Add a role ``Sales``

It would be great if it was possible to have lower priviledged accounts.

At the moment there are only Administrators and Guests.
It has been asked for roles before (Role-based access control (RBAC)), but I think for me it is not necessary to define complicated roles on my own.

If there is a sales person, who writes quotes and invoices, this sales person has to be able to do most of the tasks like:

  • add and change customers
  • add and change products
  • write and modify quotes and invoices

I could wonder, if I would have to disallow this sales person, to delete customers. Hey, but after all these are his customers. So I think we should keep things simple here. Customers is something the sales person is familiar with, so he will not delete these objects.

But I would feel more comforable if such a sales person was not able to reconfigure invoiceplane. So here are things which I would like to disallow the sales person:

  • customer fields
  • tax
  • templates
  • numbers
  • user accounts
  • system settings

actually everything in the settings menu except the invoice archive.

I think this would be a lower hanging fruit than adding a complete role based access system…

In fact we would add a role Sales to the administrators and guests.

I am personally fine with deleting invoices (User roles and accounts).
Hey, we have a daily backup, we have the invoice archive and we have the possibility to delete the sales person who is deleting invoices :wink:

What do you think?

If you give me some pointes, I would take a look at the effort to do this.

Last Update: 09.09.2017

When implementing such roles we would need to check for:

$this->session->userdata('user_type') == role_id

Then we would need to check in e.g. function delete of invoices, if the user has a certain role.
Well, but I think it might make more sense to add a list of allowed actions to the userdata. Then it is simpler to define new roles, which would only be a set of actions - RBAC.

Then within the function delete we could check, if the user has the right to delete invoices…

The question is if it makes sense to pick these low hanging fruits. I think it may make sense to just rebuild the system now, doing it right from the start instead of just modifying it.

1 Like

You are right. As I posted yesterday, this might not even be that difficult.

Hi guys. We’re you able to create the sales role?