The data in the Voluntari.ly system must have integrity, security, privacy.

Access to the data through the service api must implement the following access rules

Access is controlled by the identity and Role of the user

User Roles

Role	Means
anon	person is not signed in. They can view various parts of the site but cannot change anything. Most clicks will prompt them to register and sign in.
all	all signed in users, they can browse more of the site create opportunties and manage their personal profile.
vp	volunteer time provider - i.e a volunteer, person who is interested in an opportunity. They can view opportunities in summary and detail form, show interest and communicate with the op-provider. by default everyone is a vp
op	Opportunity provider - e.g a teacher. person who creates and manages an opportunity.
ap	Activity provider / content provider, can create and manage activities.
tester	can see debug and analytics pages
admin	operational admin, can do almost everything through the UI
org-admin	Can manage an organisation, its members and can set an approval process for listings
owner	The specific person responsible for a record e.g a personal profile, opportuntity etc.

Archived Opportunities

Role	Action	Permissions	Fields	Method + Route
anon	list	View all archived opportunities with status "Completed"	id, name, subtitle, img_url, duration	GET /api/archivedOpportunities
anon	read	View individual archived opportunity records with status "Completed"	all	GET /api/archivedOpportunities/:id
anon	create	No access	n/a	n/a
anon	update	No access	n/a	n/a
anon	delete	No access	n/a	n/a
all	list	View all archived opportunities with status "Completed"	id, name, subtitle, img_url, duration	GET /api/archivedOpportunities
all	read	View individual archived opportunity records with status "Completed"	all	GET /api/archivedOpportunities/:id
all	create	No access	n/a	n/a
all	update	No access	n/a	n/a
all	delete	No access	n/a	n/a
admin	list	View all archived opportunities	id, name, subtitle, img_url, duration	GET /api/archivedOpportunities
admin	read	View individual archived opportunity records	all	GET /api/archivedOpportunities/:id
admin	create	Can create records	all	POST /api/archivedOpportunities
admin	update	Can update records	all	PUT /api/archivedOpportunities/:id
admin	delete	Can delete records	all	DELETE /api/archivedOpportunities/:id

Interests

Role	Action	Permissions	Fields	Method + Route
anon	list	No access	n/a	GET /api/interests
anon	read	No access	n/a	GET /api/interests/:id
anon	create	No access	n/a	POST /api/interests
anon	update	No access	n/a	PUT /api/interests/:id
anon	delete	No access	n/a	DELETE /api/interests/:id
volunteer	list	Can list own interest records	All	GET /api/interests
volunteer	read	Can read own interest records	All	GET /api/interests/:id
volunteer	create	Can create own interest records	opportunity, comment (all other fields set by default)	POST /api/interests
volunteer	update	No access	n/a	PUT /api/interests/:id
volunteer	delete	Can delete own interest records	n/a	DELETE /api/interests/:id
op	list	Can list interest records for their opportunities	All	GET /api/interests
op	read	Can read interest records for their opportunities	All	GET /api/interests/:id
op	create	No access	n/a	POST /api/interests
op	update	Can update status field of interest records for their opportunities	status	PUT /api/interests/:id
op	delete	No access	n/a	DELETE /api/interests/:id
org admin	list	Can list interest records for the opportunities provided by their organisation	All	GET /api/interests
org admin	read	Can read interest records for the opportunities provided by their organisation	All	GET /api/interests/:id
org admin	create	No access	n/a	POST /api/interests
org admin	update	Can update the status field of interest records for the opportunities provided by their organisation	status	PUT /api/interests/:id
org admin	delete	No access	n/a	DELETE /api/interests/:id
admin	list	Can list all interest records on the platform	n/a	GET /api/interests
admin	read	Can read all interest records on the platform	n/a	GET /api/interests/:id
admin	create	Can create interest records	n/a	POST /api/interests
admin	update	Can update all interest records on the platform	n/a	PUT /api/interests/:id
admin	delete	Can delete all interest records on the platform	n/a	DELETE /api/interests/:id

