MOP 2.3 — Committee Formation: Roles & Access Levels¶
Audience:
society_adminOutcome: A per-event committee with a shared dashboard login, a typed member roster and bank credentials for collecting/spending event funds — without giving committee members access to the rest of the society's data.
1. Lifecycle¶
┌────────────────┐
Event ──▶│ Create │── Sets committee_email + committee_password
│ Committee │ (bcrypt-hashed, isolated to this event)
└─┬──────────────┘
│
▼
┌────────────────┐
│ Add members │── Two flows: New / Pick From Other Committee
│ (chair, sec,…) │
└─┬──────────────┘
│
▼
┌────────────────┐
│ Edit Settings │── Update credentials, bank a/c, vendor toggle
└────────────────┘
2. Add Committee Member modal — two tabs¶
2.1 New Member¶
Captures name (req), email, phone, role (member/coordinator/secretary/treasurer).
Member email is for contact / identification only — committee LOGIN
remains shared per committee.
2.2 Pick From Other Committee (NEW)¶
Lists members from other committees of the same society (and same phase
if the admin is phase-bound). Select one → imported with their existing
user_id/role.
Strict isolation guarantee: the endpoint never returns members from another society. See MOP 1.3.
3. Editing credentials & bank a/c¶
Edit Settings modal exposes: - Committee email (login) - Committee password (leave blank to keep, ≥ 6 chars to change) - Bank account holder, name, number, IFSC, UPI
Backend split: email + password go through
PUT /api/admin/events/{event_id}/committee/credentials (super/society admin
only, bcrypt). Bank goes through
PUT /api/events/{event_id}/committee/bank-account.
4. APIs touched¶
| Method | Endpoint |
|---|---|
| GET | /api/events/{event_id}/committee |
| POST | /api/events/{event_id}/committee |
| POST | /api/events/{event_id}/committee/members |
| PUT | /api/admin/events/{event_id}/committee/credentials |
| PUT | /api/events/{event_id}/committee/bank-account |
| PUT | /api/admin/events/{event_id}/committee/vendor-access?enabled=true|false |
| GET | /api/admin/events/{event_id}/committee/available-members |
5. Data model¶
event_committees
id, event_id, society_id, child_society_id (inherited),
name, description,
committee_email, password_hash,
bank_account: { account_holder_name, bank_name, account_number, ifsc_code, upi_id },
members: [{ user_id, name, email, phone, role, policy_accepted, … }],
can_view_vendor_applications: bool,
status, created_at, updated_at
6. Edge cases & FAQ¶
- Forgot committee password → admin opens Edit Settings and types a
new one (gets hashed). The committee dashboard at
/api/committee-dashboardimmediately accepts the new credentials. - Cross-society leak (closed) — historic bug fixed in Apr 2026: the Pick-From-Other-Committee list previously could leak across societies. Now strictly society + phase scoped.
7. Related MOPs¶
- MOP 2.5 — Committee Submissions Approval (Step 5 wizard)
- MOP 3.3 — Committee Member Content Submission