--- title: Authentication & Authorization sidebarDepth: 3 --- # Authentication & Authorization Castopod handles authentication and authorization using `codeigniter/shield` coupled with custom rules. Roles and permissions are defined at two levels: 1. [instance wide](#1-instance-wide-roles-and-permissions) 2. [per podcast](#2-per-podcast-roles-and-permissions) ## 1. Instance wide roles and permissions ### Instance roles | role | description | permissions | | ----------- | ----------------------------------- | ------------------------------------------------------------------------------------------ | | Super admin | Has complete control over Castopod. | admin.\*, podcasts.\*, users.manage, persons.manage, pages.manage, fediverse.manage-blocks | | Manager | Manages Castopod's content. | podcasts.create, podcasts.import, persons.manage, pages.manage | | Podcaster | General users of Castopod. | admin.access | ### Instance permissions | permission | description | | ----------------------- | ------------------------------------------------------------------ | | admin.access | Can access the Castopod admin area. | | admin.settings | Can access the Castopod settings. | | users.manage | Can manage Castopod users. | | persons.manage | Can manage persons. | | pages.manage | Can manage pages. | | podcasts.view | Can view all podcasts. | | podcasts.create | Can create new podcasts. | | podcasts.import | Can import podcasts. | | fediverse.manage-blocks | Can block fediverse actors/domains from interacting with Castopod. | ## 2. Per podcast roles and permissions ### Per podcast roles | role | description | permissions | | ------ | --------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Admin | Has complete control of podcast #{id}. | \* | | Editor | Manages content and publications of podcast #{id}. | view, edit, manage-import, manage-persons, manage-platforms, manage-publications, manage-notifications, interact-as, episodes.view, episodes.create, episodes.edit, episodes.delete, episodes.manage-persons, episodes.manage-clips, episodes.manage-publications, episodes.manage-comments | | Author | Manages content of podcast #{id} but cannot publish them. | view, manage-persons, episodes.view, episodes.create, episodes.edit, episodes.manage-persons, episodes.manage-clips | | Guest | General contributor of the podcast #{id}. | view, episodes.view | ### Per podcast permissions | permission | description | | ---------------------------- | ------------------------------------------------------------------------ | | view | Can view dashboard and analytics of podcast #{id}. | | edit | Can edit podcast #{id}. | | delete | Can delete podcast #{id}. | | manage-import | Can synchronize imported podcast #{id}. | | manage-persons | Can manage subscriptions of podcast #{id}. | | manage-subscriptions | Can manage subscriptions of podcast #{id}. | | manage-contributors | Can manage contributors of podcast #{id}. | | manage-platforms | Can set/remove platform links of podcast #{id}. | | manage-publications | Can publish podcast #{id}. | | manage-notifications | Can view and mark notifications as read for podcast #{id}. | | interact-as | Can interact as the podcast #{id} to favourite, share or reply to posts. | | episodes.view | Can view dashboard and analytics of podcast #{id}. | | episodes.create | Can create episodes for podcast #{id}. | | episodes.edit | Can edit podcast #{id}. | | episodes.delete | Can delete podcast #{id}. | | episodes.manage-persons | Can manage subscriptions of podcast #{id}. | | episodes.manage-clips | Can manage video clips or soundbites of podcast #{id}. | | episodes.manage-publications | Can publish podcast #{id}. | | episodes.manage-comments | Can create/remove episode comments of podcast #{id}. |