The data in the Voluntari.ly system must have integrity, security, privacy.

Access to the data through the service api must implement the following access rules

Access is controlled by the identity and Role of the user

User Roles

Role	Means
anon	person is not signed in. They can view various parts of the site but cannot change anything. Most clicks will prompt them to register and sign in.
all	all signed in users, they can browse more of the site create opportunties and manage their personal profile.
vp	volunteer time provider - i.e a volunteer, person who is interested in an opportunity. They can view opportunities in summary and detail form, show interest and communicate with the op-provider. by default everyone is a vp
op	Opportunity provider - e.g a teacher. person who creates and manages an opportunity.
ap	Activity provider / content provider, can create and manage activities.
tester	can see debug and analytics pages
admin	operational admin, can do almost everything through the UI
org-admin	Can manage an organisation, its members and can set an approval process for listings
owner	The specific person responsible for a record e.g a personal profile, opportuntity etc.

Archived Opportunities

Role	Action	Permissions	Fields	Method + Route
anon	list	View all archived opportunities with status "Completed"	id, name, subtitle, img_url, duration	GET /api/archivedOpportunities
anon	read	View individual archived opportunity records with status "Completed"	all	GET /api/archivedOpportunities/:id
anon	create	No access	n/a	n/a
anon	update	No access	n/a	n/a
anon	delete	No access	n/a	n/a
all	list	View all archived opportunities with status "Completed"	id, name, subtitle, img_url, duration	GET /api/archivedOpportunities
all	read	View individual archived opportunity records with status "Completed"	all	GET /api/archivedOpportunities/:id
all	create	No access	n/a	n/a
all	update	No access	n/a	n/a
all	delete	No access	n/a	n/a
admin	list	View all archived opportunities	id, name, subtitle, img_url, duration	GET /api/archivedOpportunities
admin	read	View individual archived opportunity records	all	GET /api/archivedOpportunities/:id
admin	create	Can create records	all	POST /api/archivedOpportunities
admin	update	Can update records	all	PUT /api/archivedOpportunities/:id
admin	delete	Can delete records	all	DELETE /api/archivedOpportunities/:id

Interests

Role	Action	Permissions	Fields	Method + Route
anon	list	No access	n/a	GET /api/interests
anon	read	No access	n/a	GET /api/interests/:id
anon	create	No access	n/a	POST /api/interests
anon	update	No access	n/a	PUT /api/interests/:id
anon	delete	No access	n/a	DELETE /api/interests/:id
volunteer	list	Can list own interest records	All	GET /api/interests
volunteer	read	Can read own interest records	All	GET /api/interests/:id
volunteer	create	Can create own interest records	opportunity, comment (all other fields set by default)	POST /api/interests
volunteer	update	No access	n/a	PUT /api/interests/:id
volunteer	delete	Can delete own interest records	n/a	DELETE /api/interests/:id
op	list	Can list interest records for their opportunities	All	GET /api/interests
op	read	Can read interest records for their opportunities	All	GET /api/interests/:id
op	create	No access	n/a	POST /api/interests
op	update	Can update status field of interest records for their opportunities	status	PUT /api/interests/:id
op	delete	No access	n/a	DELETE /api/interests/:id
org admin	list	Can list interest records for the opportunities provided by their organisation	All	GET /api/interests
org admin	read	Can read interest records for the opportunities provided by their organisation	All	GET /api/interests/:id
org admin	create	No access	n/a	POST /api/interests
org admin	update	Can update the status field of interest records for the opportunities provided by their organisation	status	PUT /api/interests/:id
org admin	delete	No access	n/a	DELETE /api/interests/:id
admin	list	Can list all interest records on the platform	n/a	GET /api/interests
admin	read	Can read all interest records on the platform	n/a	GET /api/interests/:id
admin	create	Can create interest records	n/a	POST /api/interests
admin	update	Can update all interest records on the platform	n/a	PUT /api/interests/:id
admin	delete	Can delete all interest records on the platform	n/a	DELETE /api/interests/:id