Interest archive

Role	Action	Permissions	Fields	Method + Route
anon	list	No access	n/a	GET /api/interestsArchived
anon	read	No access	n/a	GET /api/interestsArchived/:id
anon	create	No access	n/a	POST /api/InterestsArchived
anon	update	No access	n/a	PUT /api/interestsArchived/:id
anon	delete	No access	n/a	DELETE /api/interestsArchived/:id
volunteer	list	Can list their own interest archive records	n/a	GET /api/interestsArchived
volunteer	read	Can read their own interest archive records	n/a	GET /api/interestsArchived/:id
volunteer	create	No access	n/a	POST /api/interestsArchived
volunteer	update	No access	n/a	PUT /api/interestsArchived/:id
volunteer	delete	No access	n/a	DELETE /api/interestsArchived/:id
op	list	Can list interest archive records for their opportunities	n/a	GET /api/interestsArchived
op	read	Can read interest archive records for their opportunities	n/a	GET /api/interestsArchived/:id
op	create	No access	n/a	POST /api/InterestsArchived
op	update	Can update status field for interest archive records for their opportunities	status	PUT /api/interestsArchived/:id
op	delete	No access	n/a	DELETE /api/interestsArchived/:id
org admin	list	Can list interest archive records for the opportunities provided by their organisation	n/a	GET /api/interestsArchived
org admin	read	Can read interest archive records for the opportunities provided by their organisation	n/a	GET /api/interestsArchived/:id
org admin	create	No access	n/a	POST /api/InterestsArchived
org admin	update	Can update status field for interest archive records for the opportunities provided by their organisation	status	PUT /api/interestsArchived/:id
org admin	delete	No access	n/a	DELETE /api/interestsArchived/:id
admin	list	Can list all interest archive records	n/a	GET /api/interestsArchived
admin	read	Can read all interest archive records	n/a	GET /api/interestsArchived/:id
admin	create	Can create interest archive records	n/a	POST /api/InterestsArchived
admin	update	Can update all interest archive records	n/a	PUT /api/interestsArchived/:id
admin	delete	Can delete all interest archive records	n/a	DELETE /api/interestsArchived/:id

Member

Role	Action	Permissions	Fields	Method + Route
anon	list	No access	n/a	GET /api/members
anon	read	No access	n/a	GET /api/members/:id
anon	create	No access	n/a	POST /api/members
anon	update	No access	n/a	PUT /api/members/:id
anon	delete	No access	n/a	DELETE /api/members/:id
all	list	Can list their own member records	n/a	GET /api/members
all	read	Can read their own member records	n/a	GET /api/members/:id
all	create	Can create their own member records with certain statuses	status (follower, joiner, validator), person (only themselves)	POST /api/members
all	update	Can update their own member records with certain statuses	status (none, follower, joiner, validator, exmember), person (only themselves)	PUT /api/members/:id
all	delete	No access	n/a	DELETE /api/members/:id
org admin	list	Can list member records for their organisations	n/a	GET /api/members
org admin	read	Can read member records for their organisations	n/a	GET /api/members/:id
org admin	create	Can create member records for their organisations	n/a	POST /api/members
org admin	update	Can update member records for their organisations	n/a	PUT /api/members/:id
org admin	delete	No access	n/a	DELETE /api/members/:id
admin	list	Can list all member records	n/a	GET /api/members
admin	read	Can read all member records	n/a	GET /api/members/:id
admin	create	Can create member records	n/a	POST /api/members
admin	update	Can update all member records	n/a	PUT /api/members/:id
admin	delete	Can delete all member records	n/a	DELETE /api/members/:id

