use FS::AccessRight;
+ my @rights = FS::AccessRight->rights;
+
+ #my %rights = FS::AccessRight->rights_categorized;
+ tie my %rights, 'Tie::IxHash', FS::AccessRight->rights_categorized;
+ foreach my $category ( keys %rights ) {
+ my @category_rights = @{ $rights{$category} };
+ }
+
=head1 DESCRIPTION
Access control rights - Permission to perform specific actions that can be
#
##turn it into a more hash-like structure, but ordered via IxHash
-#well, this is what we have for now. could be ordered better, could be lots of
-# things better, but this ACL system does 99% of what folks need and the UI
-# isn't *that* bad
-#
-# okay, well it *really* needs some catgorization in the UI. badly.
-@rights = (
-
-##
-# basic customer rights
-##
- 'New customer',
- 'View customer',
- #'View Customer | View tickets',
- 'Edit customer',
- 'Cancel customer',
- 'Complimentary customer', #aka users-allow_comp
- 'Delete customer', #aka. deletecustomers #Enable customer deletions. Be very careful! Deleting a customer will remove all traces that this customer ever existed! It should probably only be used when auditing a legacy database. Normally, you cancel all of a customers' packages if they cancel service.
- 'Add customer note', #NEW
- 'Edit customer note', #NEW
-
-###
-# customer package rights
-###
- 'View customer packages', #NEW
- 'Order customer package',
- 'One-time charge',
- 'Change customer package',
- 'Bulk change customer packages',
- 'Edit customer package dates',
- 'Customize customer package',
- 'Suspend customer package',
- 'Suspend customer package later',
- 'Unsuspend customer package',
- 'Cancel customer package immediately',
- 'Cancel customer package later',
- 'Add on-the-fly cancel reason', #NEW
- 'Add on-the-fly suspend reason', #NEW
-
-###
-# customer service rights
-###
- 'Edit usage', #NEW
- 'Edit home dir', #NEW
- 'Edit www config', #NEW
- 'View customer services', #NEW
- 'Provision customer service',
- 'Recharge customer service', #NEW
- 'Unprovision customer service',
-
- 'View/link unlinked services', #not agent-virtualizable without more work
-
-###
-# customer invoice/financial info rights
-###
- 'View invoices',
- 'View customer tax exemptions', #yow
- 'View customer batched payments', #NEW
-
-###
-# customer payment rights
-###
- 'Post payment',
- 'Post payment batch',
- 'Unapply payment', #aka. unapplypayments Enable "unapplication" of unclosed payments.
- 'Process payment',
- 'Refund payment',
-
- 'Delete payment', #aka. deletepayments - Enable deletion of unclosed payments. Be very careful! Only delete payments that were data-entry errors, not adjustments. Optionally specify one or more comma-separated email addresses to be notified when a payment is deleted.
-
- 'Delete refund', #NEW
-
-###
-# customer credit rights
-###
- 'Post credit',
- #'Apply credit',
- 'Unapply credit', #aka unapplycredits Enable "unapplication" of unclosed credits.
- 'Delete credit', #aka. deletecredits Enable deletion of unclosed credits. Be very careful! Only delete credits that were data-entry errors, not adjustments. Optionally specify one or more comma-separated email addresses to be notified when a credit is deleted.
-
-###
-# customer voiding rights..
-###
- 'Credit card void', #aka. cc-void #Enable local-only voiding of echeck payments in addition to refunds against the payment gateway
- 'Echeck void', #aka. echeck-void #Enable local-only voiding of echeck payments in addition to refunds against the payment gateway
- 'Regular void',
- 'Unvoid', #aka. unvoid #Enable unvoiding of voided payments
-
-###
-# report/listing rights...
-###
- 'List customers',
- 'List zip codes', #NEW
- 'List invoices',
- 'List packages',
- 'List services',
-
- 'List rating data', # 'Usage reports',
- 'Billing event reports',
- 'Financial reports',
-
-###
-# misc rights
-###
- 'Job queue', # these are not currently agent-virtualized
- 'Process batches', # NEW
- 'Reprocess batches', # NEW
- 'Import', #
- 'Export', #
-
-###
-# misc misc rights
-###
- 'Raw SQL', #NEW
-
-###
-# setup/config rights
-###
- 'Edit advertising sources',
- 'Edit global advertising sources',
-
- 'Configuration', #most of the rest of the configuraiton is not
- # agent-virtualized
-);
-
-sub rights {
- @rights;
+#well, this is what we have for now. getting better.
