Permissions¶
Spiff has a set of permissions that say who can do what on the site.
It is recommended to create a general purpose “Active Member” rank to keep track of who is and isn’t a member and to provide a base set of permissions that apply to all members. Afterwards, you can create new ranks for each membership level in your hackerspace.
Note
Run ./manage.py permission_list to retrieve a list of permissions and brief descriptions. Only permissions used in Spiff codebase are documented. See the Django auth reference for information about how permissions work inside Django.
auth.change_user¶
The user can edit the profiles of other users.
auth.delete_user¶
The user can delete other users.
events.add_event¶
The user can create events and edit their own events.
events.can_reserve_resource¶
The user can attach resources to their own events.
events.change_event¶
The user can edit other user’s events. This along with can_reserve_resource is required for being able to attach resources to events that they don’t own.
inventory.certify¶
The user may grant and remove certifications for resources from members.
inventory.change_resource¶
The user can add and modify resource metadata.add_metadata, change_metadata, etc are not used at all in Spiff.
inventory.can_train¶
The user can promote other users’ trainings and add themselves to a resource at the lowest level.
membership.add_duepayment¶
The user may add previous due payments to Spiff.
membership.can_change_member_rank¶
The user may view modify the ranks a member belongs to.
membership.can_edit_protected_fields¶
The user can edit and view profile fields that are protected.
membership.can_view_member_rank¶
The user is able to view another user’s ranks.
membership.can_view_private_fields¶
The user can view any field that does not have the Public flag set.