|
1 | 1 | # User Manual |
2 | 2 |
|
| 3 | +## Management Center |
| 4 | + |
| 5 | +### Role Management |
| 6 | + |
| 7 | +The application comes with two predefined roles: "Admin" and "Member," each with distinct default permission settings tailored to their functionalities. |
| 8 | + |
| 9 | + |
| 10 | + |
| 11 | +### Adding, Deleting, and Modifying Roles |
| 12 | + |
| 13 | +The role identifier, a unique system identifier, allows customization of default roles, but the system's predefined roles cannot be deleted. |
| 14 | + |
| 15 | + |
| 16 | + |
| 17 | +### Setting the Default Role |
| 18 | + |
| 19 | +The default role is the one automatically assigned to new users if no specific role is provided during their creation. |
| 20 | + |
| 21 | + |
| 22 | + |
| 23 | +### Configuring Permissions |
| 24 | + |
| 25 | +#### General Permission Settings |
| 26 | + |
| 27 | + |
| 28 | + |
| 29 | +##### Configuration Permissions |
| 30 | + |
| 31 | +1. **Allows to configure interface**: This permission governs whether a user can configure the interface. Activating it adds a UI configuration button. The "admin" role has this permission enabled by default. |
| 32 | +2. **Allows to install, activate, disable plugins**: This permission dictates whether a user can enable or disable plugins. When active, the user gains access to the plugin manager interface. The "admin" role has this permission enabled by default. |
| 33 | +3. **Allows to configure plugins**: This permission lets the user configure plugin parameters or manage plugin backend data. The "admin" role has this permission enabled by default. |
| 34 | +4. **Allows to clear cache, reboot application**: This permission is tied to system maintenance tasks like clearing the cache and restarting the application. Once activated, related operation buttons appear in the personal center. This permission is disabled by default. |
| 35 | +5. **New menu items are allowed to be accessed by default**: Newly created menus are accessible by default, and this setting is enabled by default. |
| 36 | + |
| 37 | +##### Global Action Permissions |
| 38 | + |
| 39 | +Action permissions apply universally to all data tables and are categorized by operation type. These permissions can be configured based on data scope: all data or the user's own data. The former allows operations on the entire data table, while the latter restricts operations to data relevant to the user. |
| 40 | + |
| 41 | +#### Data Table Operation Permissions |
| 42 | + |
| 43 | + |
| 44 | + |
| 45 | + |
| 46 | + |
| 47 | +Collection operation permissions allow fine-tuning of Action permissions by configuring access to resources within each data table. These permissions include: |
| 48 | + |
| 49 | +1. **Action permissions**: These include adding, viewing, editing, deleting, exporting, and importing actions. Permissions are set based on data scope: |
| 50 | + - **All records**: Grants the user the ability to perform actions on all records within the data table. |
| 51 | + - **Own records**: Restricts the user to perform actions only on records they have created. |
| 52 | + |
| 53 | +2. **Field Permissions**: Field permissions enable you to set specific permissions for each field during different operations. For instance, certain fields can be configured to be view-only, without editing privileges. |
| 54 | + |
| 55 | +#### Menu Permissions |
| 56 | + |
| 57 | +Menu permissions control access based on menu items. |
| 58 | + |
| 59 | + |
| 60 | + |
| 61 | +#### Plugin Configuration Permissions |
| 62 | + |
| 63 | +Plugin configuration permissions control the ability to configure specific plugin parameters. When enabled, the corresponding plugin management interface appears in the management center. |
| 64 | + |
| 65 | + |
| 66 | + |
| 67 | +## Personal Center |
| 68 | + |
| 69 | +### Role Switching |
| 70 | + |
| 71 | +Users can be assigned multiple roles and switch between them in the personal center. The default role when logging in is determined by the most recently switched role (this value updates with each switch) or, if not applicable, the first role (system default role). |
| 72 | + |
| 73 | + |
| 74 | + |
| 75 | +## Application in UI |
| 76 | + |
