|
| 1 | +# Permissions Guide |
| 2 | + |
| 3 | +What kind of permissions we have, how they work and how to use them. |
| 4 | + |
| 5 | +- [Permissions Guide](#permissions-guide) |
| 6 | + - [Overview](#overview) |
| 7 | + - [Topcoder Roles](#topcoder-roles) |
| 8 | + - [Project Role](#project-role) |
| 9 | + - [How to Use](#how-to-use) |
| 10 | + - [References](#references) |
| 11 | + |
| 12 | +## Overview |
| 13 | + |
| 14 | +Every user may have 2 kind of roles: **Topcoder Roles** and **Project Role**. |
| 15 | + |
| 16 | +### Topcoder Roles |
| 17 | + |
| 18 | +These roles are assigned to user accounts. User may have several **Topcoder Roles**. See [the list of all Topcoder Roles](https://github.com/topcoder-platform/tc-project-service/blob/develop/src/constants.js#L55-L69) which we use in Topcoder Project Service. |
| 19 | + |
| 20 | +<img src="./images/topcoder-roles.png" width="689"> |
| 21 | + |
| 22 | +By default every user has one role `Topcoder User`, generally this means that such a user is either **customer** or **community member** (freelancer). |
| 23 | + |
| 24 | +### Project Role |
| 25 | + |
| 26 | +When user joins some project and become a member of the project, such a user has one **Project Role** inside that project. One user may have different **Project Role** in different projects. See [the list of all Project Roles](https://github.com/topcoder-platform/tc-project-service/blob/develop/src/constants.js#L23-L33) which we use in Topcoder Project Service. |
| 27 | + |
| 28 | +<img src="./images/project-roles.png" width="411"> |
| 29 | + |
| 30 | +## How to Use |
| 31 | + |
| 32 | +Let's say you would like to add a new place in code where you want to check user roles/permissions. Please, follow the next guide: |
| 33 | + |
| 34 | +1. Check if we already have defined permission for your case in the [permissions list](https://htmlpreview.github.io/?https://github.com/topcoder-platform/tc-project-service/blob/develop/docs/permissions.html). |
| 35 | + |
| 36 | +2. If you cannot find the permission you need, add new permission to the file https://github.com/topcoder-platform/tc-project-service/blob/develop/src/permissions/constants.js. |
| 37 | + |
| 38 | + - Follow the guides on how to add a new permission in the header of this file. |
| 39 | + |
| 40 | +3. After you add a new permission, regenerate [permissions list](https://htmlpreview.github.io/?https://github.com/topcoder-platform/tc-project-service/blob/develop/docs/permissions.html) by running `npm run generate:doc:permissions`. |
| 41 | + |
| 42 | +4. There are 2 places where you would usually check permissions: |
| 43 | + 1. Check if user can call some endpoint (https://github.com/topcoder-platform/tc-project-service/blob/develop/src/permissions/index.js): |
| 44 | + |
| 45 | + ```js |
| 46 | + Authorizer.setPolicy('projectMember.view', generalPermission(PERMISSION.READ_PROJECT_MEMBER)); |
| 47 | + ``` |
| 48 | + |
| 49 | + or |
| 50 | + |
| 51 | + ```js |
| 52 | + Authorizer.setPolicy('projectMember.edit', generalPermission([ |
| 53 | + PERMISSION.UPDATE_PROJECT_MEMBER_CUSTOMER, |
| 54 | + PERMISSION.UPDATE_PROJECT_MEMBER_NON_CUSTOMER, |
| 55 | + ])); |
| 56 | + ``` |
| 57 | + |
| 58 | + 2. Inside some endpoint code: |
| 59 | + |
| 60 | + ```js |
| 61 | + import util from '../util'; |
| 62 | + import { PERMISSION } from '../permissions/constants'; |
| 63 | +
|
| 64 | + (req, res, next) => { |
| 65 | + ... |
| 66 | + if (hasPermissionByReq(permission, req)) { |
| 67 | + ... |
| 68 | + } |
| 69 | + ... |
| 70 | + } |
| 71 | + ``` |
| 72 | + |
| 73 | +## References |
| 74 | + |
| 75 | +- [Permissions list](https://htmlpreview.github.io/?https://github.com/topcoder-platform/tc-project-service/blob/develop/docs/permissions.html) |
| 76 | + |
| 77 | +- [Permissions list source](https://github.com/topcoder-platform/tc-project-service/blob/develop/src/permissions/constants.js) |
0 commit comments