josh/BarangaySystem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
eb4a5731fb95119509c701c423a1bcb6ec62692b
BarangaySystem/docs/completed/prt-20260403030000.md
Jonathan Sykes eb4a5731fb initial: bootstrap from BukidBountyApp base
2026-06-06 18:43:00 +08:00

2.7 KiB
Raw Blame History

Plan: Store and Product Management Refactoring (RBAC Hardening)

This plan outlines the implementation of stricter role-based access control (RBAC) for Store and Product management, following the "Big 3" hierarchy and supporting multiple store managers.

🏗️ Technical Approach

1. Data Architecture: Multiple Store Managers

  • New Table: store_managers
    • id (INT)
    • hashkey (VARCHAR 300, unique)
    • store_id (INT, foreign key to str)
    • user_id (INT, foreign key to users)
    • created_by (INT)
    • updated_by (INT)
    • is_active (BOOLEAN, default true)
    • created_at, updated_at
  • Model: App\Models\Market\StoreManager
  • Relationship: Store hasMany StoreManager (and belongsToMany via users).

2. RBAC: The "Big 3"

  • Definition: ULTIMATE, SUPER_OPERATOR, OPERATOR.
  • Global Access: The Big 3 can list, view, and manage ANY store.
  • Hierarchy Access: Other roles (e.g., Coordinator, Supplier Overseer) can only list or manage stores where they are a direct or indirect parent of the Store Owner OR any of the Store Managers.
  • Global Product Editing: Restrict ModifyAllProducts action to only the Big 3.

3. Controller Refactoring

  • StoreController:
    • listStores_Admin: Implement strict hierarchy-based filtering for non-Big 3 users.
    • update: Enforce hierarchy-based check to prevent unauthorized modifications.
    • viewStoreDetails: Ensure correct "can_edit" flag based on hierarchy.
  • ProductController:
    • editProductAdmin: Change global edit logic - allow ONLY Big 3 to edit global product fields. Remove the "creator can edit globally" for non-Big 3 if they don't have the permission.
    • AssignProductToOwnStore: Update to include check for multiple managers.

🛠️ Components to Update

Backend

  • app/Http/Controllers/Market/StoreController.php
  • app/Http/Controllers/Market/ProductController.php
  • app/Http/Controllers/Helpers/Permissions/ProductPermissions.php
  • app/Http/Controllers/Helpers/Permissions/UserPermissions.php
  • app/Models/Market/Store.php
  • app/Models/Market/StoreManager.php (New)

Frontend

  • resources/js/Pages/CreateStore.vue: Add multi-manager selection.
  • resources/js/Pages/EditStore.vue: Update management UI.
  • resources/js/Pages/ManageProductAdmin.vue: Enforce global edit restrictions in the UI.

📅 Phases

  1. Phase 1: Database and Models (Migration and StoreManager model).
  2. Phase 2: RBAC Logic Hardening (Update Permissions helpers).
  3. Phase 3: Store Management Refactoring (Hierarchy-based filtering).
  4. Phase 4: Product Management Refactoring (Global edit restrictions).
  5. Phase 5: UI Integration (Multi-manager picker and permission guards).