We wanted to have fine-grained permisisons for easy of managing in the code and corse-gained permissions for easy of assigning to roles. Having permission groups and assigning permission group to a role gives us best of both.
A typical cleansweep instance will only need handful permission groups. For example:
Admin - permission to do everything
Manage - almost everything except some admin permissions
SMS-Email - everything of view + send email and sms
View - view all volunteers (without contact details), committee members, other numbers etc.
LimitedView - view only the committee members and some stats
Committee members typically get manage permission-group and that will include everything needed. For example, the admin can decide whether or not to include download-volunteers permission in that permission group.
To start with assume that permission groups will be specified in the code or in the config file.
We can move them to admin panel later (as a separate issue).
We wanted to have fine-grained permisisons for easy of managing in the code and corse-gained permissions for easy of assigning to roles. Having permission groups and assigning permission group to a role gives us best of both.
A typical cleansweep instance will only need handful permission groups. For example:
Committee members typically get manage permission-group and that will include everything needed. For example, the admin can decide whether or not to include download-volunteers permission in that permission group.
To start with assume that permission groups will be specified in the code or in the config file.
We can move them to admin panel later (as a separate issue).