diff --git a/web/dashboard/messages/ar.json b/web/dashboard/messages/ar.json index 33cec9d..b9276b3 100644 --- a/web/dashboard/messages/ar.json +++ b/web/dashboard/messages/ar.json @@ -1256,34 +1256,106 @@ "saveError": "فشل حفظ الدور", "deleteConfirm": "حذف الدور «{name}»؟ سيعود الموظفون إلى صلاحيات دورهم الأساسي.", "groupAdmin": "إدارة المقهى", - "groupMenu": "القائمة والمخزون", - "groupStaff": "الموظفون", - "groupCustomer": "العملاء والطاولات", + "groupBranches": "الفروع", + "groupMenu": "القائمة", + "groupInventory": "المخزون", + "groupTaxes": "الضرائب", + "groupStaff": "الموظفون والموارد البشرية", + "groupTables": "الطاولات والحجوزات", + "groupOrders": "الطلبات ونقطة البيع", + "groupRegister": "الصندوق والنقد", + "groupQueueKitchen": "الانتظار والمطبخ", + "groupDelivery": "التوصيل", + "groupCustomers": "العملاء", + "groupCoupons": "الكوبونات", + "groupMarketing": "التسويق والتقييمات", "groupReports": "التقارير والمالية", - "groupOps": "عمليات الصندوق", - "groupKitchen": "المطبخ والتوصيل", + "groupExpenses": "المصروفات", "perm": { - "ManageCafeSettings": "إعدادات المقهى", - "ManageBilling": "الاشتراك والفواتير", - "ManageBranches": "إدارة الفروع", - "ManageMenu": "إدارة القائمة", - "ManageInventory": "المخزون", - "ManageTaxes": "الضرائب", - "ManagePrintSettings": "إعدادات الطباعة", - "ManageStaff": "إدارة الموظفين", - "ManageSalaries": "الرواتب", - "ReviewLeave": "طلبات الإجازة", - "ManageReservations": "الحجوزات", - "ManageTables": "الطاولات", - "ManageCoupons": "الكوبونات", - "ViewReports": "التقارير", - "ManageExpenses": "المصروفات", - "ProcessOrders": "معالجة الطلبات", - "HandlePayments": "المدفوعات", - "OperateRegister": "الصندوق", - "ManageQueue": "قائمة الانتظار", + "ViewCafeSettings": "عرض إعدادات المقهى", + "ManageCafeSettings": "تعديل إعدادات المقهى", + "ManageDiscoverProfile": "الملف العام و«كوجا»", + "ViewBilling": "عرض الفواتير", + "ManageBilling": "إدارة الاشتراك والفواتير", + "ManageRoles": "إدارة الأدوار", + "ViewPrintSettings": "عرض إعدادات الطباعة", + "ManagePrintSettings": "تعديل إعدادات الطباعة", + "ViewBranches": "عرض الفروع", + "CreateBranch": "إنشاء فرع", + "EditBranch": "تعديل فرع", + "DeleteBranch": "حذف فرع", + "ViewMenu": "عرض القائمة", + "CreateMenuItem": "إضافة أصناف", + "EditMenuItem": "تعديل الأصناف", + "DeleteMenuItem": "حذف الأصناف", + "ViewInventory": "عرض المخزون", + "CreateInventory": "إضافة للمخزون", + "EditInventory": "تعديل المخزون والكميات", + "DeleteInventory": "حذف من المخزون", + "ViewTaxes": "عرض الضرائب", + "CreateTax": "إنشاء ضريبة", + "EditTax": "تعديل ضريبة", + "DeleteTax": "حذف ضريبة", + "ViewStaff": "عرض الموظفين", + "CreateStaff": "إضافة موظف", + "EditStaff": "تعديل موظف", + "DeleteStaff": "حذف موظف", + "ManageStaff": "تعيين أدوار الفروع", + "ManageStaffCredentials": "إدارة بيانات الدخول", + "ViewAttendance": "عرض الحضور", + "ManageAttendance": "إدارة الحضور", + "ViewSchedules": "عرض المناوبات", + "ManageSchedules": "إدارة المناوبات", + "ViewLeave": "عرض طلبات الإجازة", + "ReviewLeave": "اعتماد الإجازات", + "ViewSalaries": "عرض الرواتب", + "ManageSalaries": "إدارة الرواتب", + "ViewTables": "عرض الطاولات", + "ManageTables": "إدارة الطاولات والأقسام", + "ViewReservations": "عرض الحجوزات", + "CreateReservation": "إنشاء حجز", + "EditReservation": "تعديل