Interest archive

for their opportunitiesop for their opportunitiesopInterestsArchivedopstatusop

Role	Action	Permissions	Fields	Method + Route
anon	list	No access	n/a	GET /api/interestsArchived
anon	read	No access	n/a	GET /api/interestsArchived/:id
anon	create	No access	n/a	POST /api/InterestsArchived
anon	update	No access	n/a	PUT /api/interestsArchived/:id
anon	delete	No access	n/a	DELETE /api/interestsArchived/:idop
volunteer	list	Can list their own interest archive records		n/a	GET /api/interestsArchived
volunteer	read	Can read their own interest archive records		n/a	GET /api/interestsArchived/:id
volunteer	create	No access	n/a	POST /api/	interestsArchived
volunteer	update	Can update status field for interest archive records for their opportunities	No access	n/a	PUT /api/interestsArchived/:id
volunteer	delete	No access	n/a	DELETE /api/interestsArchived/:id
org adminop	list	Can list interest archive records for the their opportunities provided by their organisation	n/a	GET /api/interestsArchived
org adminop	read	Can read interest archive records for the their opportunities provided by their organisation	n/a	GET /api/interestsArchived/:id
org adminop	create	No access	n/a	POST /api/InterestsArchived
org adminop	update	Can update status field for interest archive records for the their opportunities provided by their organisation	status	PUT /api/interestsArchived/:id
org adminop	delete	No access	n/a	DELETE /api/interestsArchived/:id
org admin	list	Can list all interest archive records for the opportunities provided by their organisation	n/a	GET /api/interestsArchived
org admin	read	Can read all interest archive records for the opportunities provided by their organisation	n/a	GET /api/interestsArchived/:id
org admin	createCan create interest archive records	No access	n/a	POST /api/InterestsArchived
org admin	update	Can update all status field for interest archive records n/afor the opportunities provided by their organisation	status	PUT /api/interestsArchived/:id
org admin	deleteCan delete all interest archive records	No access	n/a	DELETE /api/interestsArchived/:id

People

admin

RoleActionPermissionsFieldsMethod + RouteanonlistNo accessn/aGET /api/peopleanonreadNo access

list	Can list all interest archive records	n/a	GET /api/interestsArchived
admin	read	Can read all interest archive records	n/a	GET /api/

people

interestsArchived/:id

anon

admin

create

No access

Can create interest archive records

n/a

POST /api/

people

InterestsArchived

anon

admin

update

No access

Can update all interest archive records

n/a

PUT /api/

people

interestsArchived/:id

anon

admin

delete

No access

Can delete all interest archive records

n/a

DELETE /api/

people

interestsArchived/:id

vp

Member

Role

list

List all people ¹

See note 2

Action	Permissions	Fields	Method + Route
anon	list	No access	n/a	GET /api/

people

members

vpSee note 2

anon

read

Can read any person ¹

Can be indirectly provided with contact details for a vp via an interested record in invited state

No access

n/a

GET /api/

people

members/:id

vp

anon

create

No access

n/a

POST /api/

people

members

vp

anon

update

No access

n/a

PUT /api/

people

members/:id

vp

anon

delete

No access

n/a

DELETE /api/

people

members/:id

opSee note 2

all

list

List all people ¹

Can list their own member records

n/a

GET /api/

people

members

op

all

read

Can read

any person ¹See note 2

their own member records

n/a

GET /api/

people

members/:id

opn/a

all

create

No access

Can create their own member records with certain statuses

status (follower, joiner, validator), person (only themselves)

POST /api/

people

members

opn/a

all

update

No access

Can update their own member records with certain statuses

status (none, follower, joiner, validator, exmember), person (only themselves)

