Authentication & Authorization

Castopod handles authentication and authorization using codeigniter/shield coupled with custom rules. Roles and permissions are defined at two levels:

  1. instance wide
  2. per podcast

1. Instance wide roles and permissions

Instance roles

roledescriptionpermissions
Super adminHas complete control over Castopod.admin.*, podcasts.*, users.manage, persons.manage, pages.manage, fediverse.manage-blocks
ManagerManages Castopod's content.podcasts.create, podcasts.import, persons.manage, pages.manage
PodcasterGeneral users of Castopod.admin.access

Instance permissions

permissiondescription
admin.accessCan access the Castopod admin area.
admin.settingsCan access the Castopod settings.
users.manageCan manage Castopod users.
persons.manageCan manage persons.
pages.manageCan manage pages.
podcasts.viewCan view all podcasts.
podcasts.createCan create new podcasts.
podcasts.importCan import podcasts.
fediverse.manage-blocksCan block fediverse actors/domains from interacting with Castopod.

2. Per podcast roles and permissions

Per podcast roles

roledescriptionpermissions
AdminHas complete control of podcast #{id}.*
EditorManages content and publications of podcast #{id}.view, edit, manage-import, manage-persons, manage-platforms, manage-publications, interact-as, episodes.view, episodes.create, episodes.edit, episodes.delete, episodes.manage-persons, episodes.manage-clips, episodes.manage-publications, episodes.manage-comments, episodes.manage-notifications
AuthorManages content of podcast #{id} but cannot publish them.view, manage-persons, episodes.view, episodes.create, episodes.edit, episodes.manage-persons, episodes.manage-clips
GuestGeneral contributor of the podcast #{id}.view, episodes.view

Per podcast permissions

permissiondescription
viewCan view dashboard and analytics of podcast #{id}.
editCan edit podcast #{id}.
deleteCan delete podcast #{id}.
manage-importCan synchronize imported podcast #{id}.
manage-personsCan manage subscriptions of podcast #{id}.
manage-subscriptionsCan manage subscriptions of podcast #{id}.
manage-contributorsCan manage contributors of podcast #{id}.
manage-platformsCan set/remove platform links of podcast #{id}.
manage-publicationsCan publish podcast #{id}.
manage-notificationsCan view and mark notifications as read for podcast #{id}.
interact-asCan interact as the podcast #{id} to favourite, share or reply to posts.
episodes.viewCan view dashboard and analytics of podcast #{id}.
episodes.createCan create episodes for podcast #{id}.
episodes.editCan edit podcast #{id}.
episodes.deleteCan delete podcast #{id}.
episodes.manage-personsCan manage subscriptions of podcast #{id}.
episodes.manage-clipsCan manage video clips or soundbites of podcast #{id}.
episodes.manage-publicationsCan publish podcast #{id}.
episodes.manage-commentsCan create/remove episode comments of podcast #{id}.