The Mobility Factory Documentation

The Mobility Factory Documentation

  • App manual
  • Control Center manual
  • Platform docs
  • Developers docs
  • Release history
  • Cooperative docs

›Concepts

Getting Started

  • How to write docs
  • Test app

REST API

  • REST API

Concepts

  • Pricing
  • Access Control
  • Messaging

Setup&configuration guides

  • Setting up an invoicing service
  • Setting up an ilockit bike lock
  • Setting up garage door
  • Setting up 2FA

Access Control in control center

A member of a group can have a particular admin role that defines what he sees and can access in the control center.

Note that this access control is currently only checked on the frontend and only partially in the firebase database. Access control on the database is still being moved from the isAdmin field of the person to the system described here. This means that while some admin users might only be able to see and manage some particular things in control center, they might still be able to read and write to other locations in the database if they have some development skills.

In firebase on the location /accessControl/roles/{groupId}/{adminRoleId}, you can define the permissions a particular role has (or not) in control center. Do this by setting the name of the permission to either true or false.

When a particular action is not defined for a particular group, the default for that role is used, which is defined in /accessControl/roles/default/{adminRoleId}.

For example, the content of /accessControl/roles can look like this:

{
  "default": {
    "admin": {
      "billingAccounts:view": true,
      "billingAccounts:edit": true,
      ...
    }
  },
  "tmf": {
    "admin": {
      "persons:group_memberships:tmf": true,
      "persons:group_memberships:team": true,
      ...
    }
  }
}

This is a list of currently used permissions:

  • adminRole:edit user can assign admin roles
  • archive:view user can view a list of archived items
  • archive:edit user can unarchive archived items
  • billingAccounts:create user can create billing accounts for groups or persons
  • billingAcccounts:view user can view a list of billing accounts
  • billingAcccounts:edit user can edit billing accounts
  • carConfigs:create user can create new car configs
  • carConfigs:view user can view a list of car configs
  • carConfigs:edit user can edit car configs
  • carConfigs:delete user can archive car configs
  • carConfigs:swap user can swap car configs
  • cars:create user can create new cars
  • cars:view user can view a list of cars
  • cars:edit user can edit cars
  • cars:delete user can archive cars
  • cars:control user can control (lock/unlock doors etc.) cars
  • configs:view user can view the configurations' content
  • configs:edit
  • dashboard:view user can view the configured grafana dashboard
  • dasboard:edit user can edit the grafana dashboard configuration
  • fleet:view user can view a fleet map of cars
  • groups:create user can create new subgroups which will be
  • groups:view user can view a list of groups
  • groups:edit user can edit subgroups
  • groups:delete user can archive subgroups
  • groups:members:export user can export a list of all group members
  • orders:view user can view a list of orders for shops
  • persons:create user can create new persons which will be
  • persons:view user can view a list of persons
  • persons:edit user can edit persons
  • persons:delete user can archive persons
  • persons:group_memberships:{groupId} user can control membership of persons to {groupId}
  • places:create user can create new zones which will be
  • places:view user can view a list of zones
  • places:edit user can edit zones
  • places:delete user can archive zones
  • reservations:edit user can edit reservations for persons that are
  • reservations:export user can export a list of reservations done by persons
  • resourceSets:view user can view a list of templates
  • resourceSets:edit user can edit templates
  • shops:view user can view a list of shops
  • shops:edit user can edit shops
  • shops:stripe:edit user can edit stripe details for shops

Each object in firebase in billingAccounts, carConfigs, cars, carModels, places, resourceSets, groups, shops and persons should also contain a field ownerGroup, that defines which group admin members can view or edit this object. For example, a car with ownerGroup equal to tmf is editable by a user which has the admin role admin in his tmf group membership and the field /accessControl/roles/cvba/admin/cars:edit is set to true (or is not set and /accessControl/roles/default/admin/cars:edit is true).

← PricingMessaging →
The Mobility Factory Documentation
For cooperative members
TMF Member PortalTMF CommunityTMF Bug ReportingPropose new featureContact support
More information
Demo AppDemo Control CenterTMF Home pageContact for more infoMembership application
Terms and Conditions
Copyright © 2023 The Mobility Factory SCE