Start permissions overhaul: Define user role permissions in the database

database_updates.php

@@ -2131,10 +2131,27 @@
          mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.4.5'");
      }
 
-    // if (CURRENT_DATABASE_VERSION == '1.4.5') {
-    //     // Insert queries here required to update to DB version 1.4.6
+     if (CURRENT_DATABASE_VERSION == '1.4.5') {
+
+         // Add new columns for user role access mappings
+         mysqli_query($mysqli, "ALTER TABLE `user_roles` ADD `user_role_admin_settings_access` INT(11) NOT NULL DEFAULT '0' AFTER `user_role_description`, ADD `user_role_clientmgmt_access` INT NOT NULL DEFAULT '0' AFTER `user_role_admin_settings_access`, ADD `user_role_ticketing_access` INT NOT NULL DEFAULT '0' AFTER `user_role_clientmgmt_access`, ADD `user_role_credential_access` INT NOT NULL DEFAULT '0' AFTER `user_role_ticketing_access`, ADD `user_role_sales_access` INT NOT NULL DEFAULT '0' AFTER `user_role_credential_access`, ADD `user_role_finance_access` INT NOT NULL DEFAULT '0' AFTER `user_role_sales_access`, ADD `user_role_reporting_access` INT NOT NULL DEFAULT '0' AFTER `user_role_finance_access`, ADD `user_role_other_access` INT NOT NULL DEFAULT '0' AFTER `user_role_reporting_access`");
+
+         // Admin role
+         mysqli_query($mysqli, "UPDATE `user_roles` SET `user_role_admin_settings_access` = '3', `user_role_clientmgmt_access` = '3', `user_role_ticketing_access` = '3', `user_role_credential_access` = '3', `user_role_sales_access` = '3', `user_role_finance_access` = '3', `user_role_reporting_access` = '3', `user_role_other_access` = '3' WHERE `user_roles`.`user_role_id` = 3");
+
+         // Tech role
+         mysqli_query($mysqli, "UPDATE `user_roles` SET `user_role_clientmgmt_access` = '2', `user_role_ticketing_access` = '2', `user_role_credential_access` = '2', `user_role_sales_access` = '2' WHERE `user_roles`.`user_role_id` = 2");
+
+         // Accountant role
+         mysqli_query($mysqli, "UPDATE `user_roles` SET `user_role_clientmgmt_access` = '1', `user_role_sales_access` = '3', `user_role_finance_access` = '3' WHERE `user_roles`.`user_role_id` = 1");
+
+         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.4.6'");
+     }
+
+    // if (CURRENT_DATABASE_VERSION == '1.4.6') {
+    //     // Insert queries here required to update to DB version 1.4.7
     //     // Then, update the database to the next sequential version
-    //     mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.4.6'");
+    //     mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.4.7'");
     // }
 
 } else {

database_version.php

@@ -5,4 +5,4 @@
  * It is used in conjunction with database_updates.php
  */
 
-DEFINE("LATEST_DATABASE_VERSION", "1.4.5");
+DEFINE("LATEST_DATABASE_VERSION", "1.4.6");

db.sql

@@ -1937,6 +1937,14 @@ CREATE TABLE `user_roles` (
   `user_role_id` int(11) NOT NULL AUTO_INCREMENT,
   `user_role_name` varchar(200) NOT NULL,
   `user_role_description` varchar(200) DEFAULT NULL,
+  `user_role_admin_settings_access` int(11) NOT NULL DEFAULT 0,
+  `user_role_clientmgmt_access` int(11) NOT NULL DEFAULT 0,
+  `user_role_ticketing_access` int(11) NOT NULL DEFAULT 0,
+  `user_role_credential_access` int(11) NOT NULL DEFAULT 0,
+  `user_role_sales_access` int(11) NOT NULL DEFAULT 0,
+  `user_role_finance_access` int(11) NOT NULL DEFAULT 0,
+  `user_role_reporting_access` int(11) NOT NULL DEFAULT 0,
+  `user_role_other_access` int(11) NOT NULL DEFAULT 0,
   `user_role_created_at` datetime NOT NULL DEFAULT current_timestamp(),
   `user_role_updated_at` datetime DEFAULT NULL ON UPDATE current_timestamp(),
   `user_role_archived_at` datetime DEFAULT NULL,

setup.php

@@ -303,10 +303,19 @@
     mysqli_query($mysqli, "INSERT INTO ticket_statuses SET ticket_status_name = 'Resolved', ticket_status_color = '#343a40'"); // 4 - was auto-close, now resolved
     mysqli_query($mysqli, "INSERT INTO ticket_statuses SET ticket_status_name = 'Closed', ticket_status_color = '#343a40'"); // 5
 
-    // Add default roles
+    // *Add default roles*
+
+    // 1. Accountant role
     mysqli_query($mysqli, "INSERT INTO `user_roles` SET user_role_id = 1, user_role_name = 'Accountant', user_role_description = 'Built-in - Limited access to financial-focused modules'");
+    mysqli_query($mysqli, "UPDATE `user_roles` SET `user_role_clientmgmt_access` = '1', `user_role_sales_access` = '3', `user_role_finance_access` = '3' WHERE `user_roles`.`user_role_id` = 1");
+
+    // 2. Tech role
     mysqli_query($mysqli, "INSERT INTO `user_roles` SET user_role_id = 2, user_role_name = 'Technician', user_role_description = 'Built-in - Limited access to technical-focused modules'");
+    mysqli_query($mysqli, "UPDATE `user_roles` SET `user_role_clientmgmt_access` = '2', `user_role_ticketing_access` = '2', `user_role_credential_access` = '2', `user_role_sales_access` = '2' WHERE `user_roles`.`user_role_id` = 2");
+
+    // 3. Admin role
     mysqli_query($mysqli, "INSERT INTO `user_roles` SET user_role_id = 3, user_role_name = 'Administrator', user_role_description = 'Built-in - Full administrative access to all modules (including user management)'");
+    mysqli_query($mysqli, "UPDATE `user_roles` SET `user_role_admin_settings_access` = '3', `user_role_clientmgmt_access` = '3', `user_role_ticketing_access` = '3', `user_role_credential_access` = '3', `user_role_sales_access` = '3', `user_role_finance_access` = '3', `user_role_reporting_access` = '3', `user_role_other_access` = '3' WHERE `user_roles`.`user_role_id` = 3");
 
 
     $_SESSION['alert_message'] = "Company <strong>$name</strong> created!";