The data in the Voluntari.ly system must have integrity, security, privacy.

Access to the data through the service api must implement the following access rules

Access is controlled by the identity and Role of the user

User Roles

Role	Means
anon	person is not signed in. They can view various parts of the site but cannot change anything. Most clicks will prompt them to register and sign in.
all	all signed in users, they can browse more of the site create opportunties and manage their personal profile.
vp	volunteer time provider - i.e a volunteer, person who is interested in an opportunity. They can view opportunities in summary and detail form, show interest and communicate with the op-provider. by default everyone is a vp
op	Opportunity provider - e.g a teacher. person who creates and manages an opportunity.
ap	Activity provider / content provider, can create and manage activities.
tester	can see debug and analytics pages
admin	operational admin, can do almost everything through the UI
org-admin	Can manage an organisation, its members and can set an approval process for listings
owner	The specific person responsible for a record e.g a personal profile, opportuntity etc.

Archived Opportunities

Role	Action	Permissions	Fields	Method + Route
anon	list	View all archived opportunities with status "Completed"	id, name, subtitle, img_url, duration	GET /api/archivedOpportunities
anon	read	View individual archived opportunity records with status "Completed"	all	GET /api/archivedOpportunities/:id
anon	create	No access	n/a	n/a
anon	update	No access	n/a	n/a
anon	delete	No access	n/a	n/a
all	list	View all archived opportunities with status "Completed"	id, name, subtitle, img_url, duration	GET /api/archivedOpportunities
all	read	View individual archived opportunity records with status "Completed"	all	GET /api/archivedOpportunities/:id
all	create	No access	n/a	n/a
all	update	No access	n/a	n/a
all	delete	No access	n/a	n/a
admin	list	View all archived opportunities	id, name, subtitle, img_url, duration	GET /api/archivedOpportunities
admin	read	View individual archived opportunity records	all	GET /api/archivedOpportunities/:id
admin	create	Can create records	all	POST /api/archivedOpportunities
admin	update	Can update records	all	PUT /api/archivedOpportunities/:id
admin	delete	Can delete records	all	DELETE /api/archivedOpportunities/:id

Interests

Role	Action	Permissions	Fields	Method + Route
anon	list	No access	n/a	GET /api/interests
anon	read	No access	n/a	GET /api/interests/:id
anon	create	No access	n/a	POST /api/interests
anon	update	No access	n/a	PUT /api/interests/:id
anon	delete	No access	n/a	DELETE /api/interests/:id
volunteer	list	Can list own interest records	All	GET /api/interests
volunteer	read	Can read own interest records	All	GET /api/interests/:id
volunteer	create	Can create own interest records	opportunity, comment (all other fields set by default)	POST /api/interests
volunteer	update	No access	n/a	PUT /api/interests/:id
volunteer	delete	Can delete own interest records	n/a	DELETE /api/interests/:id
op	list	Can list interest records for their opportunities	All	GET /api/interests
op	read	Can read interest records for their opportunities	All	GET /api/interests/:id
op	create	No access	n/a	POST /api/interests
op	update	Can update status field of interest records for their opportunities	status	PUT /api/interests/:id
op	delete	No access	n/a	DELETE /api/interests/:id
org admin	list	Can list interest records for the opportunities provided by their organisation	All	GET /api/interests
org admin	read	Can read interest records for the opportunities provided by their organisation	All	GET /api/interests/:id
org admin	create	No access	n/a	POST /api/interests
org admin	update	Can update the status field of interest records for the opportunities provided by their organisation	status	PUT /api/interests/:id
org admin	delete	No access	n/a	DELETE /api/interests/:id
admin	list	Can list all interest records on the platform	n/a	GET /api/interests
admin	read	Can read all interest records on the platform	n/a	GET /api/interests/:id
admin	create	Can create interest records	n/a	POST /api/interests
admin	update	Can update all interest records on the platform	n/a	PUT /api/interests/:id
admin	delete	Can delete all interest records on the platform	n/a	DELETE /api/interests/:id

