CSNS2 Security Implementation
Department
Requirements
-
System admin can create departments.
-
Department admin can edit their own department such as changing logo, theme, and adding/removing faculty, instructors, and courses.
In theory department name abbreviation (e.g. cs) should not be changed once a department is created because doing so may break department role check. Right now it can be changed by System Admin.
Implementation
-
Access to /admin/** requires system admin.
-
DepartmentDao.saveDepartment() requires system or department admin.
-
The following controller methods require department admin:
-
DepartmentUserController.operation()
-
DepartmentCourseController.operation()
|
