Event Permissioning Business Logic

⚠️ Implementation Status: The permissioning system described in this document is not yet implemented. This is planning documentation for future development. The data models will be implemented first as part of the event planning feature.

This document outlines the comprehensive business logic and flows for event permissioning in Jubiloop, covering permission hierarchies, cascades, and the three distinct access types.

Overview

Event permissioning operates on a hierarchical system where permissions automatically cascade from higher levels to lower levels. The system supports three distinct access types:

• Personnel: Text-based entries for event staff roles with NO system permissions
• Collaborators: Organization members with event-level access that cascades down to all blocks and tasks
• Assignees: Organization members assigned to specific tasks with minimal scoped permissions

Permission Hierarchy & Cascades

Hierarchy Structure

Organization Level
├── Event Level (Collaborators)
    ├── Block Level (Inherited from Event)
        └── Task Level (Inherited + Direct Assignees)

Automatic Cascading Rules

1. Event-level permissions cascade down automatically

   • Event collaborators can access all blocks within the event
   • Event collaborators can access all tasks within all blocks
   • No explicit permissions needed at block or task level for collaborators

2. Task-level permissions are minimal and scoped

   • Task assignees get permission to manage only their specific task
   • Task assignees get read-only view permission for the parent block
   • Task assignees cannot delete their assigned tasks
   • Task assignees cannot access other tasks or blocks in the event

3. Permission Resolution Order

   • Organization membership permissions (highest)
   • Event collaborator permissions (cascades down)
   • Direct task assignee permissions (minimal, scoped)

Event Creation Flow

Initial Permission Assignment

When an event is created:

1. Event Creator becomes Owner

   • Automatically granted full event permissions
   • Can manage all aspects of the event
   • Can invite collaborators and assign tasks

2. Automatic Permission Cascade

   • Owner permissions automatically cascade to all blocks and tasks
   • No manual permission assignment needed for creator
   • Creator can access all current and future content in the event

Three Access Types

1. Personnel (Text-Based, No System Permissions)

• Purpose: Track event staff roles and responsibilities
• Nature: Simple text entries for record-keeping
• System Access: None - purely informational
• Examples: "Head Chef: John Smith", "Security Lead: Jane Doe"
• Management: Can be added/edited by event collaborators

2. Collaborators (Event-Level Access)

• Purpose: Grant comprehensive event access to organization members
• Scope: Full event access that cascades to all blocks and tasks
• Permissions Include:
  • View/edit event details
  • Manage all blocks within the event
  • Assign tasks to organization members
  • Invite additional collaborators
  • Move blocks between draft and plans

3. Assignees (Task-Specific Access)

• Purpose: Grant minimal access for specific task completion
• Scope: Limited to assigned task and parent block view
• Permissions Include:
  • Manage assigned task (edit, update status, add comments)
  • View parent block (read-only)
  • Cannot delete assigned task
  • Cannot access other tasks or event areas

Collaborator Invitation Flow

Guest Member Auto-Creation

When non-organization members are invited as collaborators:

1. Automatic Guest Membership

   • Non-org member is automatically added as guest member
   • Guest membership is limited and event-focused
   • Guest cannot access other organization events by default

2. Permission Inheritance

   • Guest member gains event collaborator permissions
   • Permissions cascade normally to blocks and tasks
   • Guest can participate fully in the specific event

3. Guest Member Limitations

   • Cannot invite other collaborators (unless specifically granted)
   • Cannot access organization-wide features
   • Membership tied to event participation

Task Assignment Flow

Assignment Rules

1. Organization Member Requirement

   • Only organization members can be assigned to tasks
   • This includes guest members auto-added through collaboration
   • External users must become collaborators first

2. Automatic Permission Granting

   • Task assignee receives minimal task management permissions
   • Assignee receives read-only parent block view permission
   • No additional event-level access granted

3. Multiple Assignments

   • Users can be assigned to multiple tasks
   • Each assignment grants specific permissions for that task
   • Permissions accumulate for multiple task assignments

Collaborator Removal Flow

Removal Impact Scenarios

1. Collaborator with No Task Assignments

   • Immediate removal of all event permissions
   • Cannot access any part of the event
   • Clean removal with no complications

