docs: clarify Curators and Admins can be maintainers for credited attribution

- Update Actors table: Curator and Admin entries mention maintainer assignment
- Update Role Design Philosophy: same clarification
- Update Curator section: note about PersonMaintainer as credit/attribution
- Update Admin section: same note
This commit is contained in:
2026-07-15 17:40:49 +02:00
parent c5fabf0e07
commit d799c3eb1f

View File

@@ -13,8 +13,8 @@
| **Anonymous** | Unauthenticated visitor | Can only see `Public` content (per #93 visibility levels) |
| **User** | Registered, authenticated account | Sees `Public` + `Protected` content |
| **Maintainer** | Assigned to zero or more cosplayers | Two-dimensional role: **scoped** cosplayer management (CRUD on albums/assets/profiles for assigned cosplayers only) plus **unscoped** tag management (create/edit any tag, assign tags anywhere, conditional delete). Sees `Private` content for assigned cosplayers. Cannot create people or view stats |
| **Curator** | Full content editor | Full CRUD on all people, albums, assets, tags. Can view stats. Cannot manage users/settings/folders/jobs |
| **Admin** | System administrator | Everything Curator can do + user management, settings, folders, jobs |
| **Curator** | Full content editor | Full CRUD on all people, albums, assets, tags. Can view stats. Cannot manage users/settings/folders/jobs. May also be assigned as a maintainer of specific cosplayers for credited attribution |
| **Admin** | System administrator | Everything Curator can do + user management, settings, folders, jobs. May also be assigned as a maintainer of specific cosplayers for credited attribution |
---
@@ -27,8 +27,8 @@ The role hierarchy is **strictly cumulative** — each level inherits everything
| **Anonymous** | Browse public content | Cannot see anything above `Public` visibility |
| **User** | See `Protected` content, self-profile management | Cannot mutate any content |
| **Maintainer** | Two capabilities: **(A)** cosplayer-scoped curator powers (albums, assets, profiles for assigned cosplayers), **(B)** global tag management (create, edit, assign, conditional delete) | Cannot create/delete people. Cosplayer management is gated by `PersonMaintainer` assignment. A Maintainer **may** have zero cosplayer assignments — in that case only tag management applies |
| **Curator** | Unscoped content CRUD on people, albums, assets, tags; view stats | Cannot manage users, settings, folders, or jobs |
| **Admin** | User management, maintainer assignment, settings, folders, jobs | No restrictions |
| **Curator** | Unscoped content CRUD on people, albums, assets, tags; view stats | Cannot manage users, settings, folders, or jobs. May be assigned as a maintainer of specific cosplayers (credited attribution, not access gating) |
| **Admin** | User management, maintainer assignment, settings, folders, jobs | No restrictions. May be assigned as a maintainer of specific cosplayers (credited attribution, not access gating) |
---
@@ -122,6 +122,7 @@ A Maintainer with no cosplayer assignments still retains full tag management cap
### Curator (all User + Maintainer +)
Full content management — no assignment boundaries.
Note: Curators **may** also be assigned as maintainers of specific cosplayers via the `PersonMaintainer` table, serving as **credited attribution** (specifically credited to work on assets from that cosplayer). This does not gate their access — they already have full CRUD on all content — but signals a direct contributor relationship.
| ID | Use Case | Endpoint |
|----|----------|----------|
@@ -151,6 +152,8 @@ Full content management — no assignment boundaries.
### Admin (all Curator +)
Admins **may** also be assigned as maintainers of specific cosplayers via the `PersonMaintainer` table, serving as **credited attribution** (specifically credited to work on assets from that cosplayer). Like Curators, this is a signalling mechanism rather than a gating one — Admins already have unrestricted access.
| ID | Use Case | Endpoint |
|----|----------|----------|
| UC-59 | List all users | `GET /api/user` |