mirror of
https://github.com/opelly27/WinStudentGoalTracker.git
synced 2026-05-20 13:27:35 +00:00
ivan-pelly
1.7 KiB
1.7 KiB
User → Student Assignments
| User (X-User-Id) | Student 101 (A) | Student 102 (B) | Student 103 (C) | Student 104 (D) |
|---|---|---|---|---|
| 1 — Ms. Rivera | ✅ PrimaryTeacher | ✅ PrimaryTeacher | ❌ No access | ❌ No access |
| 2 — Mr. Daniels | ✅ Paraeducator | ❌ No access | ❌ No access | ❌ No access |
| 3 — Dr. Patel | ✅ Supervisor | ✅ Supervisor | ✅ Supervisor | ✅ Supervisor |
What Each Assignment Type Can Do
| Action | PrimaryTeacher | Paraeducator | Supervisor |
|---|---|---|---|
| View student | ✅ | ✅ | ✅ |
| Create goal | ✅ | ❌ | ❌ |
| Edit goal | ✅ | ❌ | ❌ |
| Add progress entry | ✅ | ✅ | ❌ |
| Edit progress entry | ✅ any entry | ✅ own entries only | ❌ |
| Delete progress entry | ✅ any entry | ✅ own entries only | ❌ |
Quick Test Scenarios
- User 1, GET /api/students → sees A & B (not C or D)
- User 2, GET /api/students → sees A only
- User 3, GET /api/students → sees all four (A, B, C, D)
- User 2, POST goal for student 101 → 403 Forbidden (paras can't create goals)
- User 2, PUT entry 2 for student 101 → ✅ (it's his own entry)
- User 2, PUT entry 1 for student 101 → 403 (entry 1 was created by user 1)