2. Collaborator with Task Assignments - Keep Assignments

   • Event-level permissions removed
   • Task assignment permissions retained
   • User can only access assigned tasks and parent blocks
   • Minimal system access maintained

3. Collaborator with Task Assignments - Remove Assignments

   • All event permissions removed
   • Task assignments removed
   • Tasks become unassigned
   • Complete disconnection from event

Member Lifecycle Management

Organization Joining

Organization Leaving

Member Lifecycle Rules

1. Joining Organization

   • Becomes eligible for task assignments
   • Can be invited as event collaborator
   • Existing event permissions unaffected unless explicitly granted

2. Leaving Organization

   • Automatic removal from all event collaborations
   • Task assignments handled per event removal flow
   • Cannot be assigned to new tasks
   • Existing minimal task permissions may be retained based on removal choices

Block Movement Between Draft and Plans

Movement Rules

1. Permission Inheritance

   • Block permissions move with the block
   • Task assignments remain intact
   • Collaborator access continues regardless of block location

2. Access Continuity

   • Event collaborators maintain access in both draft and plans
   • Task assignees continue to access their tasks
   • No permission recalculation needed

3. Organizational Visibility

   • Draft blocks: Limited to event collaborators and task assignees
   • Plan blocks: Same permission model, different organizational context

Permission Resolution Logic

Resolution Priority Order

1. Organization-Level Permissions (Highest)

   • Organization admin/owner permissions
   • Override all event-level permissions

2. Event Collaborator Permissions (Cascading)

   • Full event access
   • Automatically includes all blocks and tasks
   • Takes precedence over task-specific assignments

3. Task Assignee Permissions (Minimal)

   • Limited to specific task and parent block
   • Only applies when no higher-level permissions exist
   • Most restrictive permission level

Resolution Examples

1. User is both Collaborator and Task Assignee

   • Collaborator permissions take precedence
   • Full event access granted
   • Task assignment becomes redundant but remains for tracking

2. User is Organization Admin and Task Assignee

   • Organization admin permissions take precedence
   • Full system access granted
   • Task assignment maintained for workflow purposes

3. User is only Task Assignee

   • Minimal task permissions applied
   • Limited to assigned task and parent block view
   • Cannot access other event areas

Security Considerations

Permission Validation

1. Real-Time Validation

   • Permissions checked on every access attempt
   • No cached permission states that could become stale
   • Dynamic resolution based on current relationships

2. Cascade Integrity

   • Higher-level permissions automatically grant lower-level access
   • No orphaned permissions when relationships change
   • Consistent permission state across hierarchy

3. Guest Member Security

   • Guest members limited to specific event scope
   • Cannot escalate to full organization membership
   • Automatic cleanup when event participation ends

Data Protection

1. Minimal Permission Principle

   • Task assignees get only necessary permissions
   • No over-granting of access rights
   • Clear permission boundaries

2. Audit Trail

   • All permission changes tracked
   • Collaborator additions/removals logged
   • Task assignment changes recorded

3. Access Revocation

   • Immediate permission removal when relationships end
   • No lingering access after collaboration ends
   • Clean separation of access rights

Business Impact Summary

For Event Organizers

• Simplified Management: Permissions cascade automatically, reducing manual setup
• Flexible Collaboration: Easy to invite both organization members and external collaborators
• Granular Control: Can assign specific tasks without granting full event access
• Clean Removal: Clear options when removing collaborators with task assignments

For Collaborators

• Comprehensive Access: Event collaboration provides full event visibility and control
• Automatic Inheritance: No need to request individual block or task permissions
• Role Clarity: Clear distinction between collaboration and task assignment roles

For Task Assignees

• Focused Access: Only see what's needed for task completion
• Protected Scope: Cannot accidentally affect other event areas
• Clear Boundaries: Understand exactly what they can and cannot access

For Organization Administrators

• Member Control: Full visibility into who has access to what events
• Guest Management: Automatic handling of external collaborator memberships
• Security Assurance: Clear permission hierarchy with predictable cascading rules