Open ghost opened 12 years ago
For speed of implementation the client list a user is limited to is one client or all clients. Will add a list of client s functionality later. But for now the need is to have a client see their data in certain sections ie Site/Meter/Contract/Tender.
Access is restricted to areas of the application via ACL ( Access Control List ) according to the role the user has and views are redered according to permissions ( view/add/edit ) the user has. This is a much more flexible and powerful approach as it allows for revoking permissions quickly and is stored in one place.
All data in the table lists are filtered via the user's 'client list' which is stored in the database in the user field 'user_accessClient'.
An area in the user section can be added so that admin can add/edit roles and permissions if this is required.
if any user has accessClientset, then all commission fields are hidden. @epounce I have implement this as to our discussion today, I lot easier than at first thought. This is filtered in the IsAllowed view helper.
Update USER section to provide list of clients the user can access. Ristrict access in all sections when User has a "client list". Hide all commission fields and invoice data when User has a "client list". ??