Castopod handles authentication and authorization using codeigniter/shield
coupled with custom rules. Roles and permissions are defined at two levels:
- instance wide
- per podcast
1. Instance wide roles and permissions
Instance roles
| role | description | permissions |
|---|
| Super admin | Has complete control over Castopod. | admin.*, plugins.*, podcasts.*, users.manage, persons.manage, pages.manage, fediverse.manage-blocks |
| Manager | Manages Castopod’s content. | podcasts.create, podcasts.import, persons.manage, pages.manage |
| Podcaster | General users of Castopod. | admin.access |
Instance permissions
| permission | description |
|---|
| admin.access | Can access the Castopod admin area. |
| admin.settings | Can access the Castopod settings. |
| plugins.manage | Auth.instance_permissions.plugins.manage |
| users.manage | Can manage Castopod users. |
| persons.manage | Can manage persons. |
| pages.manage | Can manage pages. |
| podcasts.view | Can view all podcasts. |
| podcasts.create | Can create new podcasts. |
| podcasts.import | Can import podcasts. |
| fediverse.manage-blocks | Can block fediverse actors/domains from interacting with Castopod. |
2. Per podcast roles and permissions
Per podcast roles
| role | description | permissions |
|---|
| Admin | Has complete control of podcast #{id}. | * |
| Editor | Manages content and publications of podcast #{id}. | view, edit, manage-import, manage-persons, manage-platforms, manage-publications, manage-notifications, interact-as, episodes.view, episodes.create, episodes.edit, episodes.delete, episodes.manage-persons, episodes.manage-clips, episodes.manage-publications, episodes.manage-comments |
| Author | Manages content of podcast #{id} but cannot publish them. | view, manage-persons, episodes.view, episodes.create, episodes.edit, episodes.manage-persons, episodes.manage-clips |
| Guest | General contributor of the podcast #{id}. | view, episodes.view |
Per podcast permissions
| permission | description |
|---|
| view | Can view dashboard and analytics of podcast #{id}. |
| edit | Can edit podcast #{id}. |
| delete | Can delete podcast #{id}. |
| manage-import | Can synchronize imported podcast #{id}. |
| manage-persons | Can manage subscriptions of podcast #{id}. |
| manage-subscriptions | Can manage subscriptions of podcast #{id}. |
| manage-contributors | Can manage contributors of podcast #{id}. |
| manage-platforms | Can set/remove platform links of podcast #{id}. |
| manage-publications | Can publish podcast #{id}. |
| manage-notifications | Can view and mark notifications as read for podcast #{id}. |
| interact-as | Can interact as the podcast #{id} to favourite, share or reply to posts. |
| episodes.view | Can view dashboards and analytics of podcast #{id}‘s episodes. |
| episodes.create | Can create episodes for podcast #{id}. |
| episodes.edit | Can edit episodes of podcast #{id}. |
| episodes.delete | Can delete episodes of podcast #{id}. |
| episodes.manage-persons | Can manage episode persons of podcast #{id}. |
| episodes.manage-clips | Can manage video clips or soundbites of podcast #{id}. |
| episodes.manage-publications | Can publish/unpublish episodes and posts of podcast #{id}. |
| episodes.manage-comments | Can create/remove episode comments of podcast #{id}. |