حجز", + "DeleteReservation": "حذف حجز", + "ViewOrders": "عرض الطلبات", + "ProcessOrders": "تسجيل الطلبات", + "EditOrder": "تعديل الطلبات", + "VoidOrder": "إبطال / إلغاء الطلبات", + "RefundOrder": "استرداد الطلبات", + "ApplyDiscount": "تطبيق الخصومات", + "CompOrder": "طلب مجاني (ضيافة)", + "HandlePayments": "استلام المدفوعات", + "UpdateOrderStatus": "تحديث حالة الطلب", + "OperateRegister": "فتح / إغلاق الصندوق", + "OpenCashDrawer": "فتح درج النقود (بدون بيع)", + "ViewQueue": "عرض قائمة الانتظار", + "ManageQueue": "إدارة قائمة الانتظار", "ViewKitchen": "شاشة المطبخ", - "HandleDelivery": "التوصيل" + "ManageKitchenStations": "إدارة محطات المطبخ", + "ViewDelivery": "عرض التوصيل", + "HandleDelivery": "إدارة التوصيل", + "AssignDelivery": "تعيين السائق", + "ViewCustomers": "عرض العملاء", + "CreateCustomer": "إضافة عميل", + "EditCustomer": "تعديل عميل", + "DeleteCustomer": "حذف عميل", + "ViewCoupons": "عرض الكوبونات", + "CreateCoupon": "إنشاء كوبون", + "EditCoupon": "تعديل كوبون", + "DeleteCoupon": "حذف كوبون", + "ViewSms": "عرض الرسائل", + "SendSms": "إرسال حملات الرسائل", + "ManageSmsSettings": "إعدادات الرسائل", + "ViewReviews": "عرض التقييمات", + "ManageReviews": "الرد على التقييمات وإدارتها", + "ViewReports": "عرض التقارير", + "ExportReports": "تصدير التقارير", + "ViewAuditLog": "عرض سجل العمليات", + "ViewFinancials": "عرض المالية (الأرباح والخسائر)", + "ManageFinancials": "تصحيح سندات الدفع", + "ViewExpenses": "عرض المصروفات", + "CreateExpense": "إضافة مصروف", + "EditExpense": "تعديل مصروف", + "DeleteExpense": "حذف مصروف" } }, "appearance": { diff --git a/web/dashboard/messages/en.json b/web/dashboard/messages/en.json index 4bc949f..3ccd5aa 100644 --- a/web/dashboard/messages/en.json +++ b/web/dashboard/messages/en.json @@ -1328,34 +1328,106 @@ "saveError": "Failed to save role", "deleteConfirm": "Delete role '{name}'? Employees will revert to their base role permissions.", "groupAdmin": "Café Administration", - "groupMenu": "Menu & Inventory", - "groupStaff": "Staff", - "groupCustomer": "Customer & Tables", + "groupBranches": "Branches", + "groupMenu": "Menu", + "groupInventory": "Inventory", + "groupTaxes": "Taxes", + "groupStaff": "Staff & HR", + "groupTables": "Tables & Reservations", + "groupOrders": "Orders & POS", + "groupRegister": "Register & Cash", + "groupQueueKitchen": "Queue & Kitchen", + "groupDelivery": "Delivery", + "groupCustomers": "Customers", + "groupCoupons": "Coupons", + "groupMarketing": "Marketing & Reviews", "groupReports": "Reports & Finance", - "groupOps": "Register Operations", - "groupKitchen": "Kitchen & Delivery", + "groupExpenses": "Expenses", "perm": { - "ManageCafeSettings": "Café settings", - "ManageBilling": "Billing & subscription", - "ManageBranches": "Manage branches", - "ManageMenu": "Menu management", - "ManageInventory": "Inventory", - "ManageTaxes": "Taxes", - "ManagePrintSettings": "Print settings", - "ManageStaff": "Staff management", - "ManageSalaries": "Salaries", - "ReviewLeave": "Leave requests", - "ManageReservations": "Reservations", - "ManageTables": "Tables", - "ManageCoupons": "Coupons", - "ViewReports": "Reports", - "ManageExpenses": "Expenses", - "ProcessOrders": "Process orders", - "HandlePayments": "Handle