-
Notifications
You must be signed in to change notification settings - Fork 33
Permissions
The permissions are defined by the development team of Cryptopus.
There are 3 roles in general, Admins, Conf Admins and normal Users.
To implement the permissions into Cryptopus, we used Pundit.
Every model has it's associated policy. There the permissions are set.
Cryptopus has private and non-private Teams. The difference is just that Admins are added automatically to non-private Teams.
Most permissions are Teammember dependant
| Admin | Conf Admin | User | Teammember | |
|---|---|---|---|---|
| Create Team | X | X | X | |
| Update Team | X | X | ||
| Delete Team | X | (X) | (X) | |
| Add Teammember | X | X | X | |
| Remove Teammember | X | X | ||
| Add Folder | X | X | ||
| Remove Folder | X | X | ||
| Index All | X | X | X | |
| List Members | X | X | X |
↳ Only if Team non private
Users belong to Teams, which consist of Folders, Folders consist of Accounts, and Accounts can have Items.
Only Teammembers can create, edit or delete the Folders, Accounts or Items of a Team.
| Folder | Account | Item | |
|---|---|---|---|
| Create | X | X | X |
| Update | X | X | X |
| Delete | X | X | X |
| Move | X |
| Admin | Conf Admin | User | |
|---|---|---|---|
| Change Password | X | X | |
| Change own Password | X | X | X |
| Change LDAP Password | X | X | X |
| Update Settings | X | X | |
| Send Recrypt Requests | X | ||
| Send own Recrypt Requests | X | X | |
| Recieve Recrypt Requests | X | ||
| Handle Recrypt Requests | X | ||
| Prepare MT | X | X | |
| Excecute MT | X | X | |
| New Root Password MT | X | X | |
| Removed LDAP Users MT | X | X |
*MT = Maintenance Task
| Admin | Conf Admin | |
|---|---|---|
| Create User | X | * |
| Delete User | X | *NA |
| Edit Firstname | X | *NA |
| Edit Lastname | X | *NA |
| Edit Username | X | |
| Edit Password | X | |
| Make Conf Admin | X | |
| Make Admin | X | X |
| Unlock | X | X |
*NA = only if selected User is not Admin
* same as above and User whose LDAP has been deleted
Every User can create their own Api Users. For them you have the Following Permissions:
| Allowed Actions |
|---|
| Index |
| Renew Token |
| Delete API User |
| Lock |
| Unlock |
*To access this Page you need to be a User::Human