUserAddR GET POST
|
|
/admin AdminR GET
|
|
/admin/test AdminTestR GET POST
|
|
/admin/test/pdf AdminTestPdfR GET
|
|
/admin/errMsg AdminErrMsgR GET POST
|
|
/admin/tokens AdminTokensR GET POST
|
|
/admin/crontab AdminCrontabR GET
|
|
/admin/crontab/jobs AdminJobsR GET POST
|
|
/admin/avs AdminAvsR GET POST
|
|
/admin/avs/#CryptoUUIDUser AdminAvsUserR GET
|
|
/admin/ldap AdminLdapR GET POST
|
|
/admin/problems AdminProblemsR GET
|
|
/admin/problems/no-contact ProblemUnreachableR GET
|
|
/admin/problems/no-avs-id ProblemWithoutAvsId GET
|
|
/admin/problems/r-without-f ProblemFbutNoR GET
|
|
/admin/problems/avs ProblemAvsSynchR GET POST
|
|
|
|
/print PrintCenterR GET POST !system-printer
|
|
/print/acknowledge/#Day/#Int/#Int PrintAckR GET POST !system-printer
|
|
/print/acknowledge/direct PrintAckDirectR POST !system-printer
|
|
/print/send PrintSendR GET POST
|
|
/print/download/#CryptoUUIDPrintJob PrintDownloadR GET !system-printer
|
|
|
|
/health HealthR GET !free
|
|
/instance InstanceR GET !free
|
|
/info InfoR GET !free
|
|
/info/lecturer InfoLecturerR GET !free
|
|
/info/supervisor InfoSupervisorR GET !free
|
|
/info/legal LegalR GET !free
|
|
/info/glossary GlossaryR GET !free
|
|
/info/faq FaqR GET !free
|
|
/info/terms-of-use TermsOfUseR GET !free
|
|
/info/payments PaymentsR GET !free
|
|
/imprint ImprintR GET !free
|
|
/data-protection DataProtectionR GET !free
|
|
/version VersionR GET !free
|
|
/status StatusR GET !free
|
|
|
|
/help HelpR GET POST !free
|
|
|
|
/external-apis ExternalApisR ServantApiExternalApis getServantApi
|
|
|
|
/user ProfileR GET POST !free
|
|
/user/profile ProfileDataR GET !free
|
|
/user/authpreds AuthPredsR GET POST !free
|
|
/user/set-display-email SetDisplayEmailR GET POST !free
|
|
/user/csv-options CsvOptionsR GET POST !free
|
|
/user/lang LangR POST !free
|
|
/user/storage-key StorageKeyR POST !free
|
|
|
|
/for/#CryptoUUIDUser/user ForProfileR GET POST !supervisor !self
|
|
/for/#CryptoUUIDUser/user/profile ForProfileDataR GET !supervisor !self
|
|
|
|
|
|
/exam-office ExamOfficeR !exam-office:
|
|
/ EOExamsR GET POST !system-exam-office
|
|
/fields EOFieldsR GET POST
|
|
/users EOUsersR GET POST !system-exam-office
|
|
/users/invite EOUsersInviteR GET POST !system-exam-office
|
|
|
|
/external-exam EExamListR GET !lecturer !¬empty
|
|
/external-exam/new EExamNewR GET POST !lecturer
|
|
/external-exam/#TermId/#SchoolId/#CourseName/#ExamName EExamR !lecturer:
|
|
/ EEShowR GET !exam-office !exam-result
|
|
/edit EEEditR GET POST
|
|
/users EEUsersR GET POST
|
|
/grades EEGradesR GET POST !exam-office
|
|
/staff-invite EEStaffInviteR GET POST
|
|
/correct EECorrectR GET POST
|
|
|
|
|
|
/term TermShowR GET !free
|
|
/term/current TermCurrentR GET !free
|
|
/term/edit TermEditR GET POST
|
|
/term/#TermId/edit TermEditExistR GET POST
|
|
!/term/#TermId TermCourseListR GET !free
|
|
!/term/#TermId/#SchoolId TermSchoolCourseListR GET !free
|
|
|
|
|
|
/school SchoolListR GET
|
|
!/school/new SchoolNewR GET POST
|
|
/school/#SchoolId SchoolR:
|
|
/ SchoolEditR GET POST
|
|
|
|
|
|
/participants ParticipantsListR GET !evaluation
|
|
/participants/#TermId/#SchoolId ParticipantsR GET !evaluation
|
|
/participants/intersect ParticipantsIntersectR GET POST !evaluation
|
|
|
|
|
|
-- For Pattern Synonyms see Foundation
|
|
/course/ CourseListR GET !free
|
|
!/course/new CourseNewR GET POST !lecturer
|
|
/course/#TermId/#SchoolId/#CourseShorthand CourseR !lecturer:
|
|
/ CShowR GET !tutor !corrector !exam-corrector !course-registered !course-time !evaluation !exam-office
|
|
/favourite CFavouriteR GET POST !free
|
|
/register CRegisterR GET POST !timeANDcapacityAND¬course-registeredANDcourse-time !timeAND¬exam-resultANDcourse-registered !lecturer
|
|
/edit CEditR GET POST
|
|
/lecturer-invite CLecInviteR GET POST
|
|
/delete CDeleteR GET POST !lecturerANDempty
|
|
/users CUsersR GET POST
|
|
!/users/new CAddUserR GET POST !lecturer
|
|
/users/#CryptoUUIDUser CUserR GET POST !lecturerANDparticipant !lecturer
|
|
/correctors CHiWisR GET
|
|
/communication CCommR GET POST
|
|
/notes CNotesR GET POST !corrector -- THIS route is used to check for overall course corrector access!
