Mathis/allianceauth
1
0
Fork 0
mirror of https://gitlab.com/allianceauth/allianceauth.git synced 2025-12-18 23:05:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

MyST conversion

Browse Source
This commit is contained in:
Ariel Rin
2023-10-31 23:31:41 +10:00
parent 7024552c4e
commit 98e91fe207
25 changed files with 348 additions and 332 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
docs/features/core/admin_site.md
View File

@@ -11,8 +11,9 @@ You can open the admin site by clicking on "Admin" in the drop down menu for a u
For small to medium size alliances it is often sufficient to have no more then two superuser admins (admins that also are superusers). Having two admins usually makes sense, so you can have one primary and one backup.
:::{warning}
Superusers have read & write access to everything on your AA installation. Superusers also automatically have all permissions and therefore access to all features of your apps. Therefore we recommend to be very careful to whom you give superuser privileges.
Superusers have read & write access to everything on your AA installation. Superusers also automatically have all permissions and therefore access to all features of your apps. Therefore we recommend to be very careful to whom you give superuser privileges.
:::
## Setup for large installations
For large alliances and coalitions you may want to have a couple of administrators to be able to distribute and handle the work load. However, having a larger number of superusers may be a security concern.
@@ -25,14 +26,15 @@ To create a staff admin you need to do two things:
1. Give the user permissions for admin tasks
:::{note}
Note that staff admins have the following limitations:
Note that staff admins have the following limitations:
- Can not promote users to staff
- Can not promote users to superuser
- Can not add/remove permissions for users, groups and states
- Can not promote users to staff
- Can not promote users to superuser
- Can not add/remove permissions for users, groups and states
These limitations exist to prevent staff admins to promote themselves to quasi superusers. Only superusers can perform these actions.
```
These limitations exist to prevent staff admins to promote themselves to quasi superusers. Only superusers can perform these actions.
:::
### Staff property
@@ -40,7 +42,7 @@ Access to the admin site is restricted. Users needs to have the `is_staff` prope
process will automatically have access to the admin site.
:::{hint}
Without any permissions a "staff user" can open the admin site, but can neither view nor edit anything except for viewing the list of permissions.
Without any permissions a "staff user" can open the admin site, but can neither view nor edit anything except for viewing the list of permissions.
:::
### Permissions for common admin tasks

11
docs/features/core/groups.md
View File

@@ -45,14 +45,13 @@ When a group is restricted only superuser admins can directly add or remove them
```{eval-rst}
.. _ref-reserved-group-names:
```
## Reserved group names
When using Alliance Auth to manage external services like Discord, Auth will automatically duplicate groups on those services. E.g. on Discord Auth will create roles of the same name as groups. However, there may be cases where you want to manage groups on external services by yourself or by another bot. For those cases you can define a list of reserved group names. Auth will ensure that you can not create groups with a reserved name. You will find this list on the admin site under groupmanagement.
:::{note}
While this feature can help to avoid naming conflicts with groups on external services, the respective service component in Alliance Auth also needs to be build in such a way that it knows how to prevent these conflicts. Currently only the Discord and Teamspeak3 services have this ability.
```
While this feature can help to avoid naming conflicts with groups on external services, the respective service component in Alliance Auth also needs to be build in such a way that it knows how to prevent these conflicts. Currently only the Discord and Teamspeak3 services have this ability.
:::
## Managing groups
@@ -102,7 +101,7 @@ GROUPMANAGEMENT_AUTO_LEAVE = True
:::{note}
Before you set `GROUPMANAGEMENT_AUTO_LEAVE = True`, make sure there are no pending leave requests, as this option will hide the "Leave Requests" tab.
```
:::
## Settings
@@ -126,8 +125,8 @@ In order to join a group other than a public group, the permission `groupmanagem
When a user loses this permission, they will be removed from all groups _except_ Public groups.
:::{note}
By default, the ``groupmanagement.request_groups`` permission is applied to the ``Member`` group. In most instances this, and perhaps adding it to the ``Blue`` group, should be all that is ever needed. It is unsupported and NOT advisable to apply this permission to a public group. See #697 for more information.
```
By default, the ``groupmanagement.request_groups`` permission is applied to the ``Member`` group. In most instances this, and perhaps adding it to the ``Blue`` group, should be all that is ever needed. It is unsupported and NOT advisable to apply this permission to a public group. See #697 for more information.
:::
Group Management should be mostly done using group leaders, a series of permissions are included below for thoroughness: