alumni_lookup

Champion Portal — AI Context: User Roles and Permissions

AI Context Bundle File 3 of 7
Purpose: Define all user types, roles, and their capabilities to ensure behavioral accuracy
Authority: Use this file to determine what each user type can and cannot do
Last Updated: January 2026

System Overview

The Champion Portal is part of a two-portal system sharing a single database:

┌─────────────────────────────────────────────────────────────────┐
│                    SHARED POSTGRESQL DATABASE                   │
├────────────────────────────┬────────────────────────────────────┤
│   LOOKUP PORTAL            │   CHAMPION PORTAL                  │
│   alumnilookup.com         │   alumnichampions.com              │
│   (Internal Staff)         │   (External Alumni)                │
├────────────────────────────┼────────────────────────────────────┤
│   • Admin                  │   • Champion                       │
│   • Portal Admin           │   • Community Leader (CL)          │
│   • Staff                  │   • CLC (all CLs collectively)     │
│   (uses Devise User model) │   (uses Devise Cp::Champion model) │
└────────────────────────────┴────────────────────────────────────┘

Champion Portal Roles

Champion (Base Role)

Who: Any verified member of the Alumni Champions program

Verification Status Requirements:

Status	Can Do
`unverified`	Cannot log in
`email_verified`	Log in, edit own profile only
`champion_verified`	Full portal access (below)

Champion Verified Capabilities:

Area	Can Do	Cannot Do
Profile	Edit own profile, photo, privacy settings	Edit others’ profiles
Directory	Search/view other Champions	Export contact lists
Messaging	Send/receive messages, react	Send to non-Champions
Discussion Boards	Post, comment, react on boards they’re a member of	Moderate, delete others’ posts
Events	View events, download calendar	Create/edit events
News	View posts, like/unlike	Create/edit posts
Communities	View community pages, see membership	Assign CLs

Community Leader (CL)

Who: A Champion assigned to lead a specific community

How assigned: Staff assigns via Lookup Portal admin interface

Community Types a CL Can Lead:

Type	Example
District	Nashville Community
College	College of Music Community
Major	Music Business Community
Affinity	Phi Mu Community
Industry	Healthcare Industry Community
Custom	Special interest communities

CL Capabilities (in their assigned community):

Area	Can Do	Cannot Do
Moderation	Hide/unhide posts, lock threads, pin posts	Delete posts (only Staff)
Members	View all community members	Remove members
Support Threads	Access support thread with Engagement Team	—
Announcements	Pin announcements to community board	—

What CLs CANNOT Do:

❌ Verify Champions
❌ Create events (currently, planned for future phase)
❌ Create news posts (currently, planned for future phase)
❌ Assign other CLs
❌ Moderate outside their communities
❌ Access Lookup Portal

CLC (Community Leadership Council)

Who: The collective body of all Community Leaders

Not a role in the system — just a term for “all CLs together”

Used for:

Communication to all CLs
CLC-wide announcements
Training and coordination

Lookup Portal Roles

Staff (Base Internal Role)

Who: Belmont staff with basic access to alumni data

Capabilities:

Area	Can Do	Cannot Do
Alumni Search	Search, view alumni records	Edit alumni records
Engagement	View engagement data	Modify engagement data
Champion Signups	View, edit signups	Delete signups
Insights	View reports	—

Portal Admin

Who: Staff with elevated Champion Program permissions

Additional Capabilities (beyond Staff):

Area	Can Do
Champion Verification	Link Champions to alumni records (BUID)
Champion Signups	Delete, merge duplicate signups
CL Assignment	Assign/remove Community Leaders
Champion Metrics	View Champion Portal analytics
Events	Create, edit, delete events
News Posts	Create, edit, delete news posts
Moderation	Delete posts, ban users (escalated moderation)

Admin

Who: Full system administrators

Full Capabilities:

