Login - Wave Glider Buddy

WGBS Login

Signed in as —

Known caveats. This chart describes intended access rules. If the app behaves differently, it may be a bug worth reporting.

Technical details for developers

Station offload log update may not enforce owner/admin checks in the API (see station_metadata_router offload log PUT path). Delete does enforce owner/admin.
Mission note delete button on the home template may compare created_by_user_id while the API uses username ownership—UI and API can disagree.

Legend: admin pilot PIC MOS owner approve any signed-in

Action	View	Create / submit	Edit	Delete	Approve	Notes
Own profile	any	—	any	—	—	/api/users/me
Change own password	—	—	any	—	—
Register / list / update other users	admin	admin	admin	—	—	Admin tools
Change another user’s password	—	—	admin	—	—
Sensor Tracker token (on user record)	—	—	admin	—	—	Via admin user update / self endpoint rules

Action	View	Create / submit	Edit	Delete	Approve	Notes
Mission info (notes/goals/media)	pilotadmin	—	—	—	—	Non-admins may only see approved/synced outbox & approved media
Mission notes	—	any	owneradmin	owneradmin	—	Own = creator
Mission goals	—	any	any	admin	—	Create/update/toggle: any active user
Media upload	—	any	—	—	—	Pilot uploads pending until approved; admin auto-approved
Media list / get	pilotadmin	—	—	—	—	Pending only for admins (or explicit include)
Media metadata / delete	—	—	owneradmin	owneradmin	—
Media approve / reject	—	—	—	—	admin
Sensor Tracker outbox (review, sync, reject…)	admin	—	—	—	admin	All review actions admin-only

Action	View	Create / submit	Edit	Delete	Approve	Notes
Create new station record	—	admin	—	—	—
Edit existing station (registry)	—	—	adminPIC	—	—	Pilot must have PIC designation
Update station fields (PUT)	—	—	any	—	—	Separate endpoint; no owner/PIC gate in router
Delete station	—	—	—	admin	—
Offload log create	—	any	—	—	—	Owner = logged_by_username
Offload log update	—	—	owneradmin	—	—	Intended; see caveat if API allows broader edits
Offload log delete	—	—	—	owneradmin	—
Parser conflict queue / resolve	admin	—	—	—	admin	Resolve = admin action

Action	View	Create / submit	Edit	Delete	Approve	Notes
Submit PIC handoff (and other forms)	—	any	—	—	—	Submissions are not edited via API after submit
My PIC handoffs list	owner	—	—	—	—	Filtered to current user
Recent PIC handoffs (e.g. 24h)	any	—	—	—	—	Broader read for ops awareness
Appear in MOS / PIC dropdowns	—	—	—	—	—	Account flags PIC / MOS on user record (admin sets)

Action	View	Create / submit	Edit	Delete	Approve	Notes
KB document upload	—	any	—	—	—
KB read / download	pilotadmin	—	—	—	—	Filtered by access_level: public / pilot / admin
KB document update / delete	—	—	admin	admin	—
My notes (CRUD)	owner	owner	owner	owner	—	Strictly own notes
Shared tips (tip body)	any	any	any	any	—	Collaborative: any user may edit any tip
Shared tips (comments)	—	any	owneradmin	owneradmin	—	Question resolution flow

Action	View	Create / submit	Edit	Delete	Approve	Notes
View active announcements / acknowledge	any	—	—	—	—	May target roles or usernames
Create / edit / archive announcements	—	admin	admin	—	—
Mission overviews, user management, pay periods UI, …	admin	admin	admin	—	—	Admin Management menu

Action	View	Create / submit	Edit	Delete	Approve	Notes
Generate / list mission reports	admin	admin	—	—	—	Reporting router is admin-only

Action	View	Create / submit	Edit	Delete	Approve	Notes
Track / KML / map endpoints	any	—	—	—	—	Active user; some features behind toggles
Error analysis & plots	any	—	—	—	—	Not admin-gated in router