No warning history for this member.
No audit entries for this member.
No notes for this member.
No active probation for this member.
Health score not yet calculated for this member.
No health score data available yet. Scores are calculated automatically.
Interest tags let members opt-in to topics they care about. Admins define the available tags here.
Members can then select their interests from their profile or via the /interest bot command.
No interest tags defined yet.
No referral data yet. Members earn referral credits when they invite others to the group.
No pending GDPR deletion requests.
Commands the bot listens for and replies to automatically. Supports
{first_name}
{username}
{group_name}
{command_list}
{event_list}
placeholders. Enable Random from array to make the bot pick a random reply each time.
{first_name}
{username}
{group_name}
{command_list}
{event_list}
Random mode
The group context controls which group's data you see in every page — events, members, shifts and settings all filter by the currently selected group.
localStorage.Context hierarchy: Group → Organisation → Tenant. Settings, modules and ABAC policies cascade — a group override takes precedence over the org, which takes precedence over global.
Community Manager uses Attribute-Based Access Control (ABAC). Policies are evaluated in priority order — the first matching policy wins.
Policy fields:
Roles are assigned per admin user. A user can have multiple roles. Roles are free-form strings that you create — there are no hardcoded role names except super, which bypasses all policy checks.
Each feature module can be independently enabled or disabled per group, organisation, or globally. Disabled modules are hidden from the sidebar and their API endpoints return 403 for the relevant context.
Available modules:
Go to Settings → Modules to change the toggles for the current group context. The cascade means: if a module is disabled at the org level, all groups in that org inherit the disabled state unless they explicitly override it.
Community members submit events via the public /submit page. They land in Pending Events until approved or rejected by an admin.
Approval workflow:
All Events gives a full searchable/filterable table with bulk actions (bulk approve, bulk reject, export CSV).
Ticket tiers (WooCommerce): Add paid ticket tiers (name, price, capacity) when creating or editing an event to auto-create a hidden WooCommerce product with one variation per tier. Publishing happens automatically on approval; editing a tier's price re-syncs the WooCommerce variation, and cancelling the event unpublishes the product. This is a separate mechanism from Stripe ticketing — pick one per event.
Open shifts & recruiting volunteers: Events with unfilled shifts show a "Recruit Staff" prompt — sending it posts a call-for-volunteers message to the event's Telegram topic (or the group if no topic). Public open shifts across all events are listed via the [cm_open_shifts] WordPress shortcode and the portal's Volunteer tab; see the Staff App and WordPress Plugin help topics.
Telegram Users shows every member the bot has seen in this group with their TOS status, warning count and ban state.
Warn / Ban actions:
TOS Status tracks who has accepted the current TOS revision. Members who haven't accepted appear in the acceptance queue. Use Bump Revision to push a new TOS version — all members are queued to re-accept.
Manage staff and volunteer shifts with a calendar view. The bot sends Telegram notifications to assigned users at shift start (timing is configurable).
Creating a shift:
Open shifts: Leave the assigned admin user blank (or check Open) to publish an unclaimed shift — it shows as Open Slot until a staff/volunteer member claims it. Claiming is first-come-first-served; a second claim attempt on an already-claimed shift is rejected.
Use Recruit Staff on an event with open shifts to post a call-for-volunteers message to its Telegram topic. Volunteers can also browse and claim open shifts from the Staff App (see the Staff App help topic) or the public [cm_open_shifts] / portal Volunteer tab embeds.
The Staff App is a separate installable PWA where volunteers and staff view and claim shifts, without needing an admin-panel account. It is a distinct login system from the admin panel — it has no ABAC roles and cannot access admin data.
Login methods — enable/disable each under Settings → PWA:
ciamlogin.com vs login.microsoftonline.com), different credentials, and it does not assign ABAC roles. Register /api/schedule/entra-callback as the Redirect URI in your Entra app registration.Once signed in, staff can view their upcoming shifts, check in/out, and claim open shifts. See the Schedule help topic for how open shifts are created.
Past event Telegram topics can be archived for later reference. Members can request access to archives via the public /archive page.
Archive Requests lists pending access requests. Approving a request grants the member read access to the archived topic via Telethon.
Sync: Use the Sync Messages button to pull new messages from Telegram into the local archive database via Telethon.
Settings are scoped — group-level settings override org-level, which override global. Changes here only affect the current group context unless you are editing at org or global level.
The dashboard shows a live overview of activity for the current group context. It auto-refreshes every 30 seconds (toggle with the Auto checkbox).
Customising the layout:
localStorage — each user can have their own dashboard arrangement.Click your username in the top-right to access account and security settings.
The Audit Log (System → Audit Log) records all admin actions with timestamps, actor, category and detail — filterable by keyword, category and time period.
The ID Cards module lets you issue physical and digital membership cards to Telegram group members. Each card has a unique number, QR code, optional RFID UID, tier/type, expiry and a printable/wallet view.
Cards can be issued individually or in bulk.
