Open
Description
Upon migration to single-page application with React frontend, to-do a full audit of all routes:
For each route, to access at each user level:
Within the course, to test
- non-course user
- course student (non-phantom and phantom)
- course instructor (non-phantom and phantom)
- course manager (non-phantom and phantom)
- course owner (non-phantom and phantom)
And with combination of each instance roles
- normal user
- instructor
- admin
There should be a total of 27 roles:
| s/n | instance_role | course_role | phantom |
|---|---|---|---|
| 1 | normal | non-user | - |
| 2 | normal | student | normal |
| 3 | normal | student | phantom |
| 4 | normal | instructor | normal |
| 5 | normal | instructor | phantom |
| 6 | normal | manager | normal |
| 7 | normal | manager | phantom |
| 8 | normal | owner | normal |
| 9 | normal | owner | phantom |
| 10 | instructor | non-user | - |
| 11 | instructor | student | normal |
| 12 | instructor | student | phantom |
| 13 | instructor | instructor | normal |
| 14 | instructor | instructor | phantom |
| 15 | instructor | manager | normal |
| 16 | instructor | manager | phantom |
| 17 | instructor | owner | normal |
| 18 | instructor | owner | phantom |
| 19 | admin | non-user | - |
| 20 | admin | student | normal |
| 21 | admin | student | phantom |
| 22 | admin | instructor | normal |
| 23 | admin | instructor | phantom |
| 24 | admin | manager | normal |
| 25 | admin | manager | phantom |
| 26 | admin | owner | normal |
| 27 | admin | owner | phantom |
Any routes that are unused or orphaned should be pruned.
Behaviour for each route should also follow expected access control, or documented if not already specified.