Skip to content

Authentication & Authorization

Castopod handles authentication and authorization using codeigniter/shield coupled with custom rules. Roles and permissions are defined at two levels:

  1. instance wide
  2. per podcast

1. Instance wide roles and permissions

Instance roles

roledescriptionpermissions
Super adminHas complete control over Castopod.admin.*, plugins.*, podcasts.*, users.manage, persons.manage, pages.manage, fediverse.manage-blocks
ManagerManages Castopod’s content.podcasts.create, podcasts.import, persons.manage, pages.manage
PodcasterGeneral users of Castopod.admin.access

Instance permissions

permissiondescription
admin.accessCan access the Castopod admin area.
admin.settingsCan access the Castopod settings.
plugins.manageAuth.instance_permissions.plugins.manage
users.manageCan manage Castopod users.
persons.manageCan manage persons.
pages.manageCan manage pages.
podcasts.viewCan view all podcasts.
podcasts.createCan create new podcasts.
podcasts.importCan import podcasts.
fediverse.manage-blocksCan block fediverse actors/domains from interacting with Castopod.

2. Per podcast roles and permissions

Per podcast roles

roledescriptionpermissions
AdminHas complete control of podcast #{id}.*
EditorManages content and publications of podcast #{id}.view, edit, manage-import, manage-persons, manage-platforms, manage-publications, manage-notifications, interact-as, episodes.view, episodes.create, episodes.edit, episodes.delete, episodes.manage-persons, episodes.manage-clips, episodes.manage-publications, episodes.manage-comments
AuthorManages content of podcast #{id} but cannot publish them.view, manage-persons, episodes.view, episodes.create, episodes.edit, episodes.manage-persons, episodes.manage-clips
GuestGeneral contributor of the podcast #{id}.view, episodes.view

Per podcast permissions

permissiondescription
viewCan view dashboard and analytics of podcast #{id}.
editCan edit podcast #{id}.
deleteCan delete podcast #{id}.
manage-importCan synchronize imported podcast #{id}.
manage-personsCan manage subscriptions of podcast #{id}.
manage-subscriptionsCan manage subscriptions of podcast #{id}.
manage-contributorsCan manage contributors of podcast #{id}.
manage-platformsCan set/remove platform links of podcast #{id}.
manage-publicationsCan publish podcast #{id}.
manage-notificationsCan view and mark notifications as read for podcast #{id}.
interact-asCan interact as the podcast #{id} to favourite, share or reply to posts.
episodes.viewCan view dashboards and analytics of podcast #{id}‘s episodes.
episodes.createCan create episodes for podcast #{id}.
episodes.editCan edit episodes of podcast #{id}.
episodes.deleteCan delete episodes of podcast #{id}.
episodes.manage-personsCan manage episode persons of podcast #{id}.
episodes.manage-clipsCan manage video clips or soundbites of podcast #{id}.
episodes.manage-publicationsCan publish/unpublish episodes and posts of podcast #{id}.
episodes.manage-commentsCan create/remove episode comments of podcast #{id}.