# Grading Portal – Admin Guide & Role Permissions ## Overview The Grading Portal is a role-based system for managing students, sections, subjects, and assessments. All activity is logged in **Audit Logs** for accountability. --- ## Roles & Permissions ### **Admin** - **Students** - Create students (LRN optional). - Update students in any section. - Delete students (with audit logging). - Assign students to any section. - **Enrollments** - Enroll students in any section. - Delete enrollments. - **Dashboard** - View all sections, students, and subjects. - Can toggle *“View only my section(s)”* mode to scope like an adviser. - **Audit Logs** - Full access to `audit_logs.php` with filters by User, Action, Date. --- ### **Adviser** - **Students** - Can create **only in their assigned section(s)**. - **LRN required** when creating students. - Cannot delete students. - Can update students **only in their section(s)** (current SY). - Can assign students **only to their section(s)**. - Notified if **LRN already exists** or if a student with the same name + birthdate exists. - **Enrollments** - Can enroll students only in their assigned section(s). - **Cannot delete enrollments.** - Student list can optionally be restricted to those already in a section for the current SY. - **Dashboard** - Sees stats and recent activity **only for their section(s)**. --- ### **Teacher** - **Dashboard** - Sees stats and recent activity only for the subjects and sections they teach. - **Permissions** - No direct access to student creation/deletion. - Limited to teaching functions (grading, scores, assessments). --- ## Audit Logging - All **create, update, and delete** actions for students and enrollments are logged in `audit_logs`: - `user_id` - `action` (`create`, `update`, `delete`) - `entity` (e.g., `student`, `enrollment`) - `entity_id` - `details` - `timestamp` - View logs via **Audit Logs** (Admin only). --- ## Key Features - **Role-based dashboards** (Admins, Advisers, Teachers see tailored info). - **Audit Logs viewer** with filters for accountability. - **Scoped actions**: - Advisers can’t delete students/enrollments. - Advisers can’t assign outside their section(s). - Teachers have read/update rights only for their teaching assignments. - **UI notes and tooltips** clarify restrictions: - Advisers see info banners (e.g., *“Only Admins can delete students/enrollments”*). - Non-admins see *“No Delete”* badges with tooltips in Enrollments. --- ## Maintenance Notes - Current School Year (`current_sy`) is stored in `app_settings`. - Audit logs are automatically created; no manual setup required. - If adding new features, hook into `audit_log()` to ensure consistency. ---