The following documents the access control that should be provided to users though loopback. If for some reason access controls inhibit development, we can give access to the users. Before deployment, we can remove that access to those users and grant the access to a "super user". The "super user" can only be accessed through methods entirely on the remote server, so there is no security breach. Because of this, these access controls can be seen as an application-level - "what can the user in the role do?" more than "what are the restrictions to the roles as defined in the tables".
Administrator
System administrator (us as the developers)
Permissions
Manage User
Deactivate/reset password/etc all accounts
Loopback Access
User
Full Access (for now)
RoleMapping
Full Access (for now)
Role
Read
Address
Read
Editor
Owners of RocReadaR, manage business (Sponsors)
Permissions
Create User
Create Publishers and Advertisers
Manage User
Deactivate/reset password/etc Editors, Publishers, Advertiser accounts
Analytics
View all analytics
Billing
View all bills
Loopback Access
User
Full Access (for now)
RoleMapping
Full Access (for now)
Role
Read
Address
Read
Advertiser
Read/Write
No Delete - Use IsDeleted bit in model
Publication
Read
Publisher
Read/Write
No Delete - Use IsDeleted bit in model
PublicationIssue
Read
TrackerFile
Read
TrackerFilePage
Read
Publisher
Client of RocReadaR - main user. Person who manages the publication media for a publication
Permissions
Create User
Create Advertisers
Publication Management
Upload pages
Upload/edit media
Allow advertisers to edit media
Approve Advertiser media
Analytics
View analytics local to publisher
Billing
View bills local to publisher
Loopback Access
User
Full Access (for now)
RoleMapping
Full Access (for now)
Role
Read
Address
Read/Write
No Delete
Advertiser
Read/Write
No Delete - Use IsDeleted bit in model
AdvertiserPublicationPermission
Read/Write
MediaComment
Read/Write
No Delete - Use IsDeleted bit in model
Publication
Read/Write
No Delete
PublicationIssue, PublicationIssuePage, PublicationIssuePageMedia
Full Access
Publisher
Read/Write
No Delete
PublisherAdvertiser
Full Access (for now)
TrackerFile, TrackerFilePage
Full Access (for now)
Advertiser
Partner with Publisher. Manages media for advertisements that are present in publications.
Permissions
Analytics
View analytics local to advertiser
Media Management
Upload/edit media
Loopback Access
User
Full Access (for now)
RoleMapping
Read
Role
Read
Address
Read/Write
No Delete
Advertiser
Full Access (for now)
AdvertiserPublicationPermission
Read/Write
Publication, PublicationIssue, PublicationIssuePage
Read
PublicataionIssuePageMedia
Read/Write
PublisherAdvertiser
- Read