PUT /api/

people

members/:id

op

all

delete

No access

n/a

DELETE /api/

people

members/:id

testerSee note 2

org admin

list

List all people ¹

Can list member records for their organisations

n/a

GET /api/

people

members

tester

org admin

read

Can read

any person ¹See note 2

member records for their organisations

n/a

GET /api/

people

members/:id

tester

org admin

create

No access

Can create member records for their organisations

n/a

POST /api/

people

members

tester

org admin

update

Can update

any person

member records for their organisations

n/a

PUT /api/

people

members/:id

tester

org admin

delete

No access

n/a

DELETE /api/

people

members/:id

org

admin

list

List all people ¹See note 2

Can list all member records

n/a

GET /api/

people

members

org

admin

read

Can read

any person ¹See note 2

all member records

n/a

GET /api/

people

members/:id

org

admin

create

No access

Can create member records

n/a

POST /api/

people

members

org

admin

update

Can update

any personAny field can be updated

all member records

n/a

PUT /api/

people

members/:id

org

admin

delete

No access

Can delete all member records

n/a

DELETE /api/

people

members/:id

admin

People

All fields

Role	Action	Permissions	Fields	Method + Route
anon	list	Can list all people	No access	n/a	GET /api/people
adminanon	read	Can read any person	All fieldsNo access	n/a	GET /api/people/:id
adminanon	create	Can create new user	All fieldsNo access	n/a	POST /api/people
adminanon	update	Can update any person	All fields can be updatedNo access	n/a	PUT /api/people/:id
adminanon	deleteCan delete a person, this will maintain the person_id record but replace all the PID information (email, name, avatar) with anonymised placeholders so that historical records still work.	No access	n/a	DELETE /api/people/:id
ownervp	list	List all people people ¹	See note 2	GET /api/people
ownervp	read	Can read any person See note 2 and 3 person ¹ Can be indirectly provided with contact details for a vp via an interested record in invited state	See note 2	GET /api/people/:id
ownervp	create	No access	n/a	POST /api/people
ownervp	update	Can only update their own record	Permitted to change: name nickname about location phone pronoun language website facebook twitter education sendEmailNotifications role* Only an ADMIN user can assign the ADMIN role to a user Only an ADMIN user can assign the TESTER role to a user All other role values can be assigned at this time – although this will need review status tags teacher Denied: email dateAdded	PUT No access	n/a	PUT /api/people/:id
vp	delete	No access	n/a	DELETE /api/people/:id
op	list	List all people ¹	See note 2	GET /api/people
op	read	Can read any person ¹	See note 2	GET /api/people/:id
op	create	No access	n/a	POST /api/people
op	update	No access	n/a	PUT /api/people/:id
op	delete	No access	n/a	DELETE /api/people/:id

Notes:

VP-1264 is the card to limit the people returned from the list API. VP-1267 is to limit who can access the read API
Standard non-owner people fields are a whitelist of:
- id
- nickname
- language
- name
- status
- avatar
- about
- role
- pronoun
- tags
- facebook
- website
- twitter
VP-1268 is a card to return all fields when the request is for the current user

Create (new person)

Post /api/people/

RoleCananonCan create one person by registering with a valid identityallcannot create peopletesterCan create new peopleadminCan create new peopleorg-adminCan create a list of new people from an uploaded data set.Read (single person)

tester	list	List all people ¹	See note 2	GET /api/people
tester	read	Can read any person ¹	All fields can be read	GET /api/people/:id
tester	create	No access	n/a	POST /api/people
tester	update	Can update any person	n/a	PUT /api/people/:id
tester	delete	Can delete any person	n/a	DELETE /api/people/:id
org admin	list	List all people ¹	See note 2	GET /api/people
org admin	read	Can read any person ¹	See note 2	GET /api/people/:id

RoleCananonNoallCan browse a person's profile page but with contact details removedvpcan be indirectly provided with contact details for a vp via an interested record in invited stateopCan browse a person's full profile page if they are in the same organisationapCan browse a person's full profile page if they are in the same organisationadminfull accessorg-adminCan browse a person's full profile page if they are in the same organisationownerThe person matching the person ID can see all their profile details.

Update

PUT


org admin	create	No access	n/a	POST /api/people
org admin	update	Can update any person	Any field can be updated	PUT /api/people/:id
org admin	delete	No access	n/a	DELETE /api/people/:id
admin	list	Can list all people	All fields	GET /api/people
admin	read	Can read any person	All fields	GET /api/people/:id

Roleallno access to change people records

admin	create	Can create new user

anonno access

admin
All fields	POST /api/people

can

update

person's recordorg-admincan update person's recordownercan update their own record

Delete

DELETE

Delete

DELETE /api/opportunities/:id

RoleCananonno accessallno accessadmincan remove a record by putting it into archived collectionorg-admincan remove a record by putting it into archived collection for their orgownercan change state to 'closed'

Can update any person

All fields can be updated

PUT /api/people/:id

Usually delete will not delete the record from the database but will mark it as unavailable.

RoleCananonno accessallno accessadminCan delete a person, this will maintain the person_id record but replace all the PID information (email, name, avatar) with anonymised placeholders so that historical records still work.org-admincan mark person as no longer in the organisation but not remove them.ownerA person can resign from the site and this will delete them as above for an admin.