+tie my %rights, 'Tie::IxHash',
+
+ ###
+ # basic customer rights
+ ###
+ 'Customer rights' => [
+ 'New customer',
+ 'View customer',
+ #'View Customer | View tickets',
+ 'Edit customer',
+ 'Cancel customer',
+ 'Complimentary customer', #aka users-allow_comp
+ { rightname=>'Delete customer', desc=>"Enable customer deletions. Be very careful! Deleting a customer will remove all traces that this customer ever existed! It should probably only be used when auditing a legacy database. Normally, you cancel all of a customer's packages if they cancel service." }, #aka. deletecustomers
+ 'Add customer note', #NEW
+ 'Edit customer note', #NEW
+ ],
+
+ ###
+ # customer package rights
+ ###
+ 'Customer package rights' => [
+ 'View customer packages', #NEW
+ 'Order customer package',
+ 'One-time charge',
+ 'Change customer package',
+ 'Bulk change customer packages',
+ 'Edit customer package dates',
+ 'Customize customer package',
+ 'Suspend customer package',
+ 'Suspend customer package later',
+ 'Unsuspend customer package',
+ 'Cancel customer package immediately',
+ 'Cancel customer package later',
+ 'Add on-the-fly cancel reason', #NEW
+ 'Add on-the-fly suspend reason', #NEW
+ ],
+
+ ###
+ # customer service rights
+ ###
+ 'Customer service rights' => [
+ 'Edit usage', #NEW
+ 'Edit home dir', #NEW
+ 'Edit www config', #NEW
+ 'View customer services', #NEW
+ 'Provision customer service',
+ 'Recharge customer service', #NEW
+ 'Unprovision customer service',
+
+ { rightname=>'View/link unlinked services', global=>1 }, #not agent-virtualizable without more work
+ ],
+
+ ###
+ # customer invoice/financial info rights
+ ###
+ 'Customer invoice / financial info rights' => [
+ 'View invoices',
+ 'View customer tax exemptions', #yow
+ 'View customer batched payments', #NEW
+ 'View customer billing events', #NEW
+ ],
+
+ ###
+ # customer payment rights
+ ###
+ 'Customer payment rights' => [
+ 'Post payment',
+ 'Post payment batch',
+ { rightname=>'Unapply payment', desc=>'Enable "unapplication" of unclosed payments from specific invoices.' }, #aka. unapplypayments
+ 'Process payment',
+ 'Refund payment',
+
+ { rightname=>'Delete payment', desc=>'Enable deletion of unclosed payments. Be very careful! Only delete payments that were data-entry errors, not adjustments.' }, #aka. deletepayments Optionally specify one or more comma-separated email addresses to be notified when a payment is deleted.
+
+ ],
+
+ ###
+ # customer credit rights
+ ###
+ 'Customer credit and refund rights' => [
+ 'Post credit',
+ #'Apply credit',
+ { rightname=>'Unapply credit', desc=>'Enable "unapplication" of unclosed credits.' }, #aka unapplycredits
+ { rightname=>'Delete credit', desc=>'Enable deletion of unclosed credits. Be very careful! Only delete credits that were data-entry errors, not adjustments.' }, #aka. deletecredits Optionally specify one or more comma-separated email addresses to be notified when a credit is deleted.
+ 'Delete refund', #NEW
+ ],
+
+ ###
+ # customer voiding rights..
+ ###
+ 'Customer void rights' => [
+ { rightname=>'Credit card void', desc=>'Enable local-only voiding of echeck payments in addition to refunds against the payment gateway.' }, #aka. cc-void
+ { rightname=>'Echeck void', desc=>'Enable local-only voiding of echeck payments in addition to refunds against the payment gateway.' }, #aka. echeck-void
+ 'Regular void',
+ { rightname=>'Unvoid', desc=>'Enable unvoiding of voided payments' }, #aka. unvoid
+
+
+ ],
+
+ ###
+ # report/listing rights...
+ ###
+ 'Reprting/listing rights' => [
+ 'List customers',
+ 'List zip codes', #NEW
+ 'List invoices',
+ 'List packages',
+ 'List services',
+
+ { rightname=> 'List rating data', desc=>'Usage reports', global=>1 },
+ 'Billing event reports',
+ 'Financial reports',
+ ],
+
+ ###
+ # misc rights
+ ###
+ 'Miscellaneous rights' => [
+ { rightname=>'Job queue', global=>1 },
+ { rightname=>'Process batches', global=>1 },
+ { rightname=>'Reprocess batches', global=>1 },
+ { rightname=>'Import', global=>1 }, #some of these are ag-virt'ed now? give em their own ACLs
+ { rightname=>'Export', global=>1 },
+ #],
+ #
+ ###
+ # misc misc rights
+ ###
+ #'Database access rights' => [
+ { rightname=>'Raw SQL', global=>1 }, #NEW
+ ],
+
+ ###
+ # setup/config rights
+ ###
+ 'Configuration rights' => [
+ 'Edit advertising sources',
+ { rightname=>'Edit global advertising sources', global=>1 },
+
+ 'Edit billing events',
+ { rightname=>'Edit global billing events', global=>1 },
+
+ { rightname=>'Configuration', global=>1 }, #most of the rest of the configuraiton is not agent-virtualized
+ ],
+
+;
+
+=head1 CLASS METHODS
+
+=over 4
+
+=item rights
+
+Returns a list of right names.
+
+=cut
+
+ sub rights {
+ #my $class = shift;
+ map { ref($_) ? $_->{'rightname'} : $_ } map @{ $rights{$_} }, keys %rights;
+ }
+
+=item rights_info
+
+Returns a list of key-value pairs suitable for assigning to a hash. Keys are
+category names and values are list references of rights. Each element of the
+list reference scalar right name or a hashref with the following keys:
+
+=over 4
+
+=item rightname - Right name
+
+=item desc - Extended right description
+
+=item global - Global flag, indicates that this access right provides access to global data which is shared among all agents.
+
+=back
+
+=cut
+
+sub rights_info {
+ %rights;
}
+=back
+
+=head1 BUGS
+
+Damn those infernal six-legged creatures!
+
+=head1 SEE ALSO
+
+L<FS::access_right>, L<FS::access_group>, L<FS::access_user>
+
+=cut
+
+1;
+
projects / freeside.git / blobdiff