Interest archive

for their opportunitiesop for their opportunitiesopInterestsArchivedopstatusop

Role	Action	Permissions	Fields	Method + Route
anon	list	No access	n/a	GET /api/interestsArchived
anon	read	No access	n/a	GET /api/interestsArchived/:id
anon	create	No access	n/a	POST /api/InterestsArchived
anon	update	No access	n/a	PUT /api/interestsArchived/:id
anon	delete	No access	n/a	DELETE /api/interestsArchived/:idop
volunteer	list	Can list their own interest archive records		n/a	GET /api/interestsArchived
volunteer	read	Can read their own interest archive records		n/a	GET /api/interestsArchived/:id
volunteer	create	No access	n/a	POST /api/	interestsArchived
volunteer	update	Can update status field for interest archive records for their opportunities	No access	n/a	PUT /api/interestsArchived/:id
volunteer	delete	No access	n/a	DELETE /api/interestsArchived/:id
org adminop	list	Can list interest archive records for the their opportunities provided by their organisation	n/a	GET /api/interestsArchived
org adminop	read	Can read interest archive records for the their opportunities provided by their organisation	n/a	GET /api/interestsArchived/:id
org adminop	create	No access	n/a	POST /api/InterestsArchived
org adminop	update	Can update status field for interest archive records for the their opportunities provided by their organisation	status	PUT /api/interestsArchived/:id
org adminop	delete	No access	n/a	DELETE /api/interestsArchived/:id
org admin	list	Can list all interest archive records for the opportunities provided by their organisation	n/a	GET /api/interestsArchived
org admin	read	Can read all interest archive records for the opportunities provided by their organisation	n/a	GET /api/interestsArchived/:id
org admin	createCan create interest archive records	No access	n/a	POST /api/InterestsArchived
org admin	update	Can update all status field for interest archive records n/afor the opportunities provided by their organisation	status	PUT /api/interestsArchived/:id
org admin	deleteCan delete all interest archive records	No access	n/a	DELETE /api/interestsArchived/:id

Member

admin

Role

Action

Permissions

Fields

Method + Route

anon

list

No access

list

Can list all interest archive records

n/a

GET /api/

members

interestsArchived

anon

admin

read

No access

Can read all interest archive records

n/a

GET /api/

members

interestsArchived/:id

anon

admin

create

No access

Can create interest archive records

n/a

POST /api/

members

InterestsArchived

anon

admin

update

No access

Can update all interest archive records

n/a

PUT /api/

members

interestsArchived/:id

anon

admin

delete

No access

Can delete all interest archive records

n/a

DELETE /api/

members

interestsArchived/:id

all

Member

Role	Action	Permissions	Fields	Method + Route
anon	listCan list their own member records	No access	n/a	GET /api/members
allanon	readCan read their own member records	No access	n/a	GET /api/members/:id
allanon	create	Can create their own member records with certain statuses	status (follower, joiner, validator), person (only themselves)No access	n/a	POST /api/members
allanon	update	Can update their own member records with certain statuses	status (none, follower, joiner, validator, exmember), person (only themselves)No access	n/a	PUT /api/members/:id
allanon	delete	No access	n/a	DELETE /api/members/:id
org adminall	list	Can list their own member records for their organisations	n/a	GET /api/members
org adminall	read	Can read their own member records for their organisations	n/a	GET /api/members/:id
org adminall	create	Can create their own member records for their organisationsn/awith certain statuses	status (follower, joiner, validator), person (only themselves)	POST /api/members
org adminall	update	Can update their own member records for their organisations	n/a	PUT /api/members/:id	org adminwith certain statuses	status (none, follower, joiner, validator, exmember), person (only themselves)	PUT /api/members/:id
all	delete	No access	n/a	DELETE /api/members/:id
org admin	list	Can list all member records for their organisations	n/a	GET /api/members
org admin	read	Can read all member records for their organisations	n/a	GET /api/members/:id
org admin	create	Can create member records for their organisations	n/a	POST /api/members
org admin	update	Can update all member records for their organisations	n/a	PUT /api/members/:id
org admin	deleteCan delete all member records	No access	n/a	DELETE /api/members/:id