People

Role	Action	Permissions	Fields	Method + Route
anon	list	No access	n/a	GET /api/people
anon	read	No access	n/a	GET /api/people/:id
anon	create	No access	n/a	POST /api/people
anon	update	No access	n/a	PUT /api/people/:id
anon	delete	No access	n/a	DELETE /api/people/:id
vp	list	List all people ¹	See note 2	GET /api/people
vp	read	Can read any person ¹ Can be indirectly provided with contact details for a vp via an interested record in invited state	See note 2	GET /api/people/:id
vp	create	No access	n/a	POST /api/people
vp	update	No access	n/a	PUT /api/people/:id
vp	delete	No access	n/a	DELETE /api/people/:id
op	list	List all people ¹	See note 2	GET /api/people
op	read	Can read any person ¹	See note 2	GET /api/people/:id
op	create	No access	n/a	POST /api/people
op	update	No access	n/a	PUT /api/people/:id
op	delete	No access	n/a	DELETE /api/people/:id
tester	list	List all people ¹	See note 2	GET /api/people
tester	read	Can read any person ¹	All fields can be read	GET /api/people/:id
tester	create	No access	n/a	POST /api/people
tester	update	Can update any person	n/a	PUT /api/people/:id
tester	delete	Can delete any person	n/a	DELETE /api/people/:id
org admin	list	List all people ¹	See note 2	GET /api/people
org admin	read	Can read any person ¹	See note 2	GET /api/people/:id
org admin	create	No access	n/a	POST /api/people
org admin	update	Can update any person	Any field can be updated	PUT /api/people/:id
org admin	delete	No access	n/a	DELETE /api/people/:id
admin	list	Can list all people	All fields	GET /api/people
admin	read	Can read any person	All fields	GET /api/people/:id
admin	create	Can create new user	All fields	POST /api/people
admin	update	Can update any person	All fields can be updated	PUT /api/people/:id
admin	delete	Can delete any person⁴	n/a	DELETE /api/people/:id
owner	list	List all people ¹	See note 2	GET /api/people
owner	read	Can read any person	See note 2 and 3	GET /api/people/:id
owner	create	No access	n/a	POST /api/people
owner	update	Can only update their own record	Permitted to change: name nickname about location phone pronoun language website facebook twitter education placeOfWork job sendEmailNotifications role* Only an ADMIN user can assign the ADMIN role to a user Only an ADMIN user can assign the TESTER role to a user All other role values can be assigned at this time – although this will need review status tags teacher Denied: email dateAdded	PUT /api/people/:id
owner	delete	Can delete their own account⁴	n/a	DELETE /api/people/:id

Notes:

VP-1264 is the card to limit the people returned from the list API. VP-1267 is to limit who can access the read API
Standard non-owner people fields are a whitelist of:
- id
- nickname
- language
- name
- status
- avatar
- about
- language
- imgUrl
- role
- pronoun
- tags
- facebook
- website
- twitter
- sendEmailNotifications
VP-1268 is a card to return all fields when the request is for the current user
VP-1297 future work to anonymise user's data but keep their person record so that relationships are preserved for historical data and analytics

## Create
Person - Created when new person signs in - All
Opportunity - all - but only into draft mode. May require org-admin approval to set active state
Activity - ap,
Organisation - Admin
Interest - vp
tag - all

## Read
Person - All
Opportunity - All+anon except in Draft mode - then only op-provider (op) and org-admin
Activity - All+anon except in Draft mode - then only activity-provider (ap) and org-admin

## Update
## Delete
In most cases Delete paths should be only available to Admin ( and some API keyholders)
Also in most cases Delete should not remove a document but move it into a new state, or collection.

Opportunities

Role	Action	Permissions	Fields	Method + Route
anon	list	Can list opportunities Restrictions: active, near future, and returns Card level info (To see more they have to sign in)	id name, subtitle imgUrl duration date	GET /api/opportunities
anon	read	Can read any opportunity In general READ should have the same permissions as LIST	id name, subtitle imgUrl duration date	GET /api/opportunities/:id
anon	create	No access	n/a	POST /api/opportunities
anon	update	No access	n/a	PUT /api/opportunities/:id
anon	delete	No access	n/a	DELETE /api/opportunities/:id
vp	list	Can list published¹ opportunities and see full details	All fields	GET /api/opportunities
vp	read	Can see full details of the published¹ ops	All fields	GET /api/opportunities/:id
vp	create	Can create opportunities of the 'offer' type	n/a	POST /api/opportunities
vp	update	No access	n/a	PUT /api/opportunities/:id
vp	delete	No access	n/a	DELETE /api/opportunities/:id
op	list	Can list published¹ opportunities and see full details	All fields	GET /api/opportunities
op	read	Can see full details of the published¹ ops	All fields	GET /api/opportunities/:id
op	create	Can create opportunities of the 'offer' type	n/a	POST /api/opportunities
op	update	No access	n/a	PUT /api/opportunities/:id
op	delete	No access	n/a	DELETE /api/opportunities/:id
admin	list	All opportunities	All fields	GET /api/opportunities
admin	read	Any opportunity	All fields	GET /api/opportunities/:id
admin	create	Can create any opportunity	All fields	POST /api/opportunities
admin	update	Can update any opportunity	All fields	PUT /api/opportunities
admin	delete	Can delete any opportunity If an admin wishes to archive an opportunity they should `PUT` with the `status` field set to the COMPLETED or CANCELLED value	n/a	DELETE /api/opportunities/:id
org admin	list	~~Can list published and draft ops created by people in their org~~ Can list all opportunities	All fields	GET /api/opportunities
org admin	read	Can list published¹ opportunities and see full details	All fields	GET /api/opportunities/:id
org admin	create	Can create opportunities	All fields `offerOrg` must be one of the current users organisations	POST /api/opportunities
org admin	update	Can update opportunities for their organisation only	All fields `offerOrg` must be one of the current users organisations	PUT /api/opportunities
owner	read	Can see full details of ops they own Only ops that are published¹	All fields	GET /api/opportunities/:id
owner	create	n/a	n/a	n/a
owner	update	Can change the `status` to `COMPLETED` or `CANCELLED` Can change the fields listed	name title subtitle imgUrl description duration location venue status status value transition permission work todo: VP-1325 date offerOrg href tags	PUT /api/opportunities/:id
owner	delete	Cannot delete The owner can `PUT` to the opportunity with a `status` change to archive the opportunity however	n/a	DELETE /api/opportunities/:id