| 77 | +### Data Block Permissions |
| 78 | + |
| 79 | +Visibility of data blocks in a data table is controlled by view operation permissions, with individual configurations taking precedence over global settings. |
| 80 | + |
| 81 | +For example, under global permissions, the "admin" role has full access, but the order table may have individual permissions configured, making it invisible. |
| 82 | + |
| 83 | +Global permission configuration: |
| 84 | + |
| 85 | + |
| 86 | + |
| 87 | +Order table individual permission configuration: |
| 88 | + |
| 89 | + |
| 90 | + |
| 91 | +In the UI, all blocks in the order table are not displayed. |
| 92 | + |
| 93 | +Complete configuration process: |
| 94 | + |
| 95 | + |
| 96 | + |
| 97 | +### Field Permissions |
| 98 | + |
| 99 | +**View**: Determines whether specific fields are visible at the field level, allowing control over which fields are visible to certain roles within the order table. |
| 100 | + |
| 101 | + |
| 102 | + |
| 103 | +In the UI, only fields with configured permissions are visible within the order table block. System fields (Id, CreatedAt, LastUpdatedAt) retain view permissions even without specific configuration. |
| 104 | + |
| 105 | + |
| 106 | + |
| 107 | +- **Edit**: Controls whether fields can be edited and saved (updated). |
| 108 | + |
| 109 | + Configure edit permissions for order table fields (quantity and associated items have edit permissions): |
| 110 | + |
| 111 | +  |
| 112 | + |
| 113 | + In the UI, only fields with edit permissions are shown in the edit operation form block within the order table. |
| 114 | + |
| 115 | +  |
| 116 | + |
| 117 | + Complete configuration process: |
| 118 | + |
| 119 | +  |
| 120 | + |
| 121 | +- **Add**: Determines whether fields can be added (created). |
| 122 | + |
| 123 | + Configure add permissions for order table fields (order number, quantity, items, and shipment have add permissions): |
| 124 | + |
| 125 | +  |
| 126 | + |
| 127 | + In the UI, only fields with add permissions are displayed within the add operation form block of the order table. |
| 128 | + |
| 129 | +  |
| 130 | + |
| 131 | +- **Export**: Controls whether fields can be exported. |
| 132 | +- **Import**: Controls whether fields can be imported. |
| 133 | + |
| 134 | +### Operation Permissions |
| 135 | + |
| 136 | +Individually configured permissions take the highest priority. If specific permissions are configured, they override global settings; otherwise, the global settings are applied. |
| 137 | + |
| 138 | +- **Add**: Controls whether the add operation button is visible within a block. |
| 139 | + |
| 140 | + Configure individual operation permissions for the order table to allow adding: |
| 141 | + |
| 142 | +  |
| 143 | + |
| 144 | + When the add operation is permitted, the add button appears within the operation area of the order table block in the UI. |
| 145 | + |
| 146 | +  |
| 147 | + |
| 148 | +- **View**: Determines whether the data block is visible. |
| 149 | + |
| 150 | + Global permission configuration (no view permission): |
| 151 | + |
| 152 | +  |
| 153 | + |
| 154 | + Order table individual permission configuration: |
| 155 | + |
| 156 | +  |
| 157 | + |
| 158 | + In the UI, data blocks for other data tables remain hidden, but the order table block is shown. |
| 159 | + |
| 160 | + Complete example configuration process: |
| 161 | + |
| 162 | +  |
| 163 | + |
| 164 | +- **Edit**: Controls whether the edit operation button is displayed within a block. |
| 165 | + |
| 166 | +  |
| 167 | + |
| 168 | + Operation permissions can be further refined by setting the data scope. |
| 169 | + |
| 170 | + For example, setting the order data table so users can only edit their own data: |
| 171 | + |
| 172 | +  |
| 173 | + |
| 174 | +- **Delete**: Controls whether the delete operation button is visible within a block. |
| 175 | + |
| 176 | +  |
| 177 | + |
| 178 | +- **Export**: Controls whether the export operation button is visible within a block. |
| 179 | + |
| 180 | +- **Import**: Controls whether the import operation button is visible within a block. |
| 181 | + |
| 182 | +### Relationship Permissions |
| 183 | + |
| 184 | +#### When Used as a Field |
| 185 | + |
