josh/BarangaySystem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3fbeb0ca770cb19aedef0d393981728de4645fb2
BarangaySystem/docs/completed/prt-20260403030000.md
Jonathan Sykes eb4a5731fb initial: bootstrap from BukidBountyApp base
2026-06-06 18:43:00 +08:00

57 lines
2.7 KiB
Markdown
Raw Blame History

# Plan: Store and Product Management Refactoring (RBAC Hardening)
This plan outlines the implementation of stricter role-based access control (RBAC) for Store and Product management, following the "Big 3" hierarchy and supporting multiple store managers.
## 🏗️ Technical Approach
### 1. Data Architecture: Multiple Store Managers
- **New Table**: `store_managers`
- `id` (INT)
- `hashkey` (VARCHAR 300, unique)
- `store_id` (INT, foreign key to `str`)
- `user_id` (INT, foreign key to `users`)
- `created_by` (INT)
- `updated_by` (INT)
- `is_active` (BOOLEAN, default true)
- `created_at`, `updated_at`
- **Model**: `App\Models\Market\StoreManager`
- **Relationship**: `Store` hasMany `StoreManager` (and `belongsToMany` via `users`).
### 2. RBAC: The "Big 3"
- **Definition**: `ULTIMATE`, `SUPER_OPERATOR`, `OPERATOR`.
- **Global Access**: The Big 3 can list, view, and manage ANY store.
- **Hierarchy Access**: Other roles (e.g., Coordinator, Supplier Overseer) can only list or manage stores where they are a direct or indirect parent of the Store Owner OR any of the Store Managers.
- **Global Product Editing**: Restrict `ModifyAllProducts` action to only the Big 3.
### 3. Controller Refactoring
- **StoreController**:
- `listStores_Admin`: Implement strict hierarchy-based filtering for non-Big 3 users.
- `update`: Enforce hierarchy-based check to prevent unauthorized modifications.
- `viewStoreDetails`: Ensure correct "can_edit" flag based on hierarchy.
- **ProductController**:
- `editProductAdmin`: Change global edit logic - allow ONLY Big 3 to edit global product fields. Remove the "creator can edit globally" for non-Big 3 if they don't have the permission.
- `AssignProductToOwnStore`: Update to include check for multiple managers.
## 🛠️ Components to Update
### Backend
- `app/Http/Controllers/Market/StoreController.php`
- `app/Http/Controllers/Market/ProductController.php`
- `app/Http/Controllers/Helpers/Permissions/ProductPermissions.php`
- `app/Http/Controllers/Helpers/Permissions/UserPermissions.php`
- `app/Models/Market/Store.php`
- `app/Models/Market/StoreManager.php` (New)
### Frontend
- `resources/js/Pages/CreateStore.vue`: Add multi-manager selection.
- `resources/js/Pages/EditStore.vue`: Update management UI.
- `resources/js/Pages/ManageProductAdmin.vue`: Enforce global edit restrictions in the UI.
## 📅 Phases
1. **Phase 1: Database and Models** (Migration and StoreManager model).
2. **Phase 2: RBAC Logic Hardening** (Update Permissions helpers).
3. **Phase 3: Store Management Refactoring** (Hierarchy-based filtering).
4. **Phase 4: Product Management Refactoring** (Global edit restrictions).
5. **Phase 5: UI Integration** (Multi-manager picker and permission guards).
Reference in New Issue View Git Blame Copy Permalink