From ea566d4a420a130516d59a8d67f0ce2610513011 Mon Sep 17 00:00:00 2001
From: Patrick Toal <ptoal@takeflight.ca>
Date: Mon, 18 Dec 2023 14:26:03 -0500
Subject: [PATCH] Add docs folder and design of users

---
 docs/users_roles_permissions.md | 40 +++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 docs/users_roles_permissions.md

diff --git a/docs/users_roles_permissions.md b/docs/users_roles_permissions.md
new file mode 100644
index 0000000..53ff44d
--- /dev/null
+++ b/docs/users_roles_permissions.md
@@ -0,0 +1,40 @@
+# Users, Roles and Permissions
+
+This is the design document for https://gitea.toal.ca/oys/bab-app/issues/11
+
+## Backend Concepts
+
+Utilizing the AppWrite backend provides us with some basic concepts we can use:
+
+### Users, Groups, and Labels
+
+#### Teams
+
+Teams are AppWrite groups of users. Teams can be assigned roles, which can be assigned permissions. Teams "contain" users. A team has more permissions to manage it's members than labels, which are assigned / removed, rather than 'invited / left'.
+
+#### Labels
+
+Labels are AppWrite tags for users. Users have Labels as attributes. Like teams, labels can be used for Role / Permission mapping.
+
+### Permissions
+
+https://appwrite.io/docs/advanced/platform/permissions
+
+Permissions are fine-grained access control for users and objects. They follow standard "CRUD" patterns.
+
+## BAB Concepts
+
+For teams, there will, to start, be the following:
+
+- `staff` : Individuals with authority / responsibilities
+  - `maintenance` : Staff responsible for maintenance (eg: Boatswain)
+  - `admin`: Administrators of the program / application
+- `school` : Members of the Sailing School (Instructors & Students)
+  - `student` role : A student in the school
+  - `instructor` role: An instructor in the school
+- `bab` : Members of the BAB program
+  - `skipper` role: A member who has passed skipper certification
+
+The following are the initial labels:
+
+- TBD