Advanced topics

Permissions

Old App Permissions

This section explains the static role and status based permission system of the old app. This system is still in use but will be replaced by a dynamic permission system in the future.

User status

The important distinction between users is their status. The status defines what a user can do in the app. The status has developed from the idea of tracking a users membership status in the section. The entire permission system will be exchanged with a dynamic system in the future. This will allow for more flexibility and easier configuration.

None, Selected, Blacklisted, Helper and Alumni

The default status for every user is None, this means the user is not a member of the section.
In terms of permissions the Selected, Blacklisted and Helper status are the same as None. The use of this status is to mark users who are selected for some reason. This can be used for exclusive event access where only selected users can register.
The Alumni status is used to mark users who are no longer members of the section, it does not have any special permissions.
The Blacklisted status is the only one not preselected to be a participant when creating events, so you could use it in order to prevent users from registering and even seeing the event.

Trial

The Trial status was originally used to mark users who are currently in their trial period. This status is used to give users access to the app including the option to register as an organizer for events. This status also enables users to see the section hub.

Full and Sponsor

The Full status is used to mark users who are full members of the section. This status provides all permissions of the Trial status. Additionally, users with this status can edit event templates and create new events.

Roles in the app

The app role defines the basic options a user has. Please note that this does not include section membership.

User

The user role is the default role for all users. This role is sufficient for most users. Only change the role if you have very good reason to do so.

Admin

Admins have access to all data and can change all settings. They are the only ones with access to the Global configurations and the app settings.
Admins are the only ones who can create new event templates and who can change the roles and status of other users.
Additionally, admins can kick users from events even without refund.

Admin Access

Please make sure that very few users have admin access. Admins have access to all data and can change every aspect of the app.
Tip: Review admin access regularly and remove it from users who don't need it anymore.

Modern Permissions

General Permission concept

The permission system of the app is based on relationships, whatever a user can do with an object is defined by the relationship between the user and the object. For example, a user can always see an event if the user is registered for the event.

flowchart TD
    t["Tenant (Section)"]
    u["User"]
    e["Event"]
    et["Event Template"]
    r["Role"]
    
    t -->|has many| r
    u -->|belongs to| r
    t -->|has many| e
    t -->|has many| et
    e -->|belongs to| et
    r -->|has permissions on| e
    r -->|has permissions on| et

Permissions

Permissions are capabilities that can be assigned to roles. They define what a user belonging to that role can do with an object like an event. The permissions are defined in the role and are inherited by the user. The following permissions are available:

On Tenant (section) level

  • Edit Events: Users with this permission can edit and see all events.
  • Publish Events: Users with this permission can publish events and also see all events.
  • See All Events: Users with this permission can see all events. Note: This permission is automatically granted to users with the Edit Events or Publish Events permission.
  • Create Events: Users with this permission can create new events.
  • Create Event Templates: Users with this permission can create new event templates.
  • Edit Event Templates: Users with this permission can edit event templates. Note: This permission is automatically granted to users with the Create Event Templates permission.

Implicit Permissions

There are many situations in which a user should have access to an object without having a direct permission. These are called implicit permissions. The following implicit permissions are available:

  • See Events: Users can always see events under the following conditions:
    • The user is registered for the event.
    • The user is an organizer of the event.
    • The user is an admin.
    • The user has created the event.
Previous
Section management
Next
Icon selection