Notes:

Published = Active or Completed status

List

GET /api/opportunities

Role	Can
anon	can list ops with restrictions - (active, near future, and returns Card level info, no details). To see more they have to sign in.
all	can list published ops and see full details ( published includes active and completed )
admin	can list ops in all states
org-admin	can list published and draft ops created by people in their org

Create

POST /api/opportunities

Role	Can
anon	cannot list people
all	can list people matching criteria and get limited info back. ( name, avatar and skills/interest ) but not contact details.
vp	can create opportunities of the 'offer' type
op	can create opportunities of the 'request' type into draft state but may require org-admin permission to move to active. org is fixed to org of owner
admin	can create anything
org-admin	can create ops and move draft ops to published.

Read

GET /api/opportunities/:id

Role	Can
anon	can see full details of the op, (must be active state) need to sign in to express interest
all	can see full details of the active and completed ops
admin	can see full details of ops in all states
org-admin	can see full details of ops in all states for ops created by people in their org.
owner	can see full details of ops they own

Update

PUT /api/opportunities/:id

Role	Can
anon	no access
all	can list people matching criteria and get limited info back. ( name, avatar and skills/interest ) but not contact details.
admin	can update ops including state change
org-admin	can update ops including state change for ops created by people in their org
owner	can update their own ops. cannot change org,

Delete

DELETE /api/opportunities/:id

Role	Can
anon	no access
all	no access
admin	can remove a record by putting it into archived collection
org-admin	can remove a record by putting it into archived collection for their org
owner	can change state to 'closed'

School invite

This API end point does not map to a mongoose model it is used to trigger invite school emails and by people who accept those school invites.

Role	Action	Permissions	Fields	Method + Route
all authenticated	n/a	Can visit URL to accept invite and will have their school created as an organisation and made an org admin of that school (URL will also include a token containing school id)	n/a	GET /api/notify/school-invite/accept
admin	n/a	Can send a school invite email	n/a	POST /api/notify/school-invite

School lookup

Role	Action	Permissions	Fields	Method + Route
anon	list	No access	n/a	GET /api/schools
anon	read	No access	n/a	GET /api/schools/:id
anon	create	No access	n/a	POST /api/schools
anon	update	No access	n/a	PUT /api/schools/:id
anon	delete	No access	n/a	DELETE /api/schools/:id
all	list	No access	n/a	GET /api/schools
all	read	No access	n/a	GET /api/schools/:id
all	create	No access	n/a	POST /api/schools
all	update	No access	n/a	PUT /api/schools/:id
all	delete	No access	n/a	DELETE /api/schools/:id
admin	list	Can list school lookup records	n/a	GET /api/schools
admin	read	No access	n/a	GET /api/schools/:id
admin	create	No access	n/a	POST /api/schools
admin	update	No access	n/a	PUT /api/schools/:id
admin	delete	No access	n/a	DELETE /api/schools/:id

Activities

List

GET /api/activities

Role	Can
anon	can list if active
all	can list if active
admin	can list all
org-admin	can list all where ap is in org
ap (owner)	can list all they are owner for

Create

POST api/activity

Role	Can
anon	no access
vp	no access
op	no access
ap	can create new activity record
admin	can create new activity record
org-admin	can act as ap for person in their org

Read

GET api/activity/:id

Role	Can
anon	can view details if state is active
all	can view details if state is active
admin	can see all
org-admin	can emulate ap for people in their org, can see draft acts.
ap (owner)	can view details in all states.