Area	Can Do
Everything Portal Admin can do	✅
User Management	Create/edit/delete staff accounts
Settings	System configuration
Data Imports	Run data imports
All Admin Functions	Full access

Permission Hierarchy

Champion Portal:                  Lookup Portal:
                                  
Champion ────────────────────────── Staff
    │                                │
    ▼                                ▼
Community Leader ────────────────── Portal Admin
    │                                │
    │                                ▼
    │                              Admin
    │                                │
    └───────────────────────────────┘
         (via Engagement Team)

Key relationships:

Champions exist only in Champion Portal
CLs are Champions with elevated community permissions
Staff/Portal Admin/Admin exist only in Lookup Portal
Portal Admin manages Champions via Lookup Portal admin interface

Authorization Guards (Code Reference)

Lookup Portal (ApplicationController)

# Any authenticated internal user
ensure_staff!         # staff?, portal_admin?, or admin?

# Champion program management
ensure_portal_admin!  # portal_admin? or admin?

# Full system access
ensure_admin!         # admin? only

Champion Portal (Cp::BaseController)

# Any authenticated Champion
authenticate_cp_champion!  # Uses Devise

# Champion-verified required
ensure_champion_verified!  # verification_status == champion_verified

# Community Leader in specific community
ensure_community_leader!   # CL for the requested community

Membership Types

Champions have a membership_type that determines their connection to Belmont:

Type	Description	Has BUID?	Has Degrees?
`alumni`	Traditional alumni with degrees	Yes	Yes
`almost_alumni`	Current students not yet graduated	Yes	No (pending)
`honorary`	Staff/faculty without degrees	Yes	No
`parent`	Parent of student/alum	No	No
`friend`	Friend of the university	No	No

Note: Only alumni type is fully implemented. Others are Phase 5 (future).

Verification Flow

1. Champion signs up (email/SSO)
        │
        ▼
   ┌─────────────────┐
   │  UNVERIFIED     │ ← Cannot log in
   └────────┬────────┘
            │ (email confirmation)
            ▼
   ┌─────────────────┐
   │ EMAIL_VERIFIED  │ ← Can log in, limited access
   └────────┬────────┘
            │ (Staff links BUID in Lookup Portal)
            ▼
   ┌─────────────────┐
   │CHAMPION_VERIFIED│ ← Full access
   └─────────────────┘

Community Membership

Champions belong to multiple communities automatically:

Community Type	How Assigned
District	Auto-assigned from ZIP code
College(s)	Auto-assigned from linked Alumni degrees
Major(s)	Auto-assigned from linked Alumni degrees
Affinity(ies)	Selected during profile setup
Industry	Selected during profile setup

What Each Role Sees

Champion Dashboard

Welcome greeting
Profile completion prompts
Community snapshot (district)
Recent messages
News posts
Upcoming events
Quick actions

CL Dashboard (Additional)

Community leadership panel
Pending moderation items
Support thread with Engagement Team

Staff (Lookup Portal)

Alumni search
Champion signups list
Engagement insights
Basic reports

Portal Admin (Lookup Portal, Additional)

Champion verification queue
CL assignment interface
Event management
News post management
Champion metrics

Admin (Lookup Portal, Additional)

User management
System settings
Data import tools
Full configuration

Common Permission Questions

Q: Can Champions create events?
A: No. Events are created by Portal Admin/Admin in Lookup Portal.

Q: Can CLs verify new Champions?
A: No. Verification is done by Staff/Portal Admin in Lookup Portal.

Q: Can Champions message non-Champions?
A: No. Messaging is Champion-to-Champion only.

Q: Can CLs moderate any community?
A: No. CLs can only moderate communities they’re assigned to.

Q: Can Champions see other Champions’ contact info?
A: Depends on privacy settings. Champions control visibility of their email/phone.

Source Documentation

README.md — Champion Portal overview
Phase 2 README — Community Leadership implementation
PERMISSIONS_MATRIX.md — Lookup Portal permissions