Spiff has a set of permissions that say who can do what on the site.
It is recommended to create a general purpose “Active Member” rank to keep track of who is and isn’t a member and to provide a base set of permissions that apply to all members. Afterwards, you can create new ranks for each membership level in your hackerspace.
Run ./manage.py permission_list to retrieve a list of permissions and brief descriptions. Only permissions used in Spiff codebase are documented. See the Django auth reference for information about how permissions work inside Django.
The user can edit the profiles of other users.
The user can delete other users.
The user can create events and edit their own events.
The user can attach resources to their own events.
The user can edit other user’s events. This along with can_reserve_resource is required for being able to attach resources to events that they don’t own.
The user may grant and remove certifications for resources from members.
The user can add and modify resource metadata.add_metadata, change_metadata, etc are not used at all in Spiff.
The user can promote other users’ trainings and add themselves to a resource at the lowest level.
The user may add previous due payments to Spiff.
The user may view modify the ranks a member belongs to.
The user can edit and view profile fields that are protected.
The user is able to view another user’s ranks.
The user can view any field that does not have the Public flag set.