People

admin

RoleActionPermissionsFieldsMethod + RouteanonlistNo access

list

Can list all member records

n/a

GET /api/

people

members

anon

admin

read

No access

Can read all member records

n/a

GET /api/

people

members/:id

anon

admin

create

No access

Can create member records

n/a

POST /api/

people

members

anon

admin

update

No access

Can update all member records

n/a

PUT /api/

people

members/:id

anon

admin

delete

No access

Can delete all member records

n/a

DELETE /api/

people

members/:id

vp

People

See note 2optester

Role	Action	Permissions	Fields	Method + Route
anon	list	List all people ¹	No access	n/a	GET /api/people
vpanon	read	Can read any person ¹ Can be indirectly provided with contact details for a vp via an interested record in invited state	See note 2	No access	n/a	GET /api/people/:id
vpanon	create	No access	n/a	POST /api/people
vpanon	update	No access	n/a	PUT /api/people/:id
vpanon	delete	No access	n/a	DELETE /api/people/:id
vp	list	List all people ¹	See note 2	GET /api/people
opvp	read	Can read any person ¹ Can be indirectly provided with contact details for a vp via an interested record in invited state	See note 2	GET /api/people/:id
opvp	create	No access	n/a	POST /api/people
opvp	update	No access	n/a	PUT /api/people/:id
opvp	delete	No access	n/a	DELETE /api/people/:id
op	list	List all people ¹	See note 2	GET /api/people
testerop	read	Can read any person ¹	See note 2	GET /api/people/:id
testerop	create	No access	n/a	POST /api/people
testerop	updateCan update any person	No access	n/a	PUT /api/people/:id
testerop	deleteCan delete any person	No access	n/a	DELETE /api/people/:id
org admintester	list	List all people ¹	See note 2	GET /api/people
org admintester	read	Can read any person ¹	See note 2All fields can be read	GET /api/people/:id
org admintester	create	No access	n/a	POST /api/people
org admintester	update	Can update any person	Any field can be updatedn/a	PUT /api/people/:id
org admintester	deleteNo access	Can delete any person	n/a	DELETE /api/people/:id
org admin	listCan list	List all peopleAll fieldspeople ¹	See note 2	GET /api/people
org admin	read	Can read any personAll fieldsperson ¹	See note 2	GET /api/people/:id
org admin	create	Can create new user	All fieldsNo access	n/a	POST /api/people
org admin	update	Can update any person	All fields Any field can be updated	PUT /api/people/:id
org admin	deleteCan delete any person⁴	No access	n/a	DELETE /api/people/:id
owneradmin	list	List Can list all people ¹	See note 2All fields	GET /api/people
owneradmin	read	Can read any person	See note 2 and 3All fields	GET /api/people/:id
owneradmin	create	No access	n/aCan create new user	All fields	POST /api/people
owneradmin	update	Can only update their own record Permitted to change: name nickname about location phone pronoun language website facebook twitter education placeOfWork job sendEmailNotifications role*Only an ADMIN user update any person	All fields can be updated	PUT /api/people/:id
admin	delete	Can delete any person⁴	n/a	DELETE /api/people/:id
owner	list	List all people ¹	See note 2	GET /api/people
owner	read	Can read any person	See note 2 and 3	GET /api/people/:id
owner	create	No access	n/a	POST /api/people
owner	update	Can only update their own record	Permitted to change: name nickname about location phone pronoun language website facebook twitter education placeOfWork job sendEmailNotifications role* Only an ADMIN user can assign the ADMIN role to a user Only an ADMIN user can assign the TESTER role to a user All other role values can be assigned at this time – although this will need review status tags teacher Denied: email dateAdded	PUT /api/people/:id
owner	delete	Can delete their own account⁴	n/a	DELETE /api/people/:id

Notes:

VP-1264 is the card to limit the people returned from the list API. VP-1267 is to limit who can access the read API
Standard non-owner people fields are a whitelist of:
- id
- nickname
- language
- name
- status
- avatar
- about
- language
- imgUrl
- role
- pronoun
- tags
- facebook
- website
- twitter
- sendEmailNotifications
VP-1268 is a card to return all fields when the request is for the current user
VP-1297 future work to anonymise user's data but keep their person record so that relationships are preserved for historical data and analytics

## Create

(

Person - Created when new person

)

Post /api/people/

RoleCananonCan create one person by registering with a valid identityallcannot create peopletesterCan create new peopleadminCan create new peopleorg-adminCan create a list of new people from an uploaded data set.

Read (single person)

GET /api/people/:id

RoleCananonNoallCan browse a person's profile page but with contact details removedvpcan be indirectly provided with contact details for a vp via an interested record in invited stateopCan browse a person's full profile page if they are in the same organisationapCan browse a person's full profile page if they are in the same organisationadminfull accessorg-adminCan browse a person's full profile page if they are in the same organisationownerThe person matching the person ID can see all their profile details.

Update

PUT /api/people/:id

RoleCananonno accessallno access to change people recordsadmincan update person's recordorg-admincan update person's recordownercan update their own record

Delete

DELETE /api/people/:id

Usually delete will not delete the record from the database but will mark it as unavailable.

