Who can get Admin Status for the service Voluntarily.NZ?
Criteria for SysAdmin status
Must be an employee of Voluntarily.NZ.
Must be technically capable and understand the privileges granted.
Must be approved by Platform Technical Lead or Senior management staff.
Identifying System Administrators
Account profiles show Administrator in the roles list.
When signed in as a system administrator the web user interface is highlighted to ensure people are aware of their raised privileges. https://voluntarily.atlassian.net/browse/VP-1424
API call Listing admins id, name and email. - requires a list people permission.
| Code Block |
|---|
http://alpha.voluntarily.nz/api/people?q={ "role": "admin" }&s="name"&p="name email" |
Admin Rights
If you have Admin status on Voluntarily you will see these changes in the systemhave these abilities:
Client Interface
Footer - shows menu to admin page and other entity pages.
MemberSection - Admins and orgAdmins see the member table of an organisation
adminPage - access to any page wrapped in the adminPageHOC
ActDetailPage - owner, OrgAdmin and Admin can edit the Activity
OpDetailPage - owner, OrgAdmin and Admin can manage the Opportunity: edit, manage interested volunteers, complete and cancel
OrgDetailPage - OrgAdmin and Admin can edit the organisation
OrgDetailForm - Only Admin can edit the organisation category. category cannot be set to Admin except through db config. Orgs cannot make themselves Admin OP or AP and they are VP by default. A system Admin must edit the organisation to make them a school or Activity provider based on a formal request. or they are onboarded into that mode directly.
OrgListPage - Create Organisation button.
PersonDetailPage - Admin has newPerson Edit, Remove & ShowPeople buttons.
Admin Pages
admin/invite-school
admin/goals
API
Admins can
list/get all entities
create/update all entities
delete all entities
carry out OrgAdmin functions for all organisations
carry out owner functions for activities and opportunities
view and modify person record
Admins cannot
no current restrictions
...
Enabling Admin
...
Role
To be an admin you must have role = [Role.ADMIN] set in your Person record or be a member of an org with the Admin (AGENCY) Category.
When a new platform is deployed the first system admin must be created in the database by a person with existing DB access permissions. (i.e. A person with permission to access the Voluntarily Password management system). This person can then create the admin organisation and add further members.
Explicit Admin role
Create person sets role to Volunteer.
When a person first signs in they are given the default ‘volunteer’ role.
The admin role cannot be set through API PUT calls as the field is deleted before save.
Admin role can be set by direct editing of the person record in the database. This allows devs to set their admin status directly. It also allows the first administrator to be created in a new deployment by someone with database access.
x/db/make-admin.js (Give a person the "admin" role)
However subsequent administrators should have their role set by membership of an admin organisation. This makes it easier to add and remove new admins.
Implicit Admin role
People inherit their role and access permissions from the organisations they belong to. Hence an org with ‘admin’ category has members who will have the admin role. This allows us to create an org for ‘voluntarily support’ and to manage people in this role without needing database access.
...