The idea of EventR is to be the leading eventr calendar of all our community. For this, it's possible to give access to external users to manage their own events using our tool. Since we use federated authentication, this is relatively easy for the end user.
Requesting Access
- To request access a user visits: https://eventr.geant.org/request_access
- This redirects them to our SPP page where they sign in using one of the federated options.
- After successful sign in, the user has to select which organisation they represent. This list is populated from the
nrens
table (see db/schema.rb). For an example of how to populate this data from a csv file see the rake job:lib/tasks/import_nrens.rake
. If a user can't find their organsation in the list, simply add it to thenrens
table. - Hitting submit will send off an email to sysadmin@terena.org with the subject "New user request for EventR"
- This email contains all the details to add the user to the production database, eg:
User: someone.other@renater.fr (tal_id: xxx)
User.find(xxx).update(roles: ["member"])
- Double check the tal_id with the details of the users email address to make sure that person actually is who they claim to be. You can do this by signing in to the SPP backend and doing a simply db lookup on tal_id.
- If you are in doubts if the user really needs to have permission check with someone who might know this person, or the partner relations team if they really need access.
- SSH to the EventR production server and change user to eventr and change into the docroot, to enter the rails console:
sudo su - eventr
cd /var/www/eventr
RAILS_ENV=production rails c
- In the RAILS console, perform the query in the email
- After you add the user, make sure to send them a personalized email welcoming them to EventR and thanking them for helping us make the tool even better. It's all about the users, so we should be as forthcoming as possible as they are helping us to increase the quality of the data we have in EventR.
EventR has four levels of permissions:
- guest
- member
- groupadmin
- admin
See app/models/permission.rb
for what those user in those groups are allowed to do.
A user has a role and belongs to a group. (See db/schema.rb
)
The basic premise is that a user can belong to a group which can be managed by a group admin. Users within this group have 'sandboxed' events and a group admin can manage the events only within that group.
So far the only groups that exist is "GEANT" but this can easily be extended to more by editing the GROUPS
constant in app/models/user.rb
Reporting
Reports are automatically generated and are available to everyone within the GEANT group.So if you hear "WHAT REPORTS?": User.find_by(tal_id: xxx).update(group: "GEANT")