|
|
/exam-office CExamOfficeR GET POST !course-registered
|
|
/subs CCorrectionsR GET POST
|
|
/subs/assigned CAssignR GET POST
|
|
/sheet SheetListR GET !course-registered !materialsANDcourse-time !corrector !tutor
|
|
/sheet/new SheetNewR GET POST
|
|
/sheet/current SheetCurrentR GET !course-registered !materialsANDcourse-time !corrector !tutor
|
|
/sheet/unassigned SheetOldUnassignedR GET
|
|
/sheet/#SheetName SheetR:
|
|
/show SShowR GET !timeANDcourse-registered !timeANDmaterialsANDcourse-time !corrector !timeANDtutor
|
|
/show/download SArchiveR GET !timeANDcourse-registeredANDexam-registered !timeANDmaterialsANDexam-registeredANDcourse-time !corrector !timeANDtutor
|
|
/edit SEditR GET POST
|
|
/delete SDelR GET POST
|
|
/subs SSubsR GET POST -- for lecturer only
|
|
!/subs/new SubmissionNewR GET POST !timeANDcourse-registeredANDuser-submissionsANDsubmission-groupANDexam-registeredANDpersonalised-sheet-files
|
|
!/subs/own SubmissionOwnR GET !free
|
|
!/subs/assign SAssignR GET POST !lecturerANDtime
|
|
/subs/#CryptoFileNameSubmission SubmissionR:
|
|
/ SubShowR GET POST !ownerANDtimeANDuser-submissionsANDsubmission-groupANDexam-registeredANDpersonalised-sheet-files !ownerANDread !correctorANDread
|
|
/delete SubDelR GET POST !ownerANDtimeANDuser-submissionsANDexam-registeredANDpersonalised-sheet-files
|
|
/assign SubAssignR GET POST !lecturerANDtime
|
|
/correction CorrectionR GET POST !corrector !ownerANDreadANDratedANDexam-time
|
|
/invite SInviteR GET POST !ownerANDtimeANDuser-submissionsANDsubmission-groupANDexam-registeredANDpersonalised-sheet-files
|
|
/authorship-statements SubAuthorshipStatementsR GET !owner !correctorAND¬correction-anonymous
|
|
!/#SubmissionFileType SubArchiveR GET !owner !corrector
|
|
!/#SubmissionFileType/*FilePath SubDownloadR GET !owner !corrector
|
|
/iscorrector SIsCorrR GET !corrector -- Route is used to check for corrector access to this sheet
|
|
/pseudonym SPseudonymR GET POST !course-registeredANDcorrector-submissionsANDexam-registered
|
|
/corrector-invite/ SCorrInviteR GET POST
|
|
/personalised-files SPersonalFilesR GET
|
|
!/#SheetFileType SZipR GET !timeANDcourse-registeredANDexam-registered !timeANDmaterialsANDexam-registered !corrector !timeANDtutor
|
|
!/#SheetFileType/*FilePath SFileR GET !timeANDcourse-registeredANDexam-registered !timeANDmaterialsANDexam-registered !corrector !timeANDtutor
|
|
/file MaterialListR GET !course-registered !materialsANDcourse-time !corrector !tutor
|
|
/file/new MaterialNewR GET POST
|
|
/file/#MaterialName MaterialR:
|
|
/edit MEditR GET POST
|
|
/delete MDelR GET POST
|
|
/show MShowR GET !timeANDcourse-registered !timeANDmaterialsANDcourse-time !corrector !tutor
|
|
!/download MArchiveR GET !timeANDcourse-registered !timeANDmaterialsANDcourse-time !corrector !tutor
|
|
!/download/*FilePath MFileR GET !timeANDcourse-registered !timeANDmaterialsANDcourse-time !corrector !tutor
|
|
/video/#CryptoUUIDMaterialFile MVideoR GET !timeANDcourse-registered !timeANDmaterialsANDcourse-time !corrector !tutor
|
|
/tuts CTutorialListR GET !tutor -- THIS route is used to check for overall course tutor access!