payments", - "OperateRegister": "Register", - "ManageQueue": "Queue", + "ViewCafeSettings": "View café settings", + "ManageCafeSettings": "Edit café settings", + "ManageDiscoverProfile": "Discover & public profile", + "ViewBilling": "View billing", + "ManageBilling": "Manage billing & subscription", + "ManageRoles": "Manage roles", + "ViewPrintSettings": "View print settings", + "ManagePrintSettings": "Edit print settings", + "ViewBranches": "View branches", + "CreateBranch": "Create branch", + "EditBranch": "Edit branch", + "DeleteBranch": "Delete branch", + "ViewMenu": "View menu", + "CreateMenuItem": "Add menu items", + "EditMenuItem": "Edit menu items", + "DeleteMenuItem": "Delete menu items", + "ViewInventory": "View inventory", + "CreateInventory": "Add inventory", + "EditInventory": "Edit inventory & stock", + "DeleteInventory": "Delete inventory", + "ViewTaxes": "View taxes", + "CreateTax": "Create tax", + "EditTax": "Edit tax", + "DeleteTax": "Delete tax", + "ViewStaff": "View staff", + "CreateStaff": "Add staff", + "EditStaff": "Edit staff", + "DeleteStaff": "Remove staff", + "ManageStaff": "Assign branch roles", + "ManageStaffCredentials": "Manage login credentials", + "ViewAttendance": "View attendance", + "ManageAttendance": "Manage attendance", + "ViewSchedules": "View schedules", + "ManageSchedules": "Manage schedules", + "ViewLeave": "View leave requests", + "ReviewLeave": "Approve leave requests", + "ViewSalaries": "View salaries", + "ManageSalaries": "Manage salaries", + "ViewTables": "View tables", + "ManageTables": "Manage tables & sections", + "ViewReservations": "View reservations", + "CreateReservation": "Create reservation", + "EditReservation": "Edit reservation", + "DeleteReservation": "Delete reservation", + "ViewOrders": "View orders", + "ProcessOrders": "Take orders", + "EditOrder": "Edit orders", + "VoidOrder": "Void / cancel orders", + "RefundOrder": "Refund orders", + "ApplyDiscount": "Apply discounts", + "CompOrder": "Comp (free) orders", + "HandlePayments": "Take payments", + "UpdateOrderStatus": "Update order status", + "OperateRegister": "Open / close register", + "OpenCashDrawer": "Open cash drawer (no-sale)", + "ViewQueue": "View queue", + "ManageQueue": "Manage queue", "ViewKitchen": "Kitchen display", - "HandleDelivery": "Delivery" + "ManageKitchenStations": "Manage kitchen stations", + "ViewDelivery": "View delivery", + "HandleDelivery": "Handle delivery", + "AssignDelivery": "Assign delivery", + "ViewCustomers": "View customers", + "CreateCustomer": "Add customers", + "EditCustomer": "Edit customers", + "DeleteCustomer": "Delete customers", + "ViewCoupons": "View coupons", + "CreateCoupon": "Create coupon", + "EditCoupon": "Edit coupon", + "DeleteCoupon": "Delete coupon", + "ViewSms": "View SMS", + "SendSms": "Send SMS campaigns", + "ManageSmsSettings": "SMS settings", + "ViewReviews": "View reviews", + "ManageReviews": "Reply & moderate reviews", + "ViewReports": "View reports", + "ExportReports": "Export reports", + "ViewAuditLog": "View audit log", + "ViewFinancials": "View financials (P&L)", + "ManageFinancials": "Payment corrections", + "ViewExpenses": "View expenses", + "CreateExpense": "Add expense", + "EditExpense": "Edit expense", + "DeleteExpense": "Delete expense" } }, "appearance": { diff --git a/web/dashboard/messages/fa.json b/web/dashboard/messages/fa.json index 84723d0..aab94db 100644 --- a/web/dashboard/messages/fa.json +++ b/web/dashboard/messages/fa.json @@ -1329,34 +1329,106 @@ "saveError": "ذخیره نقش ناموفق بود", "deleteConfirm": "نقش «{name}» حذف شود؟ این کارمندان به دسترسی پیش‌فرض نقش اصلی خود بازمی‌گردند.", "groupAdmin": "مدیریت کافه", - "groupMenu": "منو و انبار", - "groupStaff": "پرسنل", - "groupCustomer": "مشتری و میز", + "groupBranches": "شعب", + "groupMenu": "منو", + "groupInventory": "انبار و موجودی", + "groupTaxes": "مالیات", + "groupStaff": "پرسنل و منابع انسانی", + "groupTables": "میز و رزرو", + "groupOrders": "سفارش و فروش", + "groupRegister": "صندوق و وجه نقد", + "groupQueueKitchen": "صف و آشپزخانه", + "groupDelivery": "تحویل و پیک", + "groupCustomers": "مشتریان", + "groupCoupons": "کوپن‌ها", + "groupMarketing": "بازاریابی و نظرات", "groupReports": "گزارش و مالی", - "groupOps": "عملیات صندوق", - "groupKitchen": "آشپزخانه و تحویل", + "groupExpenses": "هزینه‌ها", "perm": { - "ManageCafeSettings": "تنظیمات کافه", - "ManageBilling": "اشتراک و پرداخت", - "ManageBranches": "مدیریت شعب", - "ManageMenu": "مدیریت منو", - "ManageInventory": "انبار و موجودی", - "ManageTaxes": "مالیات", - "ManagePrintSettings": "تنظیمات چاپ", - "ManageStaff": "مدیریت کارمندان", - "ManageSalaries": "حقوق و دستمزد", - "ReviewLeave": "بررسی مرخصی", - "ManageReservations": "رزروها", - "ManageTables": "میزها", - "ManageCoupons": "کوپن‌ها", - "ViewReports": "گزارش‌ها", - "ManageExpenses": "هزینه‌ها", + "ViewCafeSettings": "مشاهده تنظیمات کافه", + "ManageCafeSettings": "ویرایش تنظیمات کافه", + "ManageDiscoverProfile": "پروفایل عمومی و کوجا", + "ViewBilling": "مشاهده صورتحساب", + "ManageBilling": "مدیریت اشتراک و پرداخت", + "ManageRoles": "مدیریت نقش‌ها", + "ViewPrintSettings": "مشاهده تنظیمات چاپ", + "ManagePrintSettings": "ویرایش تنظیمات چاپ", + "ViewBranches": "مشاهده شعب", + "CreateBranch": "ایجاد شعبه", + "EditBranch": "ویرایش شعبه", + "DeleteBranch": "حذف شعبه", + "ViewMenu": "مشاهده منو", + "CreateMenuItem": "افزودن آیتم منو", + "EditMenuItem": "ویرایش آیتم منو", + "DeleteMenuItem": "حذف آیتم منو", + "ViewInventory": "مشاهده انبار", + "CreateInventory": "افزودن به انبار", + "EditInventory": "ویرایش انبار و موجودی", + "DeleteInventory": "حذف از انبار", + "ViewTaxes": "مشاهده مالیات", + "CreateTax": "ایجاد مالیات", + "EditTax": "ویرایش مالیات", + "DeleteTax": "حذف مالیات", + "ViewStaff": "مشاهده کارمندان", + "CreateStaff": "افزودن کارمند", + "EditStaff": "ویرایش کارمند", + "DeleteStaff": "حذف کارمند", + "ManageStaff": "تخصیص نقش شعبه", + "ManageStaffCredentials": "مدیریت اطلاعات ورود", + "ViewAttendance": "مشاهده حضور و غیاب", + "ManageAttendance": "مدیریت حضور و غیاب", + "ViewSchedules": "مشاهده شیفت‌ها", + "ManageSchedules": "مدیریت شیفت‌ها", + "ViewLeave": "مشاهده درخواست مرخصی", + "ReviewLeave": "تأیید مرخصی", + "ViewSalaries": "مشاهده حقوق", + "ManageSalaries": "مدیریت حقوق و دستمزد", + "ViewTables": "مشاهده میزها", + "ManageTables": "مدیریت میز و بخش‌ها", + "ViewReservations": "مشاهده رزروها", + "CreateReservation": "ایجاد رزرو", + "EditReservation": "ویرایش رزرو", + "DeleteReservation": "حذف رزرو", + "ViewOrders": "مشاهده