Individual issue (Issue Card button):
Bulk issue (Bulk / Import):
telegram_id, holder_name, tier, card_type, expires_at.Members can check in via QR scan, RFID tap, or card number lookup. Each check-in logs a timestamp, method and optional event link.
Check-in methods:
POST /api/id-cards/checkin-rfid using its bearer token.The check-in page (/pages/id-card-checkin.html) supports Web NFC on Android Chrome and can be installed as a Progressive Web App (PWA) for kiosk use.
Install as PWA (Android Chrome):
NFC scanning:
?token= parameter, or a plain-text token string. Use any NFC writer app to program physical tags.QR tokens rotate automatically before expiry to prevent screenshot reuse.
RFID UIDs are physical card identifiers registered to a member card:
RFID Readers are registered under RFID Readers in the sidebar. Each reader gets a bearer token used to authenticate its API calls. Rotate the token if a reader is compromised.
The Card Designer is a live WYSIWYG editor for the visual appearance of printed and wallet cards. Templates are saved to the database and can be set as the group default.
Creating a template:
When Require Approval is enabled in Settings, new cards start in pending_approval state and appear in the Approval Queue.
WooCommerce sync links membership subscriptions and orders to ID cards — auto-issuing, renewing and setting tier/expiry from Woo data.
Setup:
/api/id-cards/woo-webhook for Order updated and Subscription updated topics. Set the secret to match your Webhook secret setting.Members can renew their cards without admin involvement using a time-limited Telegram link.
/pages/id-card-renewal.html — member confirms via Telegram OTP.The Community Manager WordPress plugin embeds public-facing pages (events, schedule, archive, ID card wallet) into any WordPress site via Gutenberg blocks or shortcodes.
Install steps:
.zip from the API Keys page).community-manager.zip.The plugin authenticates to Community Manager using an API Key scoped to a specific group.
The plugin provides Gutenberg blocks for the block editor and equivalent shortcodes for classic editor / page builders.
[cm_events][cm_schedule][cm_archive][cm_id_card][cm_map][cm_open_shifts][cm_portal]Block options (set in block sidebar in Gutenberg):
dark (default) or lightEach block embeds a public page from Community Manager inside a responsive iframe. The iframe auto-resizes to fit content height via a postMessage script.
Public pages available for embedding:
All pages accept a ?theme=light query parameter. Append &embedded=1 to remove the standalone page chrome when inside an iframe.
<iframe> tag — include embed-resize.js from the CM public folder to enable auto-height.The ID Card block ([cm_id_card]) embeds the member wallet page. Because it is token-authenticated, the flow works as follows:
Common issues and fixes:
.htaccess or nginx config.embed-resize.js script is loading. Check for Content Security Policy headers blocking postMessage on either domain.?token= query string fallback is enabled in CM (Request.php bearerToken method).Found under System → Analytics in the sidebar.
php manage.php run-jobs or WP-cron.Extended sections on the Security page (user menu → Security Settings):
security.FOUR_EYES_ENABLED is on, destructive actions need a second admin to approve. Pending requests list here.security.LOGIN_ALERT_ENABLED in Global Settings.Platform Management is visible only to super users. It controls the top-level hierarchy of the installation.
Hierarchy: Tenant → Organisation → Group. All data and settings cascade down this tree — a setting at tenant level applies to all orgs and groups unless overridden lower down.
Use your API key to fetch public events from any site:
GET /api/public/events?api_key=cm_xxxxxxxxxxxx
Or pass it as a header:
X-Api-Key: cm_xxxxxxxxxxxx
Optional filters:
from=2025-01-01— events on or after this dateto=2025-12-31— events on or before this date
In WordPress, add the key in Settings → Community Manager and use the [cm_map] shortcode.
Issue ID Card
Import Cards from CSV
telegram_username, card_tier, card_type, expires_at, holder_name, holder_email
CM → CM-20241001-A1B2Standard, Silver, Gold, StaffMember, Volunteer, Staff, Guest300 (5 min)/mycard, check-in alerts, renewal links). Falls back to the event bot token if left blank.ck_…)pass.com.yourorg.idcard-----BEGIN CERTIFICATE----- headers)| CARD | MEMBER | EXPIRES |
|---|---|---|
| # | MEMBER | SCORE | VISITS |
|---|---|---|---|
| MEMBER | FIRST SEEN | LAST SEEN | VISITS |
|---|---|---|---|
telegram_id, holder_name.
Optional: holder_email, card_tier, card_type, expires_at, notes
| # | telegram_id | holder_name | tier | type | expires_at |
|---|---|---|---|---|---|
Check-in Log
All check-in events across active cards
| Date / Time | Card | Holder | Method | Result | Reject Reason | Reader / IP | Actions |
|---|---|---|---|---|---|---|---|
| No check-in events found. | |||||||
| — | |||||||
Preview at 85.6 × 54 mm (ID-1). Click Front / Back to preview each face. Changes reflect immediately.
/api/updater/auto-check?secret=… will apply updates automatically and notify via Telegram.
read_api + read_package_registry scopes. Required to download release ZIPs.cm-web matches cm-web-v2.1.0).