spouliot/PowderCoatingLogix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update help docs and AI knowledge base for Accountant role and new permissions

Browse Source 
- Settings.cshtml: add Accountant to roles table with description; add
  Fine-Grained Permissions subsection with a full table of all 16 permissions
  including the new Can Manage Bills & AP and Can Manage Accounting entries
- HelpKnowledgeBase.cs: add Accountant to ROLE AWARENESS section at top;
  add Accountant to USER MANAGEMENT roles list with auto-checked permissions
  note; add Fine-grained permissions paragraph documenting CanManageBills,
  CanManageAccounting, and Accountant role defaults

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Scott Pouliot
2026-05-10 19:44:09 -04:00
parent feff0fa73d
commit dde66c807f
2 changed files with 52 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/PowderCoating.Web/Helpers/HelpKnowledgeBase.cs
+11 -3
View File
@@ -82,7 +82,8 @@ public static class HelpKnowledgeBase
ROLE AWARENESS:
- SuperAdmin: Full access to everything including Platform Management tools
- CompanyAdmin: Full access to all company features including Settings, Users, Billing
- Manager: Access to jobs, quotes, invoices, customers, inventory, reports no platform tools
- Manager: Access to jobs, quotes, invoices, customers, inventory, vendors, reports no platform tools
- Accountant: Financial focus bills & AP, invoices, bank reconciliations, chart of accounts, vendors, purchase orders, reports; no jobs, settings, or user management
- Worker: Can create/edit jobs and quotes; no settings, billing, or user management
- Viewer: Read-only access to most data; no create/edit capabilities
@@ -895,8 +896,9 @@ public static class HelpKnowledgeBase
**Where:** [Company Users](/CompanyUsers) via Settings menu Users
**Roles:**
- *CompanyAdmin* full company access including settings, users, billing
- *Manager* jobs, quotes, invoices, customers, inventory, reports no settings or user management
- *CompanyAdmin* full company access including settings, users, billing. All permissions granted automatically.
- *Manager* jobs, quotes, invoices, customers, inventory, vendors, reports no settings or user management
- *Accountant* financial focus: bills & AP, invoices, bank reconciliations, chart of accounts, vendors, purchase orders, and reports. No job management, settings, or user management. When selected, the system auto-checks the five relevant permissions (Invoices, Reports, Vendors, Bills & AP, Accounting).
- *Worker* create/edit jobs and quotes; no settings, billing, or user management
- *Viewer* read-only access
@@ -906,6 +908,12 @@ public static class HelpKnowledgeBase
3. System sends an invitation email
4. Save
**Fine-grained permissions:** Below the role dropdown on the Create/Edit user form, individual permission checkboxes let you grant specific capabilities beyond what the role provides. Notable permissions:
- *Can Manage Bills & AP* access to vendor bills, expenses, bill payments, and recurring bill detection. The Bills controller requires this permission for all write actions.
- *Can Manage Accounting* access to chart of accounts, bank reconciliations, and journal entries.
- *Can View Reports* access to all financial reports and AI analytics features (cash flow, anomaly detection, financial queries, late payment prediction).
CompanyAdmin users always have all permissions (checkboxes are locked). Accountant role auto-checks: Can Manage Invoices, Can View Reports, Can Manage Vendors, Can Manage Bills & AP, and Can Manage Accounting.
**Resetting a password (sending a reset link):** On the Company Users list or the user's Details page, click the envelope-arrow button (<i class="bi bi-envelope-arrow-up"></i>) next to the user. This sends the user an email with a secure password reset link they click it and choose a new password themselves. This is the recommended way to help a user who is locked out or who fat-fingered their email at signup.
