diff --git a/common/models/event-type.json b/common/models/event-type.json index 19d7871..2a861dd 100644 --- a/common/models/event-type.json +++ b/common/models/event-type.json @@ -22,6 +22,32 @@ } } }, - "acls": [], + "acls": [ + { + "accessType": "*", + "principalType": "ROLE", + "principalId": "$everyone", + "permission": "DENY" + }, + { + "accessType": "READ", + "principalType": "ROLE", + "principalId": "$everyone", + "permission": "ALLOW" + }, + { + "accessType": "WRITE", + "principalType": "ROLE", + "principalId": "admin", + "permission": "ALLOW" + }, + { + "accessType": "EXECUTE", + "principalType": "ROLE", + "principalId": "admin", + "permission": "ALLOW", + "property": "*" + } + ], "methods": {} } diff --git a/common/models/list-of-attendees.json b/common/models/list-of-attendees.json index cf30398..8bf0bec 100644 --- a/common/models/list-of-attendees.json +++ b/common/models/list-of-attendees.json @@ -28,6 +28,32 @@ } } }, - "acls": [], + "acls": [ + { + "accessType": "*", + "principalType": "ROLE", + "principalId": "$everyone", + "permission": "DENY" + }, + { + "accessType": "READ", + "principalType": "ROLE", + "principalId": "admin", + "permission": "ALLOW" + }, + { + "accessType": "WRITE", + "principalType": "ROLE", + "principalId": "admin", + "permission": "ALLOW" + }, + { + "accessType": "EXECUTE", + "principalType": "ROLE", + "principalId": "admin", + "permission": "ALLOW", + "property": "*" + } + ], "methods": {} } diff --git a/common/models/organization.json b/common/models/organization.json index afcafee..346dacd 100644 --- a/common/models/organization.json +++ b/common/models/organization.json @@ -55,6 +55,39 @@ } } }, - "acls": [], + "acls": [ + { + "accessType": "*", + "principalType": "ROLE", + "principalId": "$everyone", + "permission": "DENY" + }, + { + "accessType": "READ", + "principalType": "ROLE", + "principalId": "admin", + "permission": "ALLOW" + }, + { + "accessType": "WRITE", + "principalType": "ROLE", + "principalId": "admin", + "permission": "ALLOW" + }, + { + "accessType": "EXECUTE", + "principalType": "ROLE", + "principalId": "$everyone", + "permission": "ALLOW", + "property": "create" + }, + { + "accessType": "EXECUTE", + "principalType": "ROLE", + "principalId": "$everyone", + "permission": "ALLOW", + "property": "find" + } + ], "methods": {} } diff --git a/common/models/participant.json b/common/models/participant.json index 7ef7f60..6a04f09 100644 --- a/common/models/participant.json +++ b/common/models/participant.json @@ -50,6 +50,32 @@ "through": "ListOfAttendees" } }, - "acls": [], + "acls": [ + { + "accessType": "*", + "principalType": "ROLE", + "principalId": "$everyone", + "permission": "DENY" + }, + { + "accessType": "READ", + "principalType": "ROLE", + "principalId": "admin", + "permission": "ALLOW" + }, + { + "accessType": "WRITE", + "principalType": "ROLE", + "principalId": "admin", + "permission": "ALLOW" + }, + { + "accessType": "EXECUTE", + "principalType": "ROLE", + "principalId": "admin", + "permission": "ALLOW", + "property": "*" + } + ], "methods": {} } diff --git a/common/models/profile.json b/common/models/profile.json index 5f95681..e5a63f1 100644 --- a/common/models/profile.json +++ b/common/models/profile.json @@ -30,6 +30,32 @@ "foreignKey": "" } }, - "acls": [], + "acls": [ + { + "accessType": "*", + "principalType": "ROLE", + "principalId": "$everyone", + "permission": "DENY" + }, + { + "accessType": "READ", + "principalType": "ROLE", + "principalId": "admin", + "permission": "ALLOW" + }, + { + "accessType": "WRITE", + "principalType": "ROLE", + "principalId": "admin", + "permission": "ALLOW" + }, + { + "accessType": "EXECUTE", + "principalType": "ROLE", + "principalId": "admin", + "permission": "ALLOW", + "property": "*" + } + ], "methods": {} } diff --git a/common/models/room-type.json b/common/models/room-type.json index f72ff05..852666d 100644 --- a/common/models/room-type.json +++ b/common/models/room-type.json @@ -26,6 +26,32 @@ "foreignKey": "" } }, - "acls": [], + "acls": [ + { + "accessType": "*", + "principalType": "ROLE", + "principalId": "$everyone", + "permission": "DENY" + }, + { + "accessType": "READ", + "principalType": "ROLE", + "principalId": "$everyone", + "permission": "ALLOW" + }, + { + "accessType": "WRITE", + "principalType": "ROLE", + "principalId": "admin", + "permission": "ALLOW" + }, + { + "accessType": "EXECUTE", + "principalType": "ROLE", + "principalId": "admin", + "permission": "ALLOW", + "property": "*" + } + ], "methods": {} } diff --git a/common/models/user.json b/common/models/user.json index 81af49d..ae94843 100644 --- a/common/models/user.json +++ b/common/models/user.json @@ -25,74 +25,30 @@ } }, "acls": [ - { - "accessType": "EXECUTE", - "principalType": "ROLE", - "principalId": "$everyone", - "permission": "ALLOW", - "property": "register" - }, - { - "accessType": "EXECUTE", - "principalType": "ROLE", - "principalId": "$everyone", - "permission": "ALLOW", - "property": "updateDeviceToken" - }, { "accessType": "*", "principalType": "ROLE", "principalId": "$everyone", - "permission": "ALLOW" - }, - { - "accessType": "EXECUTE", - "principalType": "ROLE", - "principalId": "$everyone", - "permission": "ALLOW", - "property": "customLogin" - }, - { - "accessType": "EXECUTE", - "principalType": "ROLE", - "principalId": "$everyone", - "permission": "ALLOW", - "property": "tryNotify" - }, - { - "accessType": "EXECUTE", - "principalType": "ROLE", - "principalId": "$everyone", - "permission": "ALLOW", - "property": "me" + "permission": "DENY" }, { - "accessType": "EXECUTE", + "accessType": "READ", "principalType": "ROLE", - "principalId": "$everyone", - "permission": "ALLOW", - "property": "findById" - }, - { - "accessType": "EXECUTE", - "principalType": "ROLE", - "principalId": "$everyone", - "permission": "ALLOW", - "property": "find" + "principalId": "admin", + "permission": "ALLOW" }, { - "accessType": "EXECUTE", + "accessType": "WRITE", "principalType": "ROLE", - "principalId": "$everyone", - "permission": "ALLOW", - "property": "__get__reviews" + "principalId": "admin", + "permission": "ALLOW" }, { "accessType": "EXECUTE", "principalType": "ROLE", - "principalId": "$everyone", + "principalId": "admin", "permission": "ALLOW", - "property": "__count__reviews" + "property": "*" } ], "methods": {}