RoleCananonno accessallno accessadminCan delete a person, this will maintain the person_id record but replace all the PID information (email, name, avatar) with anonymised placeholders so that historical records still work.org-admincan mark person as no longer in the organisation but not remove them.ownerA person can resign from the site and this will delete them as above for an admin.

## Create
Person - Created when new person signs in - All
Opportunity - all - but only into draft mode. May require org-admin approval to set active state
Activity - ap,
Organisation - Admin
Interest - vp
tag - all

## Read
Person - All
Opportunity - All+anon except in Draft mode - then only op-provider (op) and org-admin
Activity - All+anon except in Draft mode - then only activity-provider (ap) and org-admin

## Update
## Delete
In most cases Delete paths should be only available to Admin ( and some API keyholders)
Also in most cases Delete should not remove a document but move it into a new state, or collection.

Opportunities

List

GET /api/opportunities

RoleCananoncan list ops with restrictions - (active, near future, and returns Card level info, no details). To see more they have to sign in.allcan list published ops and see full details ( published includes active and completed )admincan list ops in all statesorg-admincan list published and draft ops created by people in their org

Create

POST /api/opportunities

RoleCananoncannot list peopleallcan list people matching criteria and get limited info back. ( name, avatar and skills/interest ) but not contact details.vpcan create opportunities of the 'offer' typeop

can create opportunities of the 'request' type into draft state but may require org-admin permission to move to active.

org is fixed to org of owner

admincan create anythingorg-admincan create ops and move draft ops to published.

Read

GET /api/opportunities/:id

RoleCananoncan see full details of the op, (must be active state) need to sign in to express interestallcan see full details of the active and completed opsadmincan see full details of ops in all statesorg-admincan see full details of ops in all states for ops created by people in their org.ownercan see full details of ops they own

Update

PUT /api/opportunities/:id

RoleCananonno accessallcan list people matching criteria and get limited info back. ( name, avatar and skills/interest ) but not contact details.admincan update ops including state changeorg-admincan update ops including state change for ops created by people in their orgownercan update their own ops. cannot change org,

Delete

DELETE /api/opportunities/:id

RoleCananonno accessallno accessadmincan remove a record by putting it into archived collectionorg-admincan remove a record by putting it into archived collection for their orgownercan change state to 'closed'

signs in - All
Opportunity - all - but only into draft mode. May require org-admin approval to set active state
Activity - ap,
Organisation - Admin
Interest - vp
tag - all

## Read
Person - All
Opportunity - All+anon except in Draft mode - then only op-provider (op) and org-admin
Activity - All+anon except in Draft mode - then only activity-provider (ap) and org-admin

## Update
## Delete
In most cases Delete paths should be only available to Admin ( and some API keyholders)
Also in most cases Delete should not remove a document but move it into a new state, or collection.

Opportunities

Role	Action	Permissions	Fields	Method + Route
anon	list	Can list opportunities Restrictions: active, near future, and returns Card level info (To see more they have to sign in)	id name, subtitle imgUrl duration date	GET /api/opportunities
anon	read	Can read any opportunity In general READ should have the same permissions as LIST	id name, subtitle imgUrl duration date	GET /api/opportunities/:id
anon	create	No access	n/a	POST /api/opportunities
anon	update	No access	n/a	PUT /api/opportunities/:id
anon	delete	No access	n/a	DELETE /api/opportunities/:id
vp	list	Can list published¹ opportunities and see full details	All fields	GET /api/opportunities
vp	read	Can see full details of the published¹ ops	All fields	GET /api/opportunities/:id
vp	create	Can create opportunities of the 'offer' type	n/a	POST /api/opportunities
vp	update	No access	n/a	PUT /api/opportunities/:id
vp	delete	No access	n/a	DELETE /api/opportunities/:id
op	list	Can list published¹ opportunities and see full details	All fields	GET /api/opportunities
op	read	Can see full details of the published¹ ops	All fields	GET /api/opportunities/:id
op	create	Can create opportunities of the 'offer' type	n/a	POST /api/opportunities
op	update	No access	n/a	PUT /api/opportunities/:id
op	delete	No access	n/a	DELETE /api/opportunities/:id
admin	list	All opportunities	All fields	GET /api/opportunities
admin	read	Any opportunity	All fields	GET /api/opportunities/:id
admin	create	Can create any opportunity	All fields	POST /api/opportunities
admin	update	Can update any opportunity	All fields	PUT /api/opportunities
admin	delete	Can delete any opportunity If an admin wishes to archive an opportunity they should `PUT` with the `status` field set to the COMPLETED or CANCELLED value	n/a	DELETE /api/opportunities/:id
org admin	list	~~Can list published and draft ops created by people in their org~~ Can list all opportunities	All fields	GET /api/opportunities
org admin	read	Can list published¹ opportunities and see full details	All fields	GET /api/opportunities/:id
org admin	create	Can create opportunities	All fields `offerOrg` must be one of the current users organisations	POST /api/opportunities
org admin	update	Can update opportunities for their organisation only	All fields `offerOrg` must be one of the current users organisations	PUT /api/opportunities
owner	read	Can see full details of ops they own Only ops that are published¹	All fields	GET /api/opportunities/:id
owner	create	n/a	n/a	n/a
owner	update	Can change the `status` to `COMPLETED` or `CANCELLED` Can change the fields listed	name title subtitle imgUrl description duration location venue status status value transition permission work todo: VP-1325 date offerOrg href tags	PUT /api/opportunities/:id
owner	delete	Cannot delete The owner can `PUT` to the opportunity with a `status` change to archive the opportunity however	n/a	DELETE /api/opportunities/:id

