diff --git a/docs/admin/admin.md b/docs/admin/admin.md index e63f11e..c4b823e 100644 --- a/docs/admin/admin.md +++ b/docs/admin/admin.md @@ -13,7 +13,13 @@ The admin interface allows *staff* users the ability to directly view / add / ed ### Access Admin Interface -To access the admin interface, select the "Admin" option from the drop-down user menu in the top-right corner of the screen. You will be presented with an adminstation panel as shown below: +To access the admin interface, select the "Admin" option from the drop-down user menu in the top-right corner of the screen. + + +!!! info "Staff Only" + Only users with staff acccess will be able to see the "Admin" option + +An adminstation panel will be presented as shown below: {% with id="admin", url="admin/admin.png", description="InvenTree Admin Panel" %} {% include 'img.html' %} @@ -27,6 +33,9 @@ Database objects can be listed and filtered directly. The image below shows an e {% include 'img.html' %} {% endwith %} +!!! info "Permissions" + A "staff" account does not necessarily provide access to all administration options, depending on the roles assigned to the user. + #### Filtering Some admin views support filtering of results against specified criteria. For example, the list of Part objects can be filtered as follows: diff --git a/docs/admin/export.md b/docs/admin/export.md index 1285c52..e9200c6 100644 --- a/docs/admin/export.md +++ b/docs/admin/export.md @@ -4,7 +4,7 @@ title: Exporting Data ## Exporting Data -The [Admin Interface](../admin) provides powerful data exporting capability. When displaying a list of items which support exporting (e.g. Part objects), select the "Export" button from the top-right corner: +The Admin Interface provides powerful data exporting capability. When displaying a list of items which support exporting (e.g. Part objects), select the "Export" button from the top-right corner: {% with id="export", url="admin/export.png", description="Data export" %} {% include 'img.html' %} diff --git a/docs/admin/permissions.md b/docs/admin/permissions.md index 32f872c..c9c5afc 100644 --- a/docs/admin/permissions.md +++ b/docs/admin/permissions.md @@ -4,55 +4,46 @@ title: User Permissions ## Permissions -!!! warning "TODO" - This section requires further work - in particular screenshots! +InvenTree provides access control to various features and data, by assigning each *user* to one (or more) *groups* which have multiple *roles* assigned. -InvenTree provides a permission system which allows authority control on a user or group basis. +!!! info "Superuser" + The superuser account is afforded *all* permissions across an InvenTree intallation. This includes the admin interface, web interface, and API. -!!! info "Django Permissions" - InvenTree implements the django permissions system. For background reading, refer to the [django permissions documentation](https://docs.djangoproject.com/en/3.1/topics/auth/default/#permissions-and-authorization). +### User -Permissions can be assigned for each model in the InvenTree database. The following permission classes are available for each model (or "table") in the database: +A *user* is a single unique account with login credentials. By default, a user is not afforded *any* permissions, and the user must be assigned to the relevent group for the permissions to be assigned. -### View +### Group -Users with the *View* permission for a particular model will be able to view data associated with the model. +A *group* is a named set of zero or more users. Each group is assigned permissions against each possible role. -*For example, a user who has the View permission set for the PurchaseOrder model will be able to view purchase orders.* +### Role -### Add +A *role* is a set of distinct permissions linked to a given subset of InvenTree functionality (more on this below). -Users with the *Add* permission for a particular model will be able to add (create) new instances of that model. +## Roles -*For example, a user who has the Add permission set for the StockItem model will be able to add / create new stock item objects.* +InvenTree functionality is split into a number of distinct roles. A group will have a set of permissions assigned to each of the following roles: -### Edit +- **Admin** - The *admin* role is related to assigning user permissions. +- **Part** - The *part* role is related to accessing Part data +- **Stock** - The *stock* role is related to accessing Stock data +- **Build** - The *build* role is related to accessing Build Order and Bill of Materials data +- **Purchase** - The *purchase* role is related to accessing Purchase Order data +- **Sales** - The *sales* role is related to accessing Sales Order data -Users with the *Edit* permissions for a particular model will be able to edit (adjust) instances of that model. +{% with id="roles", url="admin/roles.png", description="Roles" %} +{% include 'img.html' %} +{% endwith %} -*For example, a user who has the Edit permission set for the Build model will be able to edit Build items.* +### Role Permissions -### Delete +Within each role, there are four levels of available permissions: -Users with the *Delete* permission for a particular model will be able to delete instances of that model. - -## Superuser Account - -The *superuser* account (normally the first user created when configuring the database) automatically has every assigned permission. - -## Assigning Permissions - -The *superuser* account can assign model permissions to any users or groups. - -Additionally, any users who have permissions to edit the *Users* table can also adjust these permissions. - -### User Permissions - -User permissions allow model permissions to be assigned on a single user basis. This is useful if you wish to finely control which InvenTree features a certain user can access. - -### Group Permissions - -Group permissions allow model permissions to be assigned to a *group* of users which greatly simplifies the task of assigning similar permissions to multiple users. +- **View** - The *view* permission allows viewing of content related to the particular role +- **Change** - The *change* permission allows the user to edit / alter / change data associated with the particular role +- **Add** - The *add* permission allows the user to add / create database records associated with the particular role +- **Delete** - The *delete* permission allows the user to delete / remove database records associated with the particular role ## Admin Interface Permissions diff --git a/docs/assets/images/admin/roles.png b/docs/assets/images/admin/roles.png new file mode 100644 index 0000000..22ec6fe Binary files /dev/null and b/docs/assets/images/admin/roles.png differ diff --git a/docs/assets/images/admin/users_groups.png b/docs/assets/images/admin/users_groups.png new file mode 100644 index 0000000..b9ccaa8 Binary files /dev/null and b/docs/assets/images/admin/users_groups.png differ