سفارش‌ها", "ProcessOrders": "ثبت سفارش", - "HandlePayments": "پردازش پرداخت", - "OperateRegister": "صندوق", - "ManageQueue": "صف انتظار", + "EditOrder": "ویرایش سفارش", + "VoidOrder": "ابطال / لغو سفارش", + "RefundOrder": "استرداد وجه سفارش", + "ApplyDiscount": "اعمال تخفیف", + "CompOrder": "سفارش رایگان (مهمان)", + "HandlePayments": "دریافت پرداخت", + "UpdateOrderStatus": "تغییر وضعیت سفارش", + "OperateRegister": "باز / بستن صندوق", + "OpenCashDrawer": "باز کردن کشوی پول (بدون فروش)", + "ViewQueue": "مشاهده صف", + "ManageQueue": "مدیریت صف", "ViewKitchen": "نمایش آشپزخانه", - "HandleDelivery": "تحویل و پیک" + "ManageKitchenStations": "مدیریت ایستگاه‌های آشپزخانه", + "ViewDelivery": "مشاهده تحویل", + "HandleDelivery": "مدیریت تحویل", + "AssignDelivery": "تخصیص پیک", + "ViewCustomers": "مشاهده مشتریان", + "CreateCustomer": "افزودن مشتری", + "EditCustomer": "ویرایش مشتری", + "DeleteCustomer": "حذف مشتری", + "ViewCoupons": "مشاهده کوپن‌ها", + "CreateCoupon": "ایجاد کوپن", + "EditCoupon": "ویرایش کوپن", + "DeleteCoupon": "حذف کوپن", + "ViewSms": "مشاهده پیامک", + "SendSms": "ارسال کمپین پیامکی", + "ManageSmsSettings": "تنظیمات پیامک", + "ViewReviews": "مشاهده نظرات", + "ManageReviews": "پاسخ و مدیریت نظرات", + "ViewReports": "مشاهده گزارش‌ها", + "ExportReports": "خروجی گرفتن از گزارش", + "ViewAuditLog": "مشاهده گزارش رویدادها", + "ViewFinancials": "مشاهده مالی (سود و زیان)", + "ManageFinancials": "اصلاح سند پرداخت", + "ViewExpenses": "مشاهده هزینه‌ها", + "CreateExpense": "افزودن هزینه", + "EditExpense": "ویرایش هزینه", + "DeleteExpense": "حذف هزینه" } }, "appearance": { diff --git a/web/dashboard/src/components/settings/custom-roles-panel.tsx b/web/dashboard/src/components/settings/custom-roles-panel.tsx index af443f2..9b860fd 100644 --- a/web/dashboard/src/components/settings/custom-roles-panel.tsx +++ b/web/dashboard/src/components/settings/custom-roles-panel.tsx @@ -34,31 +34,84 @@ interface PermGroup { const PERM_GROUPS: PermGroup[] = [ { labelKey: "customRoles.groupAdmin", - perms: ["ManageCafeSettings", "ManageBilling", "ManageBranches"], + perms: [ + "ViewCafeSettings", "ManageCafeSettings", "ManageDiscoverProfile", + "ViewBilling", "ManageBilling", "ManageRoles", + "ViewPrintSettings", "ManagePrintSettings", + ], + }, + { + labelKey: "customRoles.groupBranches", + perms: ["ViewBranches", "CreateBranch", "EditBranch", "DeleteBranch"], }, { labelKey: "customRoles.groupMenu", - perms: ["ManageMenu", "ManageInventory", "ManageTaxes", "ManagePrintSettings"], + perms: ["ViewMenu", "CreateMenuItem", "EditMenuItem", "DeleteMenuItem"], + }, + { + labelKey: "customRoles.groupInventory", + perms: ["ViewInventory", "CreateInventory", "EditInventory", "DeleteInventory"], + }, + { + labelKey: "customRoles.groupTaxes", + perms: ["ViewTaxes", "CreateTax", "EditTax", "DeleteTax"], }, { labelKey: "customRoles.groupStaff", - perms: ["ManageStaff", "ManageSalaries", "ReviewLeave"], + perms: [ + "ViewStaff", "CreateStaff", "EditStaff", "DeleteStaff", + "ManageStaff", "ManageStaffCredentials", + "ViewAttendance", "ManageAttendance", + "ViewSchedules", "ManageSchedules", + "ViewLeave", "ReviewLeave", + "ViewSalaries", "ManageSalaries", + ], }, { - labelKey: "customRoles.groupCustomer", - perms: ["ManageReservations", "ManageTables", "ManageCoupons"], + labelKey: "customRoles.groupTables", + perms: [ + "ViewTables", "ManageTables", + "ViewReservations", "CreateReservation", "EditReservation", "DeleteReservation", + ], + }, + { + labelKey: "customRoles.groupOrders", + perms: [ + "ViewOrders", "ProcessOrders", "EditOrder", "VoidOrder", "RefundOrder", + "ApplyDiscount", "CompOrder", "HandlePayments", "UpdateOrderStatus", + ], + }, + { + labelKey: "customRoles.groupRegister", + perms: ["OperateRegister", "OpenCashDrawer"], + }, + { + labelKey: "customRoles.groupQueueKitchen", + perms: ["ViewQueue", "ManageQueue", "ViewKitchen", "ManageKitchenStations"], + }, + { + labelKey: "customRoles.groupDelivery", + perms: ["ViewDelivery", "HandleDelivery", "AssignDelivery"], + }, + { + labelKey: "customRoles.groupCustomers", + perms: ["ViewCustomers", "CreateCustomer", "EditCustomer", "DeleteCustomer"], + }, + { + labelKey: "customRoles.groupCoupons", + perms: ["ViewCoupons", "CreateCoupon", "EditCoupon", "DeleteCoupon"], + }, + { + labelKey: "customRoles.groupMarketing", + perms: ["ViewSms", "SendSms", "ManageSmsSettings", "ViewReviews", "ManageReviews"], }, { labelKey: "customRoles.groupReports", - perms: ["ViewReports", "ManageExpenses"], + perms: ["ViewReports", "ExportReports", "ViewAuditLog", "ViewFinancials", "ManageFinancials"], }, { - labelKey: "customRoles.groupOps", - perms: ["ProcessOrders", "HandlePayments", "OperateRegister", "ManageQueue"], - }, - { - labelKey: "customRoles.groupKitchen", - perms: ["ViewKitchen", "HandleDelivery"], + labelKey: "customRoles.groupExpenses", + perms: ["ViewExpenses", "CreateExpense", "EditExpense", "DeleteExpense"], }, ]; diff --git a/web/dashboard/src/lib/auth-permissions.ts b/web/dashboard/src/lib/auth-permissions.ts index b0891a4..42b43b9 100644 --- a/web/dashboard/src/lib/auth-permissions.ts +++ b/web/dashboard/src/lib/auth-permissions.ts @@ -11,7 +11,10 @@ export function isBranchAccount(branchId: string | null | undefined): boolean { return !!branchId; } -export const OWNER_ONLY_NAV_KEYS = ["subscription", "taxes", "branches"] as const; +// Billing stays a hard owner gate (also covers legacy sessions with no +// permission list). Taxes & branches are now permission-driven via +// NAV_REQUIRED_PERMISSION (ViewTaxes / ViewBranches), which managers hold. +export const OWNER_ONLY_NAV_KEYS = ["subscription"] as const; export function canSeeNavItem( key: string, diff --git a/web/dashboard/src/lib/permissions.ts b/web/dashboard/src/lib/permissions.ts index 8af4ded..b477ef4 100644 --- a/web/dashboard/src/lib/permissions.ts +++ b/web/dashboard/src/lib/permissions.ts @@ -5,50 +5,136 @@ import type { NavItemKey } from "@/lib/sidebar-nav"; * Client mirror of the backend `Meezi.Core.Authorization.Permission` enum. The * server (EnsurePermission) remains the single source of truth — these values * only drive what the UI *shows* (pages, action buttons). Never rely on them - * for actual security. + * for actual security. Keep this list in sync with Permission.cs. */ export type Permission = + // Café administration + | "ViewCafeSettings" | "ManageCafeSettings" + | "ManageDiscoverProfile" + | "ViewBilling" | "ManageBilling" - | "ManageBranches" - | "ManageStaff" - | "ManageMenu" - | "ManageInventory" - | "ManageExpenses" - | "ManageTaxes" - | "ManageCoupons" - | "ManageReservations" - | "ManageTables" - | "ViewReports" - | "ReviewLeave" - | "ManageSalaries" + | "ViewBranches" + | "CreateBranch" + | "EditBranch" + | "DeleteBranch" + | "ManageRoles" + | "ViewPrintSettings" | "ManagePrintSettings" + // Taxes + | "ViewTaxes" + | "CreateTax" + | "EditTax" + | "DeleteTax" + // Staff & HR + | "ViewStaff" + | "CreateStaff" + | "EditStaff" + | "DeleteStaff" + | "ManageStaff" + | "ManageStaffCredentials" + | "ViewAttendance" + | "ManageAttendance" + | "ViewSchedules" + | "ManageSchedules" + | "ViewLeave" + | "ReviewLeave" + | "ViewSalaries" + | "ManageSalaries" + // Menu + | "ViewMenu" + | "CreateMenuItem" + | "EditMenuItem" + | "DeleteMenuItem" + // Inventory + | "ViewInventory" + | "CreateInventory" + | "EditInventory" + | "DeleteInventory" + // Tables + | "ViewTables" + | "ManageTables" + // Reservations + | "ViewReservations" + | "CreateReservation" + | "EditReservation" + | "DeleteReservation" + // Orders & POS + | "ViewOrders" | "ProcessOrders" + | "EditOrder" + | "VoidOrder" + | "RefundOrder" + | "ApplyDiscount" + | "CompOrder" | "HandlePayments" + | "UpdateOrderStatus" + // Register / cash | "OperateRegister" + | "OpenCashDrawer" + // Queue + | "ViewQueue" | "ManageQueue" + // Kitchen | "ViewKitchen" - | "HandleDelivery"; + | "ManageKitchenStations" + // Delivery + | "ViewDelivery" + | "HandleDelivery" + | "AssignDelivery" + // Customers / CRM + | "ViewCustomers" + | "CreateCustomer" + | "EditCustomer" + | "DeleteCustomer" + // Coupons + | "ViewCoupons" + | "CreateCoupon" + | "EditCoupon" + | "DeleteCoupon" + // SMS / marketing + | "ViewSms" + | "SendSms" + | "ManageSmsSettings" + // Reviews + | "ViewReviews" + | "ManageReviews" + // Reports & finance + | "ViewReports" + | "ExportReports" + | "ViewAuditLog" + | "ViewFinancials" + | "ManageFinancials" + // Expenses + | "ViewExpenses" + | "CreateExpense" + | "EditExpense" + | "DeleteExpense"; /** - * Permission a nav page requires to be visible. Pages not listed here fall back - * to the existing owner-only / branch-account visibility logic in - * {@link file://./auth-permissions.ts}. + * Permission a nav page requires to be visible. Each maps to the page's "View" + * capability. Pages not listed fall back to the owner-only / branch-account + * visibility logic in {@link file://./auth-permissions.ts}. */ export const NAV_REQUIRED_PERMISSION: Partial> = { pos: "ProcessOrders", - tables: "ManageTables", - queue: "ManageQueue", + tables: "ViewTables", + queue: "ViewQueue", kds: "ViewKitchen", - reservations: "ManageReservations", - menu: "ManageMenu", - inventory: "ManageInventory", - coupons: "ManageCoupons", + reservations: "ViewReservations", + menu: "ViewMenu", reports: "ViewReports", - expenses: "ManageExpenses", + crm: "ViewCustomers", + coupons: "ViewCoupons", + sms: "ViewSms", + reviews: "ViewReviews", + inventory: "ViewInventory", + expenses: "ViewExpenses", shifts: "OperateRegister", - taxes: "ManageTaxes", - hr: "ManageStaff", + taxes: "ViewTaxes", + hr: "ViewStaff", + branches: "ViewBranches", + subscription: "ViewBilling", }; /** Read the effective permission set off an auth response (null = legacy session). */