Permissions
Role-based access control for sub-users — permission flags, property access scoping, and the sub-user gate pattern.
Overview
Ananas GDS uses a flat permission model for sub-users. Each sub-user has a UserPermission record with boolean flags for each feature area. Owners (managers) bypass all permission checks and have full access.
Permission Flags
| Flag | Controls Access To |
|---|---|
properties | Create, edit, and delete properties. |
facts | Edit fact sheet content. |
photos | Upload and manage photos. |
stop_sales | Create and edit stop sale events. |
company | Edit company profile and settings. |
contacts_manager | Manage mailing lists and contacts. |
premium_subscription | View and manage billing and subscriptions. |
developer_tools | API keys, widgets, integrations, webhooks, exports. |
partner_connections | Send and manage partner contracts. |
publishing_manager | Approve or decline fact sheet publications. |
User Roles
Each sub-user has an optional role label for organisational purposes. The role does not directly gate features — only the boolean flags do. Roles: GM (General Manager), Res (Reservations), FO (Front Office), PR (PR/Marketing), IT (IT/Tech).
Sub-User Gate Pattern
All protected backend views follow this pattern consistently:
if not user.is_manager():
perms = UserPermission.objects.filter(user=user).first()
if not perms or not perms.<flag>:
return Response({'message': 'Not permitted.'}, status=403)Property-Level Access
Beyond feature flags, sub-users can be restricted to specific properties via SubUserPropertyAccess records. If no property access records exist for a sub-user, they can see all properties (the flag alone gates the feature). SubUserRegionAccess provides region-level scoping for larger portfolios.