Admin Guide

Admin Guide

GammaCMS administrators oversee organizations, permissions, billing, and integration surfaces. Use this guide as your checklist for keeping hotel clients running smoothly.

Responsibilities at a Glance

  • Provision new hotel organizations and invite stakeholders.
  • Configure access controls, templates, and automations before the content team begins work.
  • Monitor usage, billing status, and integration health.
  • Coordinate with engineering when extending the platform (custom domains, new templates, API access).

1. Organization Lifecycle

Create an Organization

  1. Sign in as a platform operator (superuser) via /admin/.
  2. Navigate to Organizations → Organizations and click Add Organization.
  3. Provide the property name, slug, primary contact email, and billing contact details.
  4. Optionally toggle Enable Templates to seed default hotel pages during onboarding.
  5. Save — the organization is now visible inside the dashboard for invited members.

Invite the Hotel Team

  1. Open the web app → Dashboard → Team (or /dashboard/team).
  2. Click Invite Member.
  3. Enter the team member’s email address and choose an initial role:
    • Owner: full administrative control, including billing and API access.
    • Admin: manage content, team members, API keys, and webhooks.
    • Editor: manage content only.
    • Viewer: read-only analytics and published content.
  4. Click Send Invite — the recipient receives a secure invite link. Pending invites are listed in the same view.

Enforce Role Hygiene

  • Review membership quarterly: remove departed staff or vendors.
  • Downgrade permissions when contractors move off a project.
  • Use owners sparingly. Each hotel should have at least two owners to avoid lockouts, but no more than five.

2. Templates and Default Content

Site Templates

GammaCMS ships with a Hotel Classic template that pre-populates:

  • Home, Rooms & Suites, Dining, Experiences, and Contact pages.
  • Primary and footer navigation menus.
  • Lexical-powered sections configured for hero, highlights, testimonials, and CTA blocks.

When creating a site, select a template in Dashboard → Sites → New Site. Administrators can add or tweak templates in backend/sites/services/site_template_service.py and redeploy.

Page Builder Policies

  • Lock critical sections (e.g., hero banners) by applying permissions in the section metadata.
  • Encourage editors to use the Preview mode before publishing.
  • Remind teams to keep metadata up to date — SEO title/description fields live in the Settings tab inside the editor.

3. Billing & Usage

Plans and Subscriptions

  1. Navigate to Dashboard → Billing.
  2. Review current subscription level (starter, growth, or enterprise).
  3. Upgrade/downgrade plans via Stripe customer portal (linked from the billing page).

Usage Monitoring

The billing API aggregates usage records nightly via Celery. Key metrics:

  • Media storage (GB): summed from cms_media.MediaFile.file_size.
  • Media files count: total assets in the media library.
  • API calls: counted per API key under rate limiting.

Admins can trigger recalculation with python manage.py billing_update_usage --organization <slug> (helpful after large imports).

Alerts

  • Over 90% plan utilization → UI surfaces a red badge and emails owners.
  • Exceeded limits: API responses include X-RateLimit-Remaining: 0 plus Retry-After headers.

4. Integrations

API Keys

  • Location: Dashboard → Settings → API Keys.
  • Create keys for each integration (hotel website, concierge app, marketing partner).
  • Apply scoped permissions via JSON (e.g., { "pages": "read" }) when fine-grained access ships.
  • Rotate keys quarterly. Revoking instantly blocks requests; clients receive HTTP 401.

Webhooks

  • Location: Dashboard → Settings → Webhooks.
  • Subscribe endpoints to events such as page.published or media.uploaded.
  • Each webhook stores delivery stats and retry history (Celery handles exponential backoff).
  • Encourage partners to verify signature headers: X-GammaCMS-Signature (HMAC SHA256).

Third-Party Destinations

Common hotel integrations:

  • Booking engines (SynXis, Cloudbeds): consume page data via public API to sync promotions.
  • Marketing automation (HubSpot, Mailchimp): use webhooks for publish/unpublish events.
  • Digital signage: use public API with high rate limits — create dedicated keys.

5. Security & Compliance

  • MFA: Enforce SSO or MFA for owners via your identity provider.
  • Audit trail: Admins can query pages_pageversion to track page edits; expose UI in future sprints.
  • PII handling: Contact form submissions should flow to external CRM systems. Do not store PCI data inside GammaCMS.
  • Backups: PostgreSQL dumps nightly; store in cloud storage with 30-day retention. Media files replicate via object storage lifecycle rules.
  • Incident response: Document an escalation path — engineering on-call + hotel IT contact.

6. Operations Checklist

CadenceTaskNotes
WeeklyReview webhook failuresFilter by status failed and resolve endpoint issues.
WeeklyCheck Celery healthdocker compose logs celery or /admin/celery monitoring.
MonthlyVerify Stripe payoutsDownload statements and reconcile with usage metrics.
QuarterlyRotate API keys & secretsNotify integrations in advance.
QuarterlyAccess reviewEnsure only active hotel staff retain access.
ReleaseUpdate docsAlign admin guide and tutorials with new capabilities.

7. Support Flow

  1. Level 1 (Hotel Staff): Reference the User Guide and Tutorials.
  2. Level 2 (Admin): Troubleshoot using this guide, review logs in /admin/ and docker compose logs.
  3. Level 3 (Engineering): File an issue in the internal tracker with repro steps, logs, and screenshots.

Document every resolution so future admins can self-serve.

User GuideDeployment