diff options
Diffstat (limited to 'docs/running')
| -rw-r--r-- | docs/running/index.md | 18 | ||||
| -rw-r--r-- | docs/running/staff.md | 6 | ||||
| -rw-r--r-- | docs/running/users.md | 5 |
3 files changed, 8 insertions, 21 deletions
diff --git a/docs/running/index.md b/docs/running/index.md index e552826dd..d618a241a 100644 --- a/docs/running/index.md +++ b/docs/running/index.md @@ -26,19 +26,5 @@ everything running smoothly. </p> By default the administration pages for FixMyStreet can be found on your installation at `/admin`. -When you first deploy your installation of FixMyStreet, this is just a public -directory. Obviously, for a -<a href="{{ "/glossary/#production" | relative_url }}" class="glossary__link">production</a> -server you should **restrict access to -authorised users only**. For example, if you're running the Apache webserver, -you can use `htaccess` to do this. - -<div class="attention-box warning"> - <p><strong>You <em>must</em> restrict access to admin</strong> - <br> - Never put your FixMyStreet site live until you have protected - your admin pages. - </p> -</div> - -If you can configure your webserver to only allow access to the admin URLs over https, then you should do that, and deny access any other way. It's also a good idea to IP-restrict access to admin URLs if you know where your authorised users will be accessing them from. +Users that have the right to access the administration pages should also +see an Admin-link in the navigation bar on the front page. diff --git a/docs/running/staff.md b/docs/running/staff.md index 77ca05c8e..4330190e2 100644 --- a/docs/running/staff.md +++ b/docs/running/staff.md @@ -11,8 +11,8 @@ author: matthew Staff users are a middle rung of account, inbetween normal users of the site and superusers with full access to everything. They are associated with a particular body, and can have access to different features, depending upon the -permissions granted to them. All their abilities only apply to reports made -to the body with which they are associated; all staff users have access to all -report states, not just open/fixed. +permissions or roles granted to them. All their abilities only apply to reports +made to the body with which they are associated; all staff users have access to +all report states, not just open/fixed. {% include admin-tasks-content.md %} diff --git a/docs/running/users.md b/docs/running/users.md index 87b38f0d2..48cb2a791 100644 --- a/docs/running/users.md +++ b/docs/running/users.md @@ -117,12 +117,13 @@ FixMyStreet website). You can mark any FixMyStreet user as belonging to a body. This marks them as a "staff user" for that body. Staff users have extra privileges *which only apply to problem reports under the jurisdiction of the body to which the use -belongs*. These permissions can be set on a per-user basis. +belongs*. Permissions can be grouped into custom roles, and these roles and +individual permissions can be set on a per-user basis. To set (or revoke) staff user status, choose **Users** in the admin, and enter the email or name. (It's also possible to access a user via the reports they have made). Choose the appropriate body from the **Body** dropdown. Normal -(not staff) users have no body associated. Then you can assign permissions +(not staff) users have no body associated. Then you can assign roles or permissions to that user, depending upon what they require access to. For full details of what staff accounts can do, please see the |