User Roles, Permissions, and API Access¶

This table provides a detailed breakdown of each user role, its key abilities on the platform, and the primary API endpoints it has access to.

Candidate User Type¶

Role	Key Abilities (What they can do)	Accessible API Endpoints
`screening`	• View their personal dashboard. • Take screening-level exams. • View their own profile and verification status. • View screening leaderboard snapshots.	• `GET /dashboard/candidate/` • `GET /candidates/me/` • `GET /user/verification/status/` • `POST /user/verification/upload/` • `GET /exams/{id}/take-exam/` (where `stage` is `screening`) • `POST /exams/{id}/submit-exam-answers/` • `GET /leaderboard/` (for screening exams)
`league`	• All `screening` abilities. • Take league-level exams. • View the competition leaderboard snapshots or a specific exam leaderboard.	• All `screening` endpoints. • `GET /leaderboard/` • `GET /exams/{id}/take-exam/` (where `stage` is `league`)
`final`	• All `league` abilities. • Access to (offline) final-stage exams.	• All `league` endpoints. • `GET /exams/{id}/take-exam/` (where `stage` is `final`)
`winner`	• Ceremonial role with all candidate permissions. Registered winner of the final stage.	• All `final` endpoints.

Staff User Type¶

(Permissions are hierarchical; higher roles inherit permissions from lower roles)

Role	Key Abilities (What they can do)	Newly Accessible API Endpoints (in addition to lower roles)
`volunteer`	• View their own profile. • Submit their own documents for verification.	• `GET /staff/me/` • `GET /user/verification/status/` • `POST/PATCH /user/verification/upload/`
`admin`	• View details for any candidate. • Change roles for candidates. • Full management (CRUD) of exams. • Manually submit scores. • Publish leaderboard for a specific exam.	• `GET /candidates/{id}/` • `GET /candidates/{id}/scores/` • `GET /candidates/{id}/exam-history/` • `PUT /candidates/{id}/roles/assign/` • `GET/POST /exams/` • `GET/PUT/PATCH/DELETE /exams/{id}/` • `PUT /exams/{id}/submit-exam-score/` • `POST /leaderboard/publish/`
`manager`	• View details for any staff member. • Change roles for staff (except `manager` or `superadmin`). • Manage user verifications for candidates and staff members (approve/reject). • Create and view broadcasts.	• `GET /staff/{id}/` • `PUT /staff/{id}/roles/assign/` • `GET /user/verification/list/` • `POST /user/verification/action/{id}/` • `GET /user/verification/documents/{type}/{id}/` • `GET/POST /broadcasts/` • `GET /broadcasts/{id}/` • `GET/PATCH /account-management/{id}/`
`superadmin`	• Can assign any staff role (except `superadmin`). • Has full platform control inheriting all permissions.	(Inherits all `manager` endpoints with zero restrictions)
`sponsor`	• A vanity role with no specific permissions.	(No specific endpoints)

NOTE: Users must already have their emails verified and be user-verified to perform actions beyond get-started.

Role Progression¶

Candidates: screening → league → final → winner (progression is managed by staff with admin role or higher)
Staff: Roles are assigned by a manager or superadmin.