## Create
Person - Created when new person signs in - All
Opportunity - all - but only into draft mode. May require org-admin approval to set active state
Activity - ap,
Organisation - Admin
Interest - vp
tag - all

## Read
Person - All
Opportunity - All+anon except in Draft mode - then only op-provider (op) and org-admin
Activity - All+anon except in Draft mode - then only activity-provider (ap) and org-admin

## Update
## Delete
In most cases Delete paths should be only available to Admin ( and some API keyholders)
Also in most cases Delete should not remove a document but move it into a new state, or collection.

Opportunities

List

GET /api/opportunities

RoleCananoncan list ops with restrictions - (active, near future, and returns Card level info, no details). To see more they have to sign in.allcan list published ops and see full details ( published includes active and completed )admincan list ops in all statesorg-admincan list published and draft ops created by people in their org

Create

POST /api/opportunities

RoleCananoncannot list peopleallcan list people matching criteria and get limited info back. ( name, avatar and skills/interest ) but not contact details.vpcan create opportunities of the 'offer' typeop

can create opportunities of the 'request' type into draft state but may require org-admin permission to move to active.

org is fixed to org of owner

admincan create anythingorg-admincan create ops and move draft ops to published.

Read

GET /api/opportunities/:id

RoleCananoncan see full details of the op, (must be active state) need to sign in to express interestallcan see full details of the active and completed opsadmincan see full details of ops in all statesorg-admincan see full details of ops in all states for ops created by people in their org.ownercan see full details of ops they own

Update

PUT /api/opportunities/:id

RoleCananonno accessallcan list people matching criteria and get limited info back. ( name, avatar and skills/interest ) but not contact details.admincan update ops including state changeorg-admincan update ops including state change for ops created by people in their orgownercan update their own ops. cannot change org,

admin	delete	Can delete any person⁴	n/a	DELETE /api/people/:id
owner	list	List all people ¹	See note 2	GET /api/people
owner	read	Can read any person	See note 2 and 3	GET /api/people/:id
owner	create	No access	n/a	POST /api/people
owner	update	Can only update their own record	Permitted to change: name nickname about location phone pronoun language website facebook twitter education placeOfWork job sendEmailNotifications role* Only an ADMIN user can assign the ADMIN role to a user Only an ADMIN user can assign the TESTER role to a user All other role values can be assigned at this time – although this will need review status tags teacher Denied: email dateAdded	PUT /api/people/:id
owner	delete	Can delete their own account⁴	n/a	DELETE /api/people/:id

Notes:

VP-1264 is the card to limit the people returned from the list API. VP-1267 is to limit who can access the read API
Standard non-owner people fields are a whitelist of:
- id
- nickname
- language
- name
- status
- avatar
- about
- language
- imgUrl
- role
- pronoun
- tags
- facebook
- website
- twitter
- sendEmailNotifications
VP-1268 is a card to return all fields when the request is for the current user
VP-1297 future work to anonymise user's data but keep their person record so that relationships are preserved for historical data and analytics

## Create
Person - Created when new person signs in - All
Opportunity - all - but only into draft mode. May require org-admin approval to set active state
Activity - ap,
Organisation - Admin
Interest - vp
tag - all

## Read
Person - All
Opportunity - All+anon except in Draft mode - then only op-provider (op) and org-admin
Activity - All+anon except in Draft mode - then only activity-provider (ap) and org-admin

## Update
## Delete
In most cases Delete paths should be only available to Admin ( and some API keyholders)
Also in most cases Delete should not remove a document but move it into a new state, or collection.

