Permissions

Note

Permissions are named in the language of your instance and use your terminology.

juntagrico relies heavily on the Django permission mechanism to customize the system for different users. In this chapter we will explain which permissions can be used for customization and how they work.

Grant Permissions

Create a group

  1. Login with a super admin user.

  2. Open the data management (“Datenverwaltung”) -> Groups -> Add to create a new group or edit an existing one.

  3. Set a name for the group, e.g. “share management”.

  4. Select and add the permissions (using the arrow to the right in the middle) that you want to give to this group and save the group.

What Permissions do I need to set?

There are 4 basic permissions for each entity which are self explanatory:

  • View

  • Add

  • Change

  • Delete

Hint

If a user should be able to change an entity, they also need access to at least view the related entities. See Dependent Permissions below.

Juntagrico provides some additional permissions, that are described in the sections below.

Add users to the group

  1. Login with a super admin user.

  2. Open the data management (“Datenverwaltung”) -> User (“Benutzer”) and edit the user of the member you want to give the permissions to.

  3. If the user needs access to the data management, tick staff status (“Mitarbeiter-Status”).

  4. Add the relevant groups for this user and save the user.

You may also give permissions do users directly but this is not recommended as it is then harder to transfer the same permissions to another user.

Testing the user access

To be sure, that the user can do what you intended them to do, it is best to create a test user and give them the same permissions. Try out all actions with the test user, to confirm that they work.

Note

You can also test the permissions of a user by impersonating them. However, by default the data admin is excluded from impersonation. If you want to check the users permissions in the data admin as well, set the IMPERSONATE_URI_EXCLUSIONS setting to an empty list. Read more.

Staff status and superuser status

In addition to the permissions a user can be granted staff status (“Mitarbeiter-Status”) and superuser status (“Administrator-Status”). These have the following effects:

  • staff status: Allows the user to login to the django admin page (“Datenverwaltung”), to see which version of juntagrico is installed and to contact any member via email.

  • superuser status: Grants the user all permissions, except the notification permissions, which need to be granted specifically.

Dependent permissions

In order to be able to edit some types of entities not only the change permission of this entity type has to be granted to a member but also some dependent permissions.

Subscription

Also requires change permissions for subscription parts and subscription membership. And view permission for members.

Jobs

Also requires change permission for assignments and job extras. And view permission for job types and members.

Job Types

Also require at least view permission for locations.

Depot

Also require at least view permission for locations.

Deliveries

Also requires change permission for deliver item.

Shares

Also require at least view permission for members.

Area and Depot Admins

Depot Coordinators

Warning

Changed in 2.0: Permission juntagrico.is_depot_admin was removed.

Depot coordinator permissions are configured for each depot and coordinator individually. These permissions can be set when editing a depot in the data management (“Datenverwaltung”) -> Depots (“Depots”). There you can add a coordinator and distribute the following permissions.

  • Can modify depot: Coordinator can change the descriptions of this depot

  • Can see members: Coordinator can see the list of members with active subscriptions in this depot

  • Can contact members: Coordinator can see names, email addresses and phone numbers of members with active subscriptions in this depot

Area Coordinators

Warning

Changed in 2.0: Permission juntagrico.is_area_admin was removed.

Area coordinator permissions are configured for each area and coordinator individually. These permissions can be set when editing an area in the data management (“Datenverwaltung”) -> Activity Area (“Tätigkeitsbereiche”). There you can add a coordinator and distribute the following permissions.

  • Can modify area: Coordinator can change the description and the contact(s) of this area

  • Can see members: Coordinator can see the list of members that participate in this activity area

  • Can contact members: Coordinator can see names, email addresses and phone numbers of area participants and can contact participants of jobs in their area

  • Can remove members: Coordinator can remove participants from this area

  • Can manage jobs: Coordinator can create and modify all jobs of this area

  • Can manage assignments: Coordinator can change and remove assignments of jobs in this area

Notifications

Some entities send a notification email when they are created or canceled. Should a member be notified on a certain event it has to have the corresponding permission for that entity type and event.

Note

These permissions need to be given explicitly, i.e., administrators are not notified implicitly.

juntagrico.notified_on_share_creation

Person gets notified when a share is created.

Search Hints:

  • German: Erstellung informiert

juntagrico.notified_on_share_cancellation

Person gets notified when a share is canceled.

Search Hints:

  • German: Kündigung informiert

juntagrico.notified_on_member_creation

Person gets notified when a member is created.

Search Hints:

  • German: Erstellung informiert

juntagrico.notified_on_member_cancellation

Person gets notified when any member cancels their membership.

Search Hints:

  • German: Kündigung informiert

juntagrico.notified_on_subscription_creation

Person gets notified when a subscription is created.

