From e1bb1c633029905583388af2921baa436d914938 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mats=20Fins=C3=A5s?= Date: Thu, 28 Apr 2022 21:59:46 +0200 Subject: [PATCH] docs: about the app (#82) Co-authored-by: LiviaValenti --- README.md | 39 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 38 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 42b07840..993f5284 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,44 @@ Semester project in the course [IT2901 Informatics Project II](https://www.ntnu.edu/studies/courses/IT2901/2021), spring 2022 @ Norwegian University of Science and Technology. -This is a proof of concept application for development of an npm package for easier utilization of [NTNUI API](https://api.ntnui.no/). The application is a dynamic application form with automatic access control using [medlem.ntnui.no](https://medlem.ntnui.no/) authorization and roles. +## About the application + +This is a proof of concept application for development and usage of an npm package, [ntnui-tools](https://github.com/NTNUI/ntnui-tools), an API wrapper for easier utilization of [NTNUI API](https://api.ntnui.no/). + +The application is a dynamic admission form with automatic access control using [NTNUI API](https://api.ntnui.no/) (NTNUIs membership system) authorization and roles. The admission form itself is dynamic and uses ntnui-tools to fetch committees from the NTNUI API. + +The roles within the application are differentiated "organizer", "election committee" and normal administrative committees. + +The organizer is synonymous to a user that is part of the **main board**. They have the following permissions: + +- Can change the admission status of all committees except the main board +- Can see all applications except applications to the main board +- Can edit the admission period +- Can wipe the admission data + +The organizers (main board) can not see any part of the application indicating that the candidate is applying to the main board, thus the status and committee-attributes are not visible in any way. + +The **election committee** is directly connected to the election committee in the membership system. The election committee has the following permissions: + +- Can change the admission status of the main board +- Can see the applications to all committees +- Can change the statuses for the applications to the main board + +The **normal administrative committes** have the following permissions: + +- Can change the admission status of their own committees +- Can _only_ see applications that include their own committee +- Can change the statuses for the applications to their own committees + +The normal administrative committes experience the same form of censorship from indications of the main board as the organizers experience. + +### Permission table + +| role | Admission period | Admission status | Application visibility | Application status | Wipe admission data | +| :-----------------------------: | :--------------: | :--------------------------: | :-------------------------------------------------------------: | :----------------: | :-----------------: | +| organizer (main board) | Edit | Change all except main board | All committees except main board | Cannot change any | Yes | +| election committee | View | Change main board | All committees | Change main board | No | +| normal administrative committee | View | Change their own | Applications that include their own committee except main board | Change their own | No | ## Development