Add a role ``Sales``

cornelinux · September 9, 2017, 7:26am

It would be great if it was possible to have lower priviledged accounts.

At the moment there are only Administrators and Guests.
It has been asked for roles before (Role-based access control (RBAC)), but I think for me it is not necessary to define complicated roles on my own.

If there is a sales person, who writes quotes and invoices, this sales person has to be able to do most of the tasks like:

add and change customers
add and change products
write and modify quotes and invoices

I could wonder, if I would have to disallow this sales person, to delete customers. Hey, but after all these are his customers. So I think we should keep things simple here. Customers is something the sales person is familiar with, so he will not delete these objects.

But I would feel more comforable if such a sales person was not able to reconfigure invoiceplane. So here are things which I would like to disallow the sales person:

customer fields
tax
templates
numbers
user accounts
system settings

actually everything in the settings menu except the invoice archive.

I think this would be a lower hanging fruit than adding a complete role based access system…

In fact we would add a role Sales to the administrators and guests.

I am personally fine with deleting invoices (User roles and accounts).
Hey, we have a daily backup, we have the invoice archive and we have the possibility to delete the sales person who is deleting invoices

What do you think?

If you give me some pointes, I would take a look at the effort to do this.

DevBot · September 9, 2017, 8:05am

Last Update: 09.09.2017

cornelinux · January 30, 2018, 10:07pm

When implementing such roles we would need to check for:

$this->session->userdata('user_type') == role_id

Then we would need to check in e.g. function delete of invoices, if the user has a certain role.
Well, but I think it might make more sense to add a list of allowed actions to the userdata. Then it is simpler to define new roles, which would only be a set of actions - RBAC.

Then within the function delete we could check, if the user has the right to delete invoices…

Kovah · January 31, 2018, 9:10am

The question is if it makes sense to pick these low hanging fruits. I think it may make sense to just rebuild the system now, doing it right from the start instead of just modifying it.

cornelinux · January 31, 2018, 11:05am

You are right. As I posted yesterday, this might not even be that difficult.

aatech · June 6, 2022, 8:09pm

Hi guys. We’re you able to create the sales role?