Notes:

Published = Active or Completed status

List

GET /api/opportunities

Role	Can
anon	can list ops with restrictions - (active, near future, and returns Card level info, no details). To see more they have to sign in.
all	can list published ops and see full details ( published includes active and completed )
admin	can list ops in all states
org-admin	can list published and draft ops created by people in their org

Create

POST /api/opportunities

Role	Can
anon	cannot list people
all	can list people matching criteria and get limited info back. ( name, avatar and skills/interest ) but not contact details.
vp	can create opportunities of the 'offer' type
op	can create opportunities of the 'request' type into draft state but may require org-admin permission to move to active. org is fixed to org of owner
admin	can create anything
org-admin	can create ops and move draft ops to published.

Read

GET /api/opportunities/:id

Role	Can
anon	can see full details of the op, (must be active state) need to sign in to express interest
all	can see full details of the active and completed ops
admin	can see full details of ops in all states
org-admin	can see full details of ops in all states for ops created by people in their org.
owner	can see full details of ops they own

Update

PUT /api/opportunities/:id

Role	Can
anon	no access
all	can list people matching criteria and get limited info back. ( name, avatar and skills/interest ) but not contact details.
admin	can update ops including state change
org-admin	can update ops including state change for ops created by people in their org
owner	can update their own ops. cannot change org,

Delete

DELETE /api/opportunities/:id

Role	Can
anon	no access
all	no access
admin	can remove a record by putting it into archived collection
org-admin	can remove a record by putting it into archived collection for their org
owner	can change state to 'closed'

School invite

This API end point does not map to a mongoose model it is used to trigger invite school emails and by people who accept those school invites.

Role	Action	Permissions	Fields	Method + Route
all authenticated	n/a	Can visit URL to accept invite and will have their school created as an organisation and made an org admin of that school (URL will also include a token containing school id)	n/a	GET /api/notify/school-invite/accept
admin	n/a	Can send a school invite email	n/a	POST /api/notify/school-invite

School lookup

Role	Action	Permissions	Fields	Method + Route
anon	list	No access	n/a	GET /api/schools
anon	read	No access	n/a	GET /api/schools/:id
anon	create	No access	n/a	POST /api/schools
anon	update	No access	n/a	PUT /api/schools/:id
anon	delete	No access	n/a	DELETE /api/schools/:id
all	list	No access	n/a	GET /api/schools
all	read	No access	n/a	GET /api/schools/:id
all	create	No access	n/a	POST /api/schools
all	update	No access	n/a	PUT /api/schools/:id
all	delete	No access	n/a	DELETE /api/schools/:id
admin	list	Can list school lookup records	n/a	GET /api/schools
admin	read	No access	n/a	GET /api/schools/:id
admin	create	No access	n/a	POST /api/schools
admin	update	No access	n/a	PUT /api/schools/:id
admin	delete	No access	n/a	DELETE /api/schools/:id

Activities

List

GET /api/activities

Role	Can
anon	can list if active
all	can list if active
admin	can list all
org-admin	can list all where ap is in org
ap (owner)	can list all they are owner for

Create

POST api/activity

Role	Can
anon	no access
vp	no access
op	no access
ap	can create new activity record
admin	can create new activity record
org-admin	can act as ap for person in their org

Read

GET api/activity/:id

Role	Can
anon	can view details if state is active
all	can view details if state is active
admin	can see all
org-admin	can emulate ap for people in their org, can see draft acts.
ap (owner)	can view details in all states.

