Event admin roles
The following concept is currently implemented for event admins only, but it is also planned for job admins.
Roles
The admin roles are defined in registration/models/adminroles.py.
Accesses
In the views, it is not checked whether an user has a certain role, but a certain access is requested insead. This has the advantage that roles can be changed more easily later.
The file registration/permissions.py contains the access definitions, role mapping and functions for permission checks.
Checking permissions in views
The has_access method can be used to check access to events, jobs and helpers (not shifts, use the job instead):
from ..permissions import has_access, ACCESS_EVENT_EDIT
from .utils import nopermission
if not has_access(request.user, event, ACCESS_EVENT_EDIT):
return nopermission(request)
It can also be checked if the user has access based on the event or any job of the event:
from registration.permissions import has_access_event_or_job, ACCESS_MAILS_SEND, ACCESS_JOB_SEND_MAILS
if not has_access_event_or_job(request.user, event, ACCESS_MAILS_SEND, ACCESS_JOB_SEND_MAILS):
return nopermission(request)
Checking permissions in templates
Template tags are defined in registration/templatetags/permissions.py.
RBAC matrix
This matrix shows which roles allow which type of access:
Access |
Events |
||||
|---|---|---|---|---|---|
Admin |
Restricted |
Front desk |
Inventory |
Badges |
|
ACCESS_INVOLVED |
x |
x |
x |
x |
x |
ACCESS_EVENT_EDIT |
x |
||||
ACCESS_EVENT_EDIT_LINKS |
x |
||||
ACCESS_EVENT_EDIT_JOBS |
x |
||||
ACCESS_EVENT_EXPORT_HELPERS |
x |
x |
|||
ACCESS_EVENT_EDIT_DUPLICATES |
x |
x |
|||
ACCESS_EVENT_VIEW_COORDINATORS |
x |
x |
x |
x |
|
ACCESS_EVENT_VIEW_AUDITLOG |
x |
||||
ACCESS_JOB_EDIT |
x |
||||
ACCESS_JOB_EDIT_HELPERS |
x |
x |
|||
ACCESS_JOB_VIEW_HELPERS |
x |
x |
x |
x |
|
ACCESS_JOB_SEND_MAILS |
x |
x |
|||
ACCESS_JOB_VIEW_MAILS |
x |
x |
|||
ACCESS_JOB_VIEW_STATISTICS |
x |
x |
|||
ACCESS_HELPER_EDIT |
x |
x |
|||
ACCESS_HELPER_VIEW |
x |
x |
x |
x |
|
ACCESS_HELPER_INTERNAL_COMMENT_EDIT |
x |
x |
x |
||
ACCESS_HELPER_INTERNAL_COMMENT_VIEW |
x |
x |
x |
x |
|
ACCESS_HELPER_RESEND |
x |
x |
x |
||
ACCESS_INVENTORY_EDIT |
x |
||||
ACCESS_INVENTORY_HANDLE |
x |
x |
x |
||
ACCESS_BADGES_EDIT |
x |
||||
ACCESS_BADGES_GENERATE |
x |
x |
x |
||
ACCESS_BADGES_EDIT_HELPER |
x |
x |
|||
ACCESS_BADGES_EDIT_SPECIAL |
x |
x |
|||
ACCESS_MAILS_SEND |
x |
x |
|||
ACCESS_MAILS_VIEW |
x |
x |
|||
ACCESS_STATISTICS_VIEW |
x |
x |
|||
ACCESS_GIFTS_EDIT |
x |
||||
ACCESS_GIFTS_HANDLE_GIFTS |
x |
x |
x |
||
ACCESS_GIFTS_HANDLE_PRESENCE |
x |
x |
|||
ACCESS_GIFTS_VIEW_SUMMARY |
x |
x |
|||
ACCESS_PREREQUISITES_EDIT |
x |
||||
ACCESS_PREREQUISITES_VIEW |
x |
x |
|||
ACCESS_PREREQUISITES_HANDLE |
x |
x |
|||