You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
POST /api/notes/:id: Creates a new StudentNote object for a specific student. If the author is a teacher, the student must be in one of the teachers' assigned sections. If the author is an admin, always allow.
PUT /api/notes/:id: Edit an existing StudentNote. Only authors can edit their own notes, this applies for all users.
GET /api/user/:id/notes: Get all notes by author
If the requester has admin privilege, the author must be a teacher. If the requester has teacher privilege, the author must be themself.
GET /api/student/:id/notes: Get all notes by student
For all users, request notes owned by the requester. If the requester has admin privilege, additionally fetch all global notes associated with the student.
GET /api/section/:id/notes: Get all notes by section
For all users, request notes for all students in the section owned by the requester.
If the requester has admin privilege, additionally fetch all global notes associated with the students in this section.
If the requester has teacher privilege, require that the teacher is assigned this section.
Introduce the following effects:
On student deletion, delete all notes associated with the student
On user deletion, delete all notes associated with the user.
On section deletion, delete all notes associated with the section.
POST /api/notes/:id: Creates a new StudentNote object for a specific student. If the author is a teacher, the student must be in one of the teachers' assigned sections. If the author is an admin, always allow.PUT /api/notes/:id: Edit an existing StudentNote. Only authors can edit their own notes, this applies for all users.GET /api/user/:id/notes: Get all notes by authorGET /api/student/:id/notes: Get all notes by studentGET /api/section/:id/notes: Get all notes by sectionSchemas
Permissions