== Authentication and Authorization module user stories == === As a user I want the module to have a set of permissions including read, write, execute and ownership. === Acceptance criteria: Tickets: * Extend Permission enum in DatabaseLogin to cover read, write, execute and ownership. === As a user I want the module to have a set of entities including tables, columns, rows and screens. === Acceptance criteria: Tickets: * Create an interface MolgenisElement. Make Entity, Field, ScreenModel implement MolgenisElement. * Create an interface Authorizable with fields owner: xref->!MolgenisUser, shareRead: xref->!MolgenisGroup, shareWrite: xref->!MolgenisGroup. === As a user I want the module to have a structure containing users and groups. Users can be part of groups. Both can have permissions on entities. If multiple permissions apply to an entity the narrower ones override the broader ones. === Acceptance criteria: Tickets: * Rename !MolgenisRole to !MolgenisGroup. * Connect !MolgenisUsers to !MolgenisGroups using a many-many relationship. Figure out how to do that best: mref, explicit bridge table, inheritance, ... * Create a table that contains !MolgenisElements and connects them with !MolgenisUser's and Permissions. * Make Molgenis check permissions via central class. (To be refined.) === As a user I want to be able to change permissions (grant, revoke) for the entities I own. The permissions are strictly limited to the entity. No information from linked entities will show up if permissions have not been given. === Acceptance criteria: Tickets: * Create a user interface to manage permissions for the entities owned by the user that is logged in. === As an administrator I want to be able to manage users and groups. === Acceptance criteria: Tickets: * Create a user interface to manage users and groups that is accessible to the administrator only. === As an administrator I want to have the possibility to forward permissions from an entity to others. === Acceptance criteria: Tickets: * Create a function as part of the admin interface to forward permissions from an entity to others that are connected with it (xref, mref). === As a public user I want to see all the entities I am entitled to see without logging in. === Acceptance criteria: Tickets: * Create a public user. * Make the login class to log in the public user by default. === As an investigator I want to be able to share the permissions on all entities belonging to my investigation with other users or groups. === Acceptance criteria: Tickets: * See above.