|
|
/tuts/new CTutorialNewR GET POST
|
|
/tuts/#TutorialName TutorialR:
|
|
/edit TEditR GET POST !tutorANDtutor-control
|
|
/delete TDeleteR GET POST
|
|
/participants TUsersR GET POST !tutor
|
|
/participants/add TAddUserR GET POST !tutor
|
|
/register TRegisterR POST !timeANDcapacityANDcourse-registeredANDregister-group !timeANDtutorial-registered
|
|
/communication TCommR GET POST !tutor
|
|
/tutor-invite TInviteR GET POST !tutorANDtutor-control
|
|
/exams CExamListR GET !tutor !corrector !exam-corrector !course-registered !course-time !exam-office
|
|
/exams/new CExamNewR GET POST
|
|
/exams/#ExamName ExamR:
|
|
/show EShowR GET !timeANDtutor !timeANDcorrector !timeANDexam-corrector !timeANDcourse-registered !timeANDcourse-time !exam-office
|
|
/edit EEditR GET POST
|
|
/corrector-invite ECInviteR GET POST
|
|
/users EUsersR GET POST
|
|
/users/new EAddUserR GET POST
|
|
/users/invite EInviteR GET POST
|
|
/register ERegisterR POST !timeANDcourse-registeredAND¬exam-registered !timeANDexam-registeredAND¬exam-result
|
|
/register/#ExamOccurrenceName ERegisterOccR POST !exam-occurrence-registrationANDtimeANDcapacityANDcourse-registeredAND¬exam-occurrence-registered !exam-occurrence-registrationANDtimeANDexam-occurrence-registeredAND¬exam-result
|
|
/grades EGradesR GET POST !exam-office
|
|
/assign-occurrences EAutoOccurrenceR POST
|
|
/correct ECorrectR GET POST !exam-correctorANDtime
|
|
!/news/add CNewsNewR GET POST
|
|
/news/#CryptoUUIDCourseNews CourseNewsR:
|
|
/ CNShowR GET !timeANDparticipant
|
|
/edit CNEditR GET POST
|
|
/delete CNDeleteR GET POST
|
|
!/download CNArchiveR GET !timeANDparticipant
|
|
!/download/*FilePath CNFileR GET !timeANDparticipant
|
|
!/events/add CEventsNewR GET POST
|
|
/events/#CryptoUUIDCourseEvent CourseEventR:
|
|
/edit CEvEditR GET POST
|
|
/delete CEvDeleteR GET POST
|
|
/personalised-sheet-files CPersonalFilesR GET
|
|
|
|
|
|
/subs CorrectionsR GET POST !corrector !lecturer
|
|
/subs/upload CorrectionsUploadR GET POST !corrector !lecturer
|
|
/subs/create CorrectionsCreateR GET POST !corrector !lecturer
|
|
/subs/grade CorrectionsGradeR GET POST !corrector !lecturer
|
|
/subs/download CorrectionsDownloadR GET !corrector !lecturer
|
|
|
|
|
|
/msgs MessageListR GET POST
|
|
/msg/#{CryptoUUIDSystemMessage} MessageR GET POST !timeANDreadANDauthentication
|
|
/msg/#{CryptoUUIDSystemMessage}/hide MessageHideR POST !timeANDauthentication
|
|
|
|
|
|
/upload UploadR PUT !free
|
|
|
|
|
|
!/#UUID CryptoUUIDDispatchR GET !free -- just redirect
|
|
-- !/*{CI FilePath} CryptoFileNameDispatchR GET !free -- Disabled until preliminary check for valid cID exists
|
|
|
|
/qualification QualificationAllR GET !free
|
|
/qualification/#SchoolId QualificationSchoolR GET !free
|
|
/qualification/#SchoolId/#QualificationShorthand QualificationR GET POST !free
|
|
/qualifications/sap/direct QualificationSAPDirectR GET -- !token -- SAP EXPORT -- TODO reinstate token requirement
|
|
-- /qualification/CryptoUUIDUser/ -- maybe distingquish via URL
|
|
|
|
-- LMS
|
|
/lms LmsAllR GET POST
|
|
/lms/#SchoolId LmsSchoolR GET
|
|
/lms/#SchoolId/#QualificationShorthand LmsR GET POST
|
|
/lms/#SchoolId/#QualificationShorthand/edit LmsEditR GET POST
|
|
/lms/#SchoolId/#QualificationShorthand/users LmsUsersR GET
|
|
/lms/#SchoolId/#QualificationShorthand/users/direct LmsUsersDirectR GET !token -- LMS
|
|
/lms/#SchoolId/#QualificationShorthand/userlist LmsUserlistR GET POST
|
|
/lms/#SchoolId/#QualificationShorthand/userlist/upload LmsUserlistUploadR GET POST !development
|
|
/lms/#SchoolId/#QualificationShorthand/userlist/direct LmsUserlistDirectR POST !token -- LMS
|
|
/lms/#SchoolId/#QualificationShorthand/result LmsResultR GET POST
|
|
/lms/#SchoolId/#QualificationShorthand/result/upload LmsResultUploadR GET POST !development
|
|
/lms/#SchoolId/#QualificationShorthand/result/direct LmsResultDirectR POST !token -- LMS
|
|
/lms/#SchoolId/#QualificationShorthand/ident/#LmsIdent LmsIdentR GET -- redirect to LmsR with filter-parameter
|
|
/lmsuser/#CryptoUUIDUser LmsUserR GET
|
|
|
|
|
|
|
|
/api ApiDocsR GET !free
|
|
/swagger SwaggerR GET !free
|
|
/swagger.json SwaggerJsonR GET !free
|
|
|
|
!/*WellKnownFileName WellKnownR GET !free
|