| 186 | +- The visibility of a relationship field is determined by the permissions set on the source table's fields. These permissions control whether the entire relationship field component appears in the user interface. |
| 187 | + |
| 188 | +For example, in the Order table, the "Customer" relationship field is restricted to view and import/export permissions: |
| 189 | + |
| 190 | + |
| 191 | + |
| 192 | +In the UI, this configuration ensures that the "Customer" relationship field does not appear in the add and edit operation sections of the Order table. |
| 193 | + |
| 194 | +Complete example configuration process: |
| 195 | + |
| 196 | + |
| 197 | + |
| 198 | +- The permissions for fields within the relationship field component (such as those found in sub-tables or sub-forms) are determined by the permissions of the target data table. |
| 199 | + |
| 200 | +When the relationship field component is a sub-form: |
| 201 | + |
| 202 | +As shown, the "Customer" relationship field in the Order table is granted full permissions, while the Customer table itself is configured to be read-only. |
| 203 | + |
| 204 | +Order table individual permission configuration, "Customer" relationship field has all field permissions: |
| 205 | + |
| 206 | + |
| 207 | + |
| 208 | +Customer table individual permission configuration, fields in the Customer table have view-only permissions: |
| 209 | + |
| 210 | + |
| 211 | + |
| 212 | +In the UI, this configuration results in the "Customer" relationship field being visible in the Order table section. However, when the interface is switched to a sub-form (where fields within the sub-form are visible in the details but hidden during new or edit operations), the behavior changes accordingly. |
| 213 | + |
| 214 | +Complete example configuration process: |
| 215 | + |
| 216 | + |
| 217 | + |
| 218 | +Further refinement of sub-form field permissions allows individual fields to be specifically controlled. |
| 219 | + |
| 220 | +For instance, the Customer table can be configured so that the "Customer Name" field is neither visible nor editable: |
| 221 | + |
| 222 | + |
| 223 | + |
| 224 | +Complete example configuration process: |
| 225 | + |
| 226 | + |
| 227 | + |
| 228 | +When the relationship field component is a sub-table, the situation is consistent with sub-forms: |
| 229 | + |
| 230 | +As illustrated, the "Shipment" relationship field in the Order table has full permissions, while the Shipment table is set to read-only. |
| 231 | + |
| 232 | +In the UI, this setup allows the relationship field to be visible. However, when the interface is switched to a sub-table (where fields within the sub-table are visible during viewing operations but hidden during new or edit operations), the behavior adjusts accordingly. |
| 233 | + |
| 234 | + |
| 235 | + |
| 236 | +Fine-tuning sub-table field permissions also enables specific control over individual fields: |
| 237 | + |
| 238 | + |
| 239 | + |
| 240 | +#### When Used as a Block |
| 241 | + |
| 242 | +- The visibility of a relationship block is governed by the permissions set on the target table associated with the relationship field, independent of the permissions on the relationship field itself. |
| 243 | + |
| 244 | +For example, the visibility of the "Customer" relationship block is controlled by the permissions configured for the Customer table: |
| 245 | + |
| 246 | + |
| 247 | + |
| 248 | +- The fields within a relationship block are controlled by the permissions set on the target table's fields. |
| 249 | + |
| 250 | +As depicted below, the Customer table can be configured to allow viewing of specific fields only: |
| 251 | + |
| 252 | + |
| 253 | + |
3 | 254 | ## Role Union |
4 | 255 |
|
5 | | -Role Union is a permission management mode. According to system settings, system developers can choose to use `Independent roles`, `Allow roles union`, or `Allow roles union`, to meet different permission requirements. |
| 256 | +Role Union is a permission management mode. According to system settings, system developers can choose to use `Independent roles`, `Allow roles union`, or `Roles union only`, to meet different permission requirements. |
6 | 257 |
|
7 | 258 |  |
8 | 259 |
|
|
0 commit comments