((p "Whether" " " "an" " " "operation" " " "of" " " "the" " " "Zettelstore" " " "is" " " "allowed" " " "or" " " "rejected," " " "depends" " " "on" " " "various" " " "factors.") (p "The" " " "following" " " "rules" " " "are" " " "checked" " " "first," " " "in" " " "this" " " "order:") (ol (li "In" " " "read-only" " " "mode," " " "every" " " "operation" " " "except" " " "the" " " (@L (@H "“") "Read" (@H "”")) " " "operation" " " "is" " " "rejected.") (li "If" " " "there" " " "is" " " "no" " " "owner," " " "authentication" " " "is" " " "disabled" " " "and" " " "every" " " "operation" " " "is" " " "allowed" " " "for" " " "everybody.") (li "If" " " "the" " " "user" " " "is" " " "authenticated" " " "and" " " "it" " " "is" " " "the" " " "owner," " " "then" " " "the" " " "operation" " " "is" " " "allowed.")) (p "In" " " "the" " " "second" " " "step," " " "when" " " (a (@ (href . "00001010040100")) "authentication" " " "is" " " "enabled") " " "and" " " "the" " " "requesting" " " "user" " " "is" " " "not" " " "the" " " "owner," " " "everything" " " "depends" " " "on" " " "the" " " "requested" " " "operation.") (ul (li (p "Read" " " "a" " " "zettel:") (ul (li (p "If" " " "the" " " "visibility" " " "is" " " (@L (@H "“") "public" (@H "”")) "," " " "the" " " "access" " " "is" " " "granted.")) (li (p "If" " " "the" " " "visibility" " " "is" " " (@L (@H "“") "owner" (@H "”")) "," " " "the" " " "access" " " "is" " " "rejected.")) (li (p "If" " " "the" " " "user" " " "is" " " "not" " " "authenticated," " " "access" " " "is" " " "rejected.")) (li (p "If" " " "the" " " "zettel" " " "requested" " " "is" " " "an" " " (a (@ (href . "00001010040200")) "user" " " "zettel") "," " " "reject" " " "the" " " "access" " " "if" " " "the" " " "users" " " "identification" " " "is" " " "not" " " "the" " " "same" " " "as" " " "of" " " "the" " " (kbd "user-id") " " "metadata" " " "value" " " "in" " " "the" " " "zettel.") (p "In" " " "other" " " "words:" " " "only" " " "the" " " "requesting" " " "user" " " "is" " " "allowed" " " "to" " " "access" " " "its" " " "own" " " "user" " " "zettel.")) (li (p "If" " " "the" " " (kbd "user-role") " " "of" " " "the" " " "user" " " "is" " " (@L (@H "“") "creator" (@H "”")) "," " " "reject" " " "the" " " "access.")) (li (p "Otherwise" " " "the" " " "user" " " "is" " " "authenticated," " " "no" " " "sensitive" " " "zettel" " " "is" " " "requested." " " "Allow" " " "to" " " "read" " " "the" " " "zettel.")))) (li (p "Create" " " "a" " " "new" " " "zettel") (ul (li (p "If" " " "the" " " "user" " " "is" " " "not" " " "authenticated," " " "reject" " " "the" " " "access.")) (li (p "If" " " "the" " " (kbd "user-role") " " "of" " " "the" " " "user" " " "is" " " (@L (@H "“") "reader" (@H "”")) "," " " "reject" " " "the" " " "access.")) (li (p "If" " " "the" " " "user" " " "tries" " " "to" " " "create" " " "an" " " (a (@ (href . "00001010040200")) "user" " " "zettel") "," " " "the" " " "access" " " "is" " " "rejected.") (p "Only" " " "the" " " "owner" " " "of" " " "the" " " "Zettelstore" " " "is" " " "allowed" " " "to" " " "create" " " "user" " " "zettel.")) (li (p "In" " " "all" " " "other" " " "cases" " " "allow" " " "to" " " "create" " " "the" " " "zettel.")))) (li (p "Change" " " "an" " " "existing" " " "zettel") (ul (li (p "If" " " "the" " " "user" " " "is" " " "not" " " "allowed" " " "to" " " "read" " " "the" " " "zettel" " " "(see" " " "above)," " " "reject" " " "the" " " "access.")) (li (p "If" " " "the" " " "user" " " "is" " " "not" " " "authenticated," " " "reject" " " "the" " " "access.")) (li (p "If" " " "the" " " "zettel" " " "is" " " "the" " " (a (@ (href . "00001010040200")) "user" " " "zettel") " " "of" " " "the" " " "authenticated" " " "user," " " "proceed" " " "as" " " "follows:") (ul (li "If" " " "some" " " "sensitive" " " "meta" " " "values" " " "are" " " "changed" " " "(e.g." " " "user" " " "identifier," " " "zettel" " " "role," " " "user" " " "role," " " "but" " " "not" " " "hashed" " " "password)," " " "reject" " " "the" " " "access") (li "Since" " " "the" " " "user" " " "just" " " "updates" " " "some" " " "uncritical" " " "values," " " "grant" " " "the" " " "access")) (p "In" " " "other" " " "words:" " " "a" " " "user" " " "is" " " "allowed" " " "to" " " "change" " " "its" " " "user" " " "zettel," " " "even" " " "if" " " "s/he" " " "has" " " "no" " " "writer" " " "privilege" " " "and" " " "if" " " "only" " " "uncritical" " " "data" " " "is" " " "changed.")) (li (p "If" " " "the" " " (kbd "user-role") " " "of" " " "the" " " "user" " " "is" " " (@L (@H "“") "reader" (@H "”")) "," " " "reject" " " "the" " " "access.")) (li (p "If" " " "the" " " "user" " " "is" " " "not" " " "allowed" " " "to" " " "create" " " "a" " " "new" " " "zettel," " " "reject" " " "the" " " "access.")) (li (p "Otherwise" " " "grant" " " "the" " " "access.")))) (li (p "Rename" " " "a" " " "zettel") (ul (li "Reject" " " "the" " " "access." " " "Only" " " "the" " " "owner" " " "of" " " "the" " " "Zettelstore" " " "is" " " "currently" " " "allowed" " " "to" " " "give" " " "a" " " "new" " " "identifier" " " "for" " " "a" " " "zettel."))) (li (p "Delete" " " "a" " " "zettel") (ul (li "Reject" " " "the" " " "access." " " "Only" " " "the" " " "owner" " " "of" " " "the" " " "Zettelstore" " " "is" " " "allowed" " " "to" " " "delete" " " "a" " " "zettel." " " "This" " " "may" " " "change" " " "in" " " "the" " " "future.")))))