Spaces:
Sleeping
Sleeping
Add invite_users permission to PM/Dispatcher/Sales Manager roles for bulk invites
Browse files
docs/features/bulk-invitations.md
CHANGED
|
@@ -166,8 +166,10 @@ Template types:
|
|
| 166 |
|
| 167 |
## Authorization
|
| 168 |
|
|
|
|
|
|
|
| 169 |
**Platform Admin:**
|
| 170 |
-
- Can bulk invite to any context
|
| 171 |
|
| 172 |
**Client Admin:**
|
| 173 |
- Can bulk invite to their client organization only
|
|
@@ -177,9 +179,17 @@ Template types:
|
|
| 177 |
|
| 178 |
**Project Manager:**
|
| 179 |
- Can bulk invite to their own projects
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 180 |
|
| 181 |
-
**
|
| 182 |
- Can bulk invite to projects in their contractor
|
|
|
|
|
|
|
|
|
|
| 183 |
|
| 184 |
## Tracking
|
| 185 |
|
|
|
|
| 166 |
|
| 167 |
## Authorization
|
| 168 |
|
| 169 |
+
All roles with `invite_users` permission can use bulk invitations:
|
| 170 |
+
|
| 171 |
**Platform Admin:**
|
| 172 |
+
- Can bulk invite to any context (organization or project)
|
| 173 |
|
| 174 |
**Client Admin:**
|
| 175 |
- Can bulk invite to their client organization only
|
|
|
|
| 179 |
|
| 180 |
**Project Manager:**
|
| 181 |
- Can bulk invite to their own projects
|
| 182 |
+
- Must invite to their contractor's organization
|
| 183 |
+
|
| 184 |
+
**Dispatcher:**
|
| 185 |
+
- Can bulk invite to projects in their contractor
|
| 186 |
+
- Must invite to their contractor's organization
|
| 187 |
|
| 188 |
+
**Sales Manager:**
|
| 189 |
- Can bulk invite to projects in their contractor
|
| 190 |
+
- Must invite to their contractor's organization
|
| 191 |
+
|
| 192 |
+
**Note:** Service-level authorization validates that users can only invite within their scope (own organization/projects)
|
| 193 |
|
| 194 |
## Tracking
|
| 195 |
|
src/app/core/permissions.py
CHANGED
|
@@ -124,6 +124,7 @@ ROLE_PERMISSIONS: Dict[AppRole, List[str]] = {
|
|
| 124 |
AppRole.PROJECT_MANAGER: [
|
| 125 |
# User Management
|
| 126 |
"view_users",
|
|
|
|
| 127 |
"manage_org_users", # Can manage users in their organization
|
| 128 |
"reset_user_password", # Can reset passwords for users in their org
|
| 129 |
"view_team_performance",
|
|
@@ -155,6 +156,7 @@ ROLE_PERMISSIONS: Dict[AppRole, List[str]] = {
|
|
| 155 |
AppRole.DISPATCHER: [
|
| 156 |
# User Management
|
| 157 |
"view_users",
|
|
|
|
| 158 |
"manage_org_users", # Can manage users in their organization
|
| 159 |
"reset_user_password", # Can reset passwords for users in their org
|
| 160 |
"view_agent_locations",
|
|
@@ -209,6 +211,7 @@ ROLE_PERMISSIONS: Dict[AppRole, List[str]] = {
|
|
| 209 |
AppRole.SALES_MANAGER: [
|
| 210 |
# User Management
|
| 211 |
"view_users",
|
|
|
|
| 212 |
"manage_org_users", # Can manage users in their organization
|
| 213 |
"reset_user_password", # Can reset passwords for users in their org
|
| 214 |
"manage_sales_agents",
|
|
|
|
| 124 |
AppRole.PROJECT_MANAGER: [
|
| 125 |
# User Management
|
| 126 |
"view_users",
|
| 127 |
+
"invite_users", # Can invite users to their projects
|
| 128 |
"manage_org_users", # Can manage users in their organization
|
| 129 |
"reset_user_password", # Can reset passwords for users in their org
|
| 130 |
"view_team_performance",
|
|
|
|
| 156 |
AppRole.DISPATCHER: [
|
| 157 |
# User Management
|
| 158 |
"view_users",
|
| 159 |
+
"invite_users", # Can invite users to projects in their contractor
|
| 160 |
"manage_org_users", # Can manage users in their organization
|
| 161 |
"reset_user_password", # Can reset passwords for users in their org
|
| 162 |
"view_agent_locations",
|
|
|
|
| 211 |
AppRole.SALES_MANAGER: [
|
| 212 |
# User Management
|
| 213 |
"view_users",
|
| 214 |
+
"invite_users", # Can invite users to projects in their contractor
|
| 215 |
"manage_org_users", # Can manage users in their organization
|
| 216 |
"reset_user_password", # Can reset passwords for users in their org
|
| 217 |
"manage_sales_agents",
|