This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
developers:general:permissions [2014/10/16 13:20] Jaco van Wyk created |
developers:general:permissions [2014/10/18 07:04] Jaco van Wyk |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Permissions ====== | ====== Permissions ====== | ||
+ | ===== System design ===== | ||
+ | |||
+ | The SnapBill permission system runs according to a longest prefix match based system on top of the URL structure that we use in SnapBill. | ||
+ | |||
+ | By default all new users simply have the / permission enabled which gives them access to everything. If you choose to DENY /client (access to a single client) it will also block off the ability to add a client /client/add. A rule such as DENY /; ALLOW /client/add will block the user from doing anything except adding new clients. | ||
+ | |||
+ | Whether we allow or deny a given address to one of your users, depends on the action of the longest matching rule that you have defined. | ||
+ | |||
+ | Allowing /client/* will allow anything under /client excluding /client itself. See the examples section for use cases of this. | ||
+ | |||
+ | ===== Url prefix examples ===== | ||
+ | |||
+ | There are thousands of potential permissions throughout SnapBill so unfortunately we can't list them all here. If you're looking for a single one please feel free to contact support and we'll try help you out. | ||
+ | |||
+ | <code html>/billing: Access to the billing area</code> | ||
+ | <code html>/clients: View simple listings and search all clients on the account</code> | ||
+ | <code html>/client: View details about a specific client</code> | ||
+ | <code html>/client/*: All the "/client" links below, but not including "/client" itself</code> | ||
+ | <code html>/client/add: Add a new client to the account</code> | ||
+ | <code html>/client/change_state: Change the state of an existing client</code> | ||
+ | <code html>/client/payment_method: Change the payment method of an existing client</code> | ||
+ | <code html>/client/remove: Remove a client from the account</code> | ||
+ | <code html>/client/update: Update general details of a client</code> | ||
+ | <code html>/editor: Access to the invoice editor</code> | ||
+ | <code html>/email/add: Add (send) a new email to a client</code> | ||
+ | <code html>/email: View an email that has been sent previously</code> | ||
+ | <code html>/import/add: Upload a new import to SnapBill</code> | ||
+ | <code html>/imports: Access to the imports area</code> | ||
+ | <code html>/import: Access to a single import</code> | ||
+ | <code html>/report/clients: Access to a specific report (the 'Clients' report)</code> | ||
+ | <code html>/report: Access to the reporting section</code> | ||
+ | <code html>/setup: Access to the setup area</code> | ||
+ | <code html>/statistics/growth: Access to a specific statistics page</code> | ||
+ | <code html>/statistics: Access to the statistics area</code> | ||
+ | |||
+ | ===== Example permission setups ===== | ||
+ | |||
+ | Allow access to search and view clients, but not to do anything else with them | ||
+ | |||
+ | <code html>DENY / | ||
+ | ALLOW /clients | ||
+ | ALLOW /client | ||
+ | DENY /client/*</code> | ||
+ | |||
+ | Allow access to the system as usual, but don't allow anything in the setup or statistics area | ||
+ | |||
+ | <code html>ALLOW / | ||
+ | DENY /setup | ||
+ | DENY /statistics</code> | ||
+ | |||
+ | Allow only access to the 'Stacked Income' statistics report | ||
+ | |||
+ | <code html>DENY / | ||
+ | ALLOW /statistics | ||
+ | DENY /statistics/* | ||
+ | ALLOW /statistics/stacked_income</code> |