User Authorization Levels

[thequbit]

So I like to define these up-front so we don't get into a long drawn out conversation of who can do what on the site. I think there should be four authentication levels, and all end-points need to fit one level.

VIEWER
STANDARD_USER
ELEVATED_USER
ADMINISTRATOR

VIEWER
This is someone who goes to the site and has not logged in.

STANDARD_USER
This is someone who has created a login. They should be able to:

• Change their user profile stuff ( display name, location, etc. )
• Label audio to a category
• Post comments to /organizations /learn and /recordings sections
• Integrate with Midas for posting responses to help requests.

ELEVATED_USER
This is someone who works at an organization. They should be able to:

• Do everything that a STANDARD_USER can do
• Edit their organizations "landing page"
• Add people and recordings to their organization
• Post to Midas for help
• Post to /learn
• Post to /blog??? ( we can talk about this ... i picture "invited blogger from xyz station" kind of thing)

ADMINISTRATOR
This is the highest authorized user. They should be able to:

• Do everything that an ELEVATED_USER can do
• POST/PUT/DELETE anything and everything on the site
• Create new users of any auth level.

Does that make sense? Have I forgotten anything and/or simplified it too much? I think we can fit most things into this model ...

[melodykramer]

Yes, and I agree that we should only have certain users posting to the blog. This seems like a good demarcation.

[GabeIsman]

LGTM