Opportunities

Role	Action	Permissions	Fields	Method + Route
anon	list	Can list opportunities Restrictions: active, near future, and returns Card level info (To see more they have to sign in)	id name, subtitle imgUrl duration date	GET /api/opportunities
anon	read	Can read any opportunity In general READ should have the same permissions as LIST	id name, subtitle imgUrl duration date	GET /api/opportunities/:id
anon	create	No access	n/a	POST /api/opportunities
anon	update	No access	n/a	PUT /api/opportunities/:id
anon	delete	No access	n/a	DELETE /api/opportunities/:id
vp	list	Can list published¹ opportunities and see full details	All fields	GET /api/opportunities
vp	read	Can see full details of the published¹ ops	All fields	GET /api/opportunities/:id
vp	create	Can create opportunities of the 'offer' type	n/a	POST /api/opportunities
vp	update	No access	n/a	PUT /api/opportunities/:id
vp	delete	No access	n/a	DELETE /api/opportunities/:id
op	list	Can list published¹ opportunities and see full details	All fields	GET /api/opportunities
op	read	Can see full details of the published¹ ops	All fields	GET /api/opportunities/:id
op	create	Can create opportunities of the 'offer' type	n/a	POST /api/opportunities
op	update	No access	n/a	PUT /api/opportunities/:id
op	delete	No access	n/a	DELETE /api/opportunities/:id
admin	list	All opportunities	All fields	GET /api/opportunities
admin	read	Any opportunity	All fields	GET /api/opportunities/:id
admin	create	Can create any opportunity	All fields	POST /api/opportunities
admin	update	Can update any opportunity	All fields	PUT /api/opportunities
admin	delete	Can delete any opportunity If an admin wishes to archive an opportunity they should `PUT` with the `status` field set to the COMPLETED or CANCELLED value	n/a	DELETE /api/opportunities/:id
org admin	list	~~Can list published and draft ops created by people in their org~~ Can list all opportunities	All fields	GET /api/opportunities
org admin	read	Can list published¹ opportunities and see full details	All fields	GET /api/opportunities/:id
org admin	create	Can create opportunities	All fields `offerOrg` must be one of the current users organisations	POST /api/opportunities
org admin	update	Can update opportunities for their organisation only	All fields `offerOrg` must be one of the current users organisations	PUT /api/opportunities
owner	read	Can see full details of ops they own Only ops that are published¹	All fields	GET /api/opportunities/:id
owner	create	n/a	n/a	n/a
owner	update	Can change the `status` to `COMPLETED` or `CANCELLED` Can change the fields listed	name title subtitle imgUrl description duration location venue status status value transition permission work todo: VP-1325 date offerOrg href tags	PUT /api/opportunities/:id
owner	delete	Cannot delete The owner can `PUT` to the opportunity with a `status` change to archive the opportunity however	n/a	DELETE /api/opportunities/:id

Notes:

Published = Active or Completed status

List

GET /api/opportunities

Role	Can
anon	can list ops with restrictions - (active, near future, and returns Card level info, no details). To see more they have to sign in.
all	can list published ops and see full details ( published includes active and completed )
admin	can list ops in all states
org-admin	can list published and draft ops created by people in their org

Create

POST /api/opportunities

Role	Can
anon	cannot list people
all	can list people matching criteria and get limited info back. ( name, avatar and skills/interest ) but not contact details.
vp	can create opportunities of the 'offer' type
op	can create opportunities of the 'request' type into draft state but may require org-admin permission to move to active. org is fixed to org of owner
admin	can create anything
org-admin	can create ops and move draft ops to published.

Read

GET /api/opportunities/:id

Role	Can
anon	can see full details of the op, (must be active state) need to sign in to express interest
all	can see full details of the active and completed ops
admin	can see full details of ops in all states
org-admin	can see full details of ops in all states for ops created by people in their org.
owner	can see full details of ops they own

Update

PUT /api/opportunities/:id

Role	Can
anon	no access
all	can list people matching criteria and get limited info back. ( name, avatar and skills/interest ) but not contact details.
admin	can update ops including state change
org-admin	can update ops including state change for ops created by people in their org
owner	can update their own ops. cannot change org,

Delete

DELETE /api/opportunities/:id

Role	Can
anon	no access
all	no access
admin	can remove a record by putting it into archived collection
org-admin	can remove a record by putting it into archived collection for their org
owner	can change state to 'closed'

School invite

This API end point does not map to a mongoose model it is used to trigger invite school emails and by people who accept those school invites.

Role	Action	Permissions	Fields	Method + Route
all authenticated	n/a	Can visit URL to accept invite and will have their school created as an organisation and made an org admin of that school (URL will also include a token containing school id)	n/a	GET /api/notify/school-invite/accept
admin	n/a	Can send a school invite email	n/a	POST /api/notify/school-invite

School lookup

Role	Action	Permissions	Fields	Method + Route
anon	list	No access	n/a	GET /api/schools
anon	read	No access	n/a	GET /api/schools/:id
anon	create	No access	n/a	POST /api/schools
anon	update	No access	n/a	PUT /api/schools/:id
anon	delete	No access	n/a	DELETE /api/schools/:id
all	list	No access	n/a	GET /api/schools
all	read	No access	n/a	GET /api/schools/:id
all	create	No access	n/a	POST /api/schools
all	update	No access	n/a	PUT /api/schools/:id
all	delete	No access	n/a	DELETE /api/schools/:id
admin	list	Can list school lookup records	n/a	GET /api/schools
admin	read	No access	n/a	GET /api/schools/:id
admin	create	No access	n/a	POST /api/schools
admin	update	No access	n/a	PUT /api/schools/:id
admin	delete	No access	n/a	DELETE /api/schools/:id