Update

PUT api/activity/:id

Role	Can
anon	no access
all	no access
vp	no access
op	no access
ap (owner)	can update acts they are owner for
admin	can update
org-admin	can act as ap for acts in their org

Delete

DELETE api/activity/:id

Role	Can
anon	no access
all	no access
admin	can delete
org-admin (owner org)	no access, can put into closed state (via Update)
ap (owner)	no access, can put into closed state (via Update)

Organisations

Organisation information is essentially public, everyone can read except for the info section which depends on membership status.

Note - in the medium term we do not need to block info fields from the API. We will communicate to orgAdmins that the content is not strictly private and should only contain summary information and links to internal web pages.

List

GET /api/organisations

Role	Can
anon	List all organisations, all fields
vp	List all organisations, all fields
op	List all organisations, all fields
ap	List all organisations, all fields
resource provider	List all organisations, all fields
admin	List all organisations, all fields
org-admin	List all organisations, all fields

Read

GET /api/organisations/:id

Role	Can
anon	Read the entity and all fields
vp	Read the entity and all fields
op	Read the entity and all fields
ap	Read the entity and all fields
resource provider	Read the entity and all fields
admin	Read the entity and all fields
org-admin	Read the entity and all fields

Create

POST /api/organisations

Role	Can
anon	No access
vp	No access
op	No access
ap	No access
resource provider	No access
admin	Can create new organisation
org-admin	No access

Update

PUT /api/organisations/:id

Role	Can
anon	No access
vp	No access
op	No access
ap	No access
admin	Can update all fields
org-admin	Can update all fields for the organisation they administer except category No access to other organisations

Delete

Only system admins can delete an organisation. This should be a rare event as it will leave all the assets linked to the organisation dangling. i.e Ops.offerOrg, Member.organisation etc.

DELETE /api/organisations/:id

Role	Can
anon	No access
vp	No access
op	No access
ap	No access
admin	Can delete
org-admin	No access

The tagList collection provides arrays of strings each of which is a word list that can be used for tags or select fields.

if requested without a wordlist id the GET call returns the default list of keywords.

As of Feb 2020 this feature is only partially implemented providing only a single word list.

The lists are read only to all except admins.

Role	Action	Permissions	Fields	Method + Route
anon	list	No access	n/a	GET /api/tags
anon	read	No access	n/a	GET /api/tags/:id
anon	create	No access	n/a	POST /api/tags
anon	update	No access	n/a	PUT /api/tags/:id
anon	delete	No access	n/a	DELETE /api/tags/:id
Authed	list	List default word list	All	GET /api/tags
Authed	read	List specific word list	All	GET /api/tags/:id
Authed	create	No access	All	POST /api/tags
Authed	update	No access	n/a	PUT /api/tags/:id
Authed	delete	No access	n/a	DELETE /api/tags/:id
admin	list	Can list all	All	GET /api/tags
admin	read	Can read all	All	GET /api/tags/:id
admin	create	Can create any	n/a	POST /api/tags
admin	update	Can update any	n/a	PUT /api/tags/:id
admin	delete	Can delete any	n/a	DELETE /api/tags/:id

Table of Contents

Versions Compared

Old Version 27

New Version Current

Key

User Roles

Archived Opportunities

Interests

Interest archive

Member

People

Notes:

Read (single person)

Update

Delete

Opportunities

List

Create

Read

Update

Delete

Opportunities

List

Create

Read

Update

Delete

School invite

School lookup

Activities

List

Create

Read

Update

Delete

Organisations

List

Read

Create

Update

Delete

Page Comparison

Versions Compared

Old Version 27

New Version Current

Key

User Roles

Archived Opportunities

Interests

Interest archive

Member

People

Notes:

Read (single person)

Update

Delete

Opportunities

List

Create

Read

Update

Delete

Opportunities

List

Create

Read

Update

Delete

School invite

School lookup

Activities

List

Create

Read

Update

Delete

Organisations

List

Read

Create

Update

Delete

Tags (TagList)