Update

PUT api/activity/:id

Role	Can
anon	no access
all	no access
vp	no access
op	no access
ap (owner)	can update acts they are owner for
admin	can update
org-admin	can act as ap for acts in their org

Delete

DELETE api/activity/:id

Role	Can
anon	no access
all	no access
admin	can delete
org-admin (owner org)	no access, can put into closed state (via Update)
ap (owner)	no access, can put into closed state (via Update)

Organisations

Organisation information is essentially public, everyone can read except for the info section which depends on membership status.

Note - in the medium term we do not need to block info fields from the API. We will communicate to orgAdmins that the content is not strictly private and should only contain summary information and links to internal web pages.

List

GET /api/organisations

Role	Can
anon	List all organisations, all fields
vp	List all organisations, all fields
op	List all organisations, all fields
ap	List all organisations, all fields
resource provider	List all organisations, all fields
admin	List all organisations, all fields
org-admin	List all organisations, all fields

Read

GET /api/organisations/:id

Role	Can
anon	Read the entity and all fields
vp	Read the entity and all fields
op	Read the entity and all fields
ap	Read the entity and all fields
resource provider	Read the entity and all fields
admin	Read the entity and all fields
org-admin	Read the entity and all fields

Create

POST /api/organisations

Role	Can
anon	No access
vp	No access
op	No access
ap	No access
resource provider	No access
admin	Can create new organisation
org-admin	No access

Update

PUT /api/organisations/:id

Role	Can
anon	No access
vp	No access
op	No access
ap	No access
admin	Can update all fields
org-admin	Can update all fields for the organisation they administer except category No access to other organisations

Delete

Only system admins can delete an organisation. This should be a rare event as it will leave all the assets linked to the organisation dangling. i.e Ops.offerOrg, Member.organisation etc.

DELETE /api/organisations/:id

Role	Can
anon	No access
vp	No access
op	No access
ap	No access
admin	Can delete
org-admin	No access

The tagList collection provides arrays of strings each of which is a word list that can be used for tags or select fields.

if requested without a wordlist id the GET call returns the default list of keywords.

As of Feb 2020 this feature is only partially implemented providing only a single word list.

The lists are read only to all except admins.

Role	Action	Permissions	Fields	Method + Route
anon	list	No access	n/a	GET /api/tags
anon	read	No access	n/a	GET /api/tags/:id
anon	create	No access	n/a	POST /api/tags
anon	update	No access	n/a	PUT /api/tags/:id
anon	delete	No access	n/a	DELETE /api/tags/:id
Authed	list	List default word list	All	GET /api/tags
Authed	read	List specific word list	All	GET /api/tags/:id
Authed	create	No access	All	POST /api/tags
Authed	update	No access	n/a	PUT /api/tags/:id
Authed	delete	No access	n/a	DELETE /api/tags/:id
admin	list	Can list all	All	GET /api/tags
admin	read	Can read all	All	GET /api/tags/:id
admin	create	Can create any	n/a	POST /api/tags
admin	update	Can update any	n/a	PUT /api/tags/:id
admin	delete	Can delete any	n/a	DELETE /api/tags/:id

Voluntarily Product

API Access Security Rules

User Roles

Archived Opportunities

Interests

Interest archive

Member

People

Notes:

Opportunities

List

Create

Read

Update

Delete

School invite

School lookup

Activities

List

Create

Read

Update

Delete

Organisations

List

Read

Create

Update

Delete

User Roles

Archived Opportunities

Interests

Interest archive

Member

People

Notes:

Opportunities

List

Create

Read

Update

Delete

School invite

School lookup

Activities

List

Create

Read

Update

Delete

Organisations

List

Read

Create

Update

Delete

Tags (TagList)