Search Hints:

  • German: Erstellung informiert

juntagrico.notified_on_subscription_cancellation

Person gets notified when a subscription is canceled.

Search Hints:

  • German: Kündigung informiert

juntagrico.notified_on_subscriptionpart_creation

Person gets notified when a subscription part is created.

Search Hints:

  • German: Erstellung informiert

juntagrico.notified_on_subscriptionpart_cancellation

Person gets notified when a subscription part is canceled.

Search Hints:

  • German: Kündigung informiert

juntagrico.notified_on_depot_change

Person gets notified when a member wants to change their depot.

Search Hints:

  • German: Änderung informiert

juntagrico.depot_list_notification

Member gets notified when the depot list is generated.

Search Hints:

  • German: Listen-Erstellung informiert

Administrator Menu

Which entries can be seen on the administration menu depend on a set of permissions.

juntagrico.change_subscription

Person sees the subscription entry in the administration menu.

Search Hints:

  • German: Abo

juntagrico.change_subscriptionpart

Person sees the extra subscription entry in the administration menu.

Search Hints:

  • German: Bestandteil

juntagrico.change_member

Person sees the member entry in the administration menu.

Search Hints:

  • German: Mitglied

juntagrico.change_assignment

Person sees the assignment entry in the administration menu.

Search Hints:

  • German: Arbeitseinsatz

juntagrico.change_share

Person sees the share entry in the administration menu.

Search Hints:

  • German: Anteilsschein

juntagrico.can_filter_members

Person sees the member filter entry in the administration menu without the permission to change members.

Search Hints:

  • German: filtern

juntagrico.can_filter_subscriptions

Person sees the subscription filter entry in the administration menu without the permission to change subscriptions.

Search Hints:

  • German: filtern

Email Permissions

These permissions are related to sending emails.

juntagrico.can_send_mails

Person can in general send emails to anyone.

If you want to give limited access to send emails, use the area admin or depot admin features.

Search Hints:

  • German: Emails versenden

juntagrico.can_email_all_with_share

Person sees the option in the email form to send mass emails to all users with active shares.

Requires:

  • juntagrico.can_send_mails

Search Hints:

  • German: Emails versenden

juntagrico.can_email_all_with_sub

Person sees the option in the email form to send mass emails to all users with active subscription.

Requires:

  • juntagrico.can_send_mails

Search Hints:

  • German: Emails versenden

juntagrico.can_use_general_email

Person can use the “general” email address specified in the setting CONTACTS as sender in the mail form.

Search Hints:

  • German: Kann allgemeine E-Mail-Adresse verwenden

juntagrico.can_use_for_members_email

Person can use the “for_member” email address specified in the setting CONTACTS as sender in the mail form.

Search Hints:

  • German: Kann E-Mail-Adresse “for_members” verwenden

juntagrico.can_use_for_subscriptions_email

Person can use the “for_subscriptions” email address specified in the setting CONTACTS as sender in the mail form.

Search Hints:

  • German: Kann E-Mail-Adresse “for_subscription” verwenden

juntagrico.can_use_for_shares_email

Person can use the “for_shares” email address specified in the setting CONTACTS as sender in the mail form.

Search Hints:

  • German: Kann E-Mail-Adresse “for_shares” verwenden

juntagrico.can_use_technical_email

Person can use the “technical” email address specified in the setting CONTACTS as sender in the mail form.

Search Hints:

  • German: Kann technische E-Mail-Adresse verwenden

juntagrico.can_email_attachments

Person can add attachments when sending an email via the member contact form.

Search Hints:

  • German: Kann Anhänge per E-Mail senden

Depot List Permissions

juntagrico.can_view_lists

Person can open the generated lists.

Search Hints:

  • German: Kann Listen öffnen

juntagrico.can_generate_lists

Person can generate lists (of depot etc.)

Search Hints:

  • German: Kann Listen erzeugen

Edit Permissions

These permissions allow to edit certain entities.

juntagrico.can_edit_past_jobs

Person can edit jobs which are in the past.

Search Hints:

  • German: vergangene

juntagrico.change_assignment

Person can edit all assignments on all jobs. To reduce the assignments, the juntagrico.delete_assignment permission is needed. See below.

Search Hints:

  • German: Arbeitseinsatz

juntagrico.delete_assignment

Person can remove any assignment on any job.

Search Hints:

  • German: Arbeitseinsatz

juntagrico.can_change_deactivated_subscriptions

Person can edit subscriptions which are deactivated.

Search Hints:

  • German: deaktivierte

Other Permissions

juntagrico.is_operations_group

Warning

Deprecated. This permission will be replaced by more granular permissions in the next releases.

  • Download payment file for shares

  • (De)activate subscriptions

Search Hints:

  • German: Ist in der BG