# Upload Restriction Feature ## Overview This feature allows administrators to restrict file uploads to **Business Workspace shared drives** for specific volunteer roles. When a volunteer's upload permission is set to "Restricted": - ❌ They **cannot** upload files to Business Workspace shared drives (elparaisogolfclub@gmail.com) through the system interface - ✅ They **can still** upload files to their personal Google Drive (e.g., secretary@elparaisogolf.com) - ✅ They can still access and view files in Business Workspace shared drives (read access maintained) - ✅ They can upload to any folders in their personal drive, including shared folders within their personal drive ## What Was Added ### 1. Database Field - Added `can_upload` field to `EventVolunteerRoles` table - Type: `ENUM('Y', 'N')` with default value 'Y' (maintains backward compatibility) - Location: `tools-add-upload-restriction-field.sql` ### 2. Upload Permission Checks - **event-upload.php**: Now checks `can_upload` permission before allowing Business Workspace uploads - If restricted, automatic uploads to Business Workspace are blocked - Upload form remains available for file conversion/download - "Open Google Drive" button opens personal drive instead of Business Workspace folder - Shows informational message explaining the restriction ### 3. Volunteer Management Interface - **event-volunteer-management.php**: New interface for managing volunteer roles - Add/Update volunteer roles with upload permission checkbox - Toggle upload permission for existing volunteers - View current upload permissions in the roles table - Accessible only to Board Admin (user 999914) ## Setup Instructions ### Step 1: Add Database Field Run the setup script to add the `can_upload` field: ``` https://elparaisoeventreg.scala4.com/tools-add-upload-restriction.php ``` Or manually run the SQL: ```bash mysql -u root -p el_paraiso < tools-add-upload-restriction-field.sql ``` ### Step 2: Verify Setup 1. Check that the field was added successfully 2. All existing volunteers will have `can_upload = 'Y'` by default (uploads allowed) ## Usage ### For Administrators (User 999914) #### Managing Upload Permissions 1. **Access Volunteer Management**: - Log in as user 999914 (Board Admin) - Click "👥 Volunteer Management" button in the Event Dashboard - Or go directly to: `event-volunteer-management.php` 2. **Restrict Uploads for a Volunteer**: - Find the volunteer in the table - Click "Restrict Upload" button - The status will change to "Restricted" 3. **Allow Uploads for a Volunteer**: - Find the volunteer in the table - Click "Allow Upload" button - The status will change to "Allowed" 4. **When Adding New Volunteers**: - Use the "Allow File Uploads" checkbox in the Add/Update form - Checked = Uploads allowed - Unchecked = Uploads restricted ### For Volunteers #### When Business Workspace Shared Drive Uploads Are Restricted - Accessing `event-upload.php` shows a clear warning about shared drive restrictions - Automatic uploads to Business Workspace shared drives are blocked - Upload form remains available for file conversion/download - "Open My Personal Google Drive" button is always available and opens personal drive - "Open Business Workspace Folder" button is hidden/not shown - User can upload to their personal drive and any folders within it - User will see: "⚠️ Shared Drive Upload Restricted: You cannot upload files to Business Workspace shared drives (elparaisogolfclub@gmail.com) through this system. However, you can still upload files to your personal Google Drive (secretary@elparaisogolf.com)." #### When Business Workspace Shared Drive Uploads Are Allowed - Normal upload functionality works as before - Can upload files directly to Business Workspace shared drive folders via API - Two buttons are shown: - "Open My Personal Google Drive" - opens personal drive - "Open Business Workspace Folder" - opens Business Workspace role folder - All existing features remain available ## Current Status ### Secretary Role (Member ID: 8022) - **Email**: secretary@elparaisogolf.com - **Default Upload Permission**: Allowed (can be changed via Volunteer Management) ### Greens Role (Member ID: 199) - **Email**: greens@elparaisogolf.com - **Default Upload Permission**: Allowed (can be changed via Volunteer Management) ## Technical Details ### Database Schema ```sql ALTER TABLE EventVolunteerRoles ADD COLUMN can_upload ENUM('Y', 'N') DEFAULT 'Y' AFTER is_active; ``` ### Permission Check Logic 1. User logs in and accesses `event-upload.php` 2. System fetches volunteer role from database 3. Checks `can_upload` field: - If 'N': Blocks automatic uploads to Business Workspace, but allows: - File conversion/download - Manual uploads to personal drive via Google Drive interface - "Open Google Drive" button opens personal drive - If 'Y': Allows normal upload flow to Business Workspace Drive ### Files Modified - `event-upload.php`: Added permission checks and UI restrictions - `tools-add-upload-restriction-field.sql`: SQL migration script - `tools-add-upload-restriction.php`: Setup script - `event-volunteer-management.php`: Management interface (new file) ## Troubleshooting ### Volunteer Can Still Upload After Restriction 1. Verify the restriction was saved in the database: ```sql SELECT member_id, role_name, can_upload FROM EventVolunteerRoles WHERE member_id = '8022'; ``` 2. Check that `can_upload = 'N'` for the volunteer 3. Clear browser cache and try again 4. Verify the user is logged in with the correct member ID ### Upload Permission Not Showing in Management Interface 1. Ensure the database field was added successfully 2. Run `tools-add-upload-restriction.php` again 3. Check for any SQL errors in the setup output ### Cannot Access Volunteer Management - Only user 999914 (Board Admin) can access Volunteer Management - Verify you're logged in with the correct member ID - Check session is active ## Future Enhancements Potential improvements: 1. Per-folder upload restrictions (restrict uploads to specific folders) 2. Upload quota limits (max file size, max files per day) 3. Upload approval workflow (uploads require admin approval) 4. Upload history/audit log 5. Email notifications when uploads are restricted/allowed