Activities

List

GET /api/activities

Role	Can
anon	can list if active
all	can list if active
admin	can list all
org-admin	can list all where ap is in org
ap (owner)	can list all they are owner for

Create

POST api/activity

Role	Can
anon	no access
vp	no access
op	no access
ap	can create new activity record
admin	can create new activity record
org-admin	can act as ap for person in their org

Read

GET api/activity/:id

Role	Can
anon	can view details if state is active
all	can view details if state is active
admin	can see all
org-admin	can emulate ap for people in their org, can see draft acts.
ap (owner)	can view details in all states.

Update

PUT api/activity/:id

Role	Can
anon	no access
all	no access
vp	no access
op	no access
ap (owner)	can update acts they are owner for
admin	can update
org-admin	can act as ap for acts in their org

Delete

DELETE api/activity/:id

Role	Can
anon	no access
all	no access
admin	can delete
org-admin (owner org)	no access, can put into closed state (via Update)
ap (owner)	no access, can put into closed state (via Update)

Organisations

Organisation information is essentially public, everyone can read except for the info section which depends on membership status.

Note - in the medium term we do not need to block info fields from the API. We will communicate to orgAdmins that the content is not strictly private and should only contain summary information and links to internal web pages.

List

GET /api/organisations

Role	Can
anon	List all organisations, all fields
vp	List all organisations, all fields
op	List all organisations, all fields
ap	List all organisations, all fields
resource provider	List all organisations, all fields
admin	List all organisations, all fields
org-admin	List all organisations, all fields

Read

GET /api/organisations/:id

Role	Can
anon	Read the entity and all fields
vp	Read the entity and all fields
op	Read the entity and all fields
ap	Read the entity and all fields
resource provider	Read the entity and all fields
admin	Read the entity and all fields
org-admin	Read the entity and all fields

Create

POST /api/organisations

Role	Can
anon	No access
vp	No access
op	No access
ap	No access
resource provider	No access
admin	Can create new organisation
org-admin	No access

Update

PUT /api/organisations/:id

Role	Can
anon	No access
vp	No access
op	No access
ap	No access
admin	Can update all fields
org-admin	Can update all fields for the organisation they administer except category No access to other organisations

Delete

Only system admins can delete an organisation. This should be a rare event as it will leave all the assets linked to the organisation dangling. i.e Ops.offerOrg, Member.organisation etc.

DELETE /api/organisations/:id

Role	Can
anon	No access
vp	No access
op	No access
ap	No access
admin	Can delete
org-admin	No access

The tagList collection provides arrays of strings each of which is a word list that can be used for tags or select fields.

if requested without a wordlist id the GET call returns the default list of keywords.

As of Feb 2020 this feature is only partially implemented providing only a single word list.

The lists are read only to all except admins.

Role	Action	Permissions	Fields	Method + Route
anon	list	No access	n/a	GET /api/tags
anon	read	No access	n/a	GET /api/tags/:id
anon	create	No access	n/a	POST /api/tags
anon	update	No access	n/a	PUT /api/tags/:id
anon	delete	No access	n/a	DELETE /api/tags/:id
Authed	list	List default word list	All	GET /api/tags
Authed	read	List specific word list	All	GET /api/tags/:id
Authed	create	No access	All	POST /api/tags
Authed	update	No access	n/a	PUT /api/tags/:id
Authed	delete	No access	n/a	DELETE /api/tags/:id
admin	list	Can list all	All	GET /api/tags
admin	read	Can read all	All	GET /api/tags/:id
admin	create	Can create any	n/a	POST /api/tags
admin	update	Can update any	n/a	PUT /api/tags/:id
admin	delete	Can delete any	n/a	DELETE /api/tags/:id

Table of Contents

Page Comparison

Versions Compared

Old Version 20

New Version Current

Key

User Roles

Archived Opportunities

Interests

Interest archive

Member

People

Notes:

Create (new person)

Update

Delete

Delete

Opportunities

List

Create

Read

Update

Notes:

Opportunities

List

Create

Read

Update

Delete

School invite

School lookup

Activities

List

Create

Read

Update

Delete

Organisations

List

Read

Create

Update

Delete

Tags (TagList)