**Deactivating a user:** Use the toggle on the user list or the edit form.
src/PowderCoating.Web/Views/Help/Settings.cshtml
+41 -2
View File
@@ -548,13 +548,52 @@
<tr><th style="width:25%">Role</th><th>Access level</th></tr>
</thead>
<tbody>
<tr><td><span class="badge bg-danger">CompanyAdmin</span></td><td>Full company access including settings, users, and billing.</td></tr>
<tr><td><span class="badge bg-warning text-dark">Manager</span></td><td>Jobs, quotes, invoices, customers, inventory, reports — no settings or user management.</td></tr>
<tr><td><span class="badge bg-danger">Company Admin</span></td><td>Full company access including settings, users, and billing. All permissions granted automatically.</td></tr>
<tr><td><span class="badge bg-warning text-dark">Manager</span></td><td>Jobs, quotes, invoices, customers, inventory, vendors, reports — no settings or user management.</td></tr>
<tr><td><span class="badge bg-success">Accountant</span></td><td>Financial focus: bills &amp; AP, invoices, bank reconciliations, chart of accounts, vendors, purchase orders, and reports. No job management or settings access.</td></tr>
<tr><td><span class="badge bg-primary">Worker</span></td><td>Create and edit jobs and quotes; no settings, billing, or user management.</td></tr>
<tr><td><span class="badge bg-secondary">Viewer</span></td><td>Read-only access to most data.</td></tr>
</tbody>
</table>
</div>
<p class="small text-muted mb-3">
When you select <strong>Accountant</strong> in the role dropdown, the permissions form automatically
pre-checks the five relevant permissions (Invoices, Reports, Vendors, Bills &amp; AP, Accounting).
You can adjust the individual checkboxes for users whose needs differ from the default.
</p>
<h3 class="h6 fw-semibold mt-3 mb-2">Fine-Grained Permissions</h3>
<p>
Below the role dropdown, each user has individual permission checkboxes. These let you grant
specific capabilities independently of the role — for example, giving a Worker access to view
reports without making them a Manager. Company Admins always have all permissions and the
checkboxes are locked.
</p>
<div class="table-responsive mb-3">
<table class="table table-sm table-bordered mb-0">
<thead class="table-light">
<tr><th style="width:35%">Permission</th><th>What it unlocks</th></tr>
</thead>
<tbody>
<tr><td>Can Manage Jobs</td><td>Create, edit, and update job status.</td></tr>
<tr><td>Can Manage Inventory</td><td>Add, edit, and adjust inventory items and stock levels.</td></tr>
<tr><td>Can Manage Customers</td><td>Create and edit customer records.</td></tr>
<tr><td>Can Create Quotes</td><td>Build and send quotes to customers.</td></tr>
<tr><td>Can Approve Quotes</td><td>Internally approve quotes on behalf of the customer.</td></tr>
<tr><td>Can Manage Calendar</td><td>Create and edit appointments.</td></tr>
<tr><td>Can View Calendar</td><td>View the appointments calendar (read-only).</td></tr>
<tr><td>Can Manage Products</td><td>Create and edit catalog items.</td></tr>
<tr><td>Can View Products</td><td>Browse the catalog item list (read-only).</td></tr>
<tr><td>Can Manage Equipment</td><td>Add equipment records and log maintenance.</td></tr>
<tr><td>Can Manage Vendors</td><td>Create and edit vendor records.</td></tr>
<tr><td>Can Manage Maintenance</td><td>Schedule and complete maintenance tasks.</td></tr>
<tr><td>Can Manage Invoices</td><td>Create invoices and record payments.</td></tr>
<tr><td>Can View Reports</td><td>Access all reports and AI analytics features.</td></tr>
<tr><td><strong>Can Manage Bills &amp; AP</strong></td><td>Create and pay vendor bills, record expenses, and use recurring bill detection. Grants access to the full Accounts Payable section.</td></tr>
<tr><td><strong>Can Manage Accounting</strong></td><td>Access the chart of accounts, bank reconciliations, and manual journal entries.</td></tr>
</tbody>
</table>
</div>
<h3 class="h6 fw-semibold mt-3 mb-2">Resetting a Password</h3>
<p>