Skip to content

Permissions

B.A.M Ticketing permissions follow a simple naming scheme: system.resource.action.

  • system can be:
  • bc for blockchain related permissions, like issuing tickets
  • account for permissions related to users, organizers and services
  • event for permissions for creation and modification of events
  • payment for on site sale permission (WIP)
  • resource is a more specific entity in that system to which the action relates to (ie. user, ticket)
  • action denotes what is done to that resource (ie. create, view)

The user token is structured in the following way:

{
    ...,
    permissions: [
        ORG_NAME:[
            PERMISSION_LEVEL:[
                PERMISSION
            ]
        ]
    ]
}

Roles

There are several roles for the users:

  1. User - has permissions to access and modify their own data
  2. OnSiteSales - WIP - has permissions to confirm orders with offline payments
  3. HostOrganizer - has user permissions and organizer-wide event permissions
  4. HostManager - has HostOrganizer permission and bc.event.* permissions
  5. Admin - has all permissions on an organizer level
  6. Custom - The permission list is specified in an additional field

Permission levels

Currently there are two scopes for permissions:

  • org_level are permissions for all resources belonging to an organizer. These supersede lower level ones.
  • owner are permissions for resources the user has created(ie. their account)

Permission list

This is an exhaustive list of all permissions supported

  • 'bc.event.create'
  • 'bc.event.cancel'
  • 'bc.event.update_dates'
  • 'bc.ticket_config.create'
  • 'bc.ticket_config.cancel'
  • 'bc.ticket_config.update_price'
  • 'bc.ticket_config.update_quantity'
  • 'bc.ticket_config.update_dates'
  • 'bc.ticket_config.update_fee'
  • 'bc.ticket.cancel'
  • 'bc.ticket.invalidate'
  • 'bc.ticket.update_owner'
  • 'bc.ticket.approve_kyc'
  • 'bc.discount.create'
  • 'bc.discount.update'
  • 'bc.discount.update_dates'
  • 'bc.discount.cancel'
  • 'account.user.create'
  • 'account.user.update'
  • 'account.user.delete'
  • 'account.user.view'
  • 'account.user.list'
  • 'account.service.view'
  • 'account.service.delete'
  • 'account.service.update'
  • 'account.service.list'
  • 'account.service.create'
  • 'account.organization.view'
  • 'account.organization.delete'
  • 'account.organization.update'
  • 'account.organization.list'
  • 'account.organization.create'
  • 'account.change_permissions'
  • 'account.user.change_permissions'
  • 'account.service.change_permissions'
  • 'account.organization.change_permissions'
  • 'bc.change_permissions'
  • 'bc.discount.change_permissions'
  • 'bc.ticket.change_permissions'
  • 'bc.ticket_config.change_permissions'
  • 'bc.event.change_permissions'
  • 'event.event.view'
  • 'event.event.delete'
  • 'event.event.update'
  • 'event.event.list'
  • 'event.event.create'
  • 'event.change_permissions'
  • 'event.event.change_permissions'
  • 'payment.order.confirm'
  • 'payment.change_permissions'
Back to top