ske087/quality_app-v2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8de85ca87fed4b67f97686cd414b2f824bc201d2
quality_app-v2/documentation/WORKER_MANAGER_BINDING_MODEL.md
Quality App Developer 8de85ca87f feat: Implement warehouse module roles with auto-schema repair and remove module access section 
- Add SchemaVerifier class for automatic database schema verification and repair
- Implement warehouse_manager (Level 75) and warehouse_worker (Level 35) roles
- Add zone-based access control for warehouse workers
- Implement worker-manager binding system with zone filtering
- Add comprehensive database auto-repair on Docker initialization
- Remove Module Access section from user form (role-based access only)
- Add autocomplete attributes to password fields for better UX
- Include detailed documentation for warehouse implementation
- Update initialize_db.py with schema verification as Step 0
2026-01-28 00:46:59 +02:00

348 lines
15 KiB
Markdown
Raw Blame History

# Worker-Manager Binding Model: Visual Guide
## Hierarchical Structure
```
┌─────────────────────────────────────────────────────────────────┐
│ SUPERADMIN / ADMIN │
│ (Unrestricted access to everything) │
│ - Can view all warehouse data │
│ - Can override all restrictions │
│ - Can manage all users and bindings │
└────────────────────────┬────────────────────────────────────────┘
┌────────────────┴────────────────┐
│ │
┌───────▼──────────────┐ ┌───────▼──────────────┐
│ WAREHOUSE_MANAGER #1 │ │ WAREHOUSE_MANAGER #2 │
│ - Full access to │ │ - Full access to │
│ input pages │ │ input pages │
│ - Full access to │ │ - Full access to │
│ reports/analytics │ │ reports/analytics │
│ - Can manage │ │ - Can manage │
│ assigned workers │ │ assigned workers │
└────────┬─────────────┘ └────────┬─────────────┘
│ │
┌────┴─────────┬──────────┐ │
│ │ │ │
┌───▼─────┐ ┌───▼─────┐ ┌─▼──────┐ │
│ WORKER1 │ │ WORKER2 │ │WORKER3 │ │
│ (Mgr 1) │ │ (Mgr 1) │ │(Mgr 2) │ │
│ │ │ │ │ │ │
│ Can: │ │ Can: │ │ Can: │ │
│ ✓ Input │ │ ✓ Input │ │✓ Input │ │
│ ✗ Report│ │ ✗ Report│ │✗ Report│ │
│ ✗ Manage│ │ ✗ Manage│ │✗ Manage│ │
└─────────┘ └─────────┘ └────────┘ │
Unassigned workers
(can't access warehouse)
```
---
## Data Access Patterns
### SUPERADMIN/ADMIN View
```
┌─────────────────────────────────────────┐
│ ALL WAREHOUSE DATA │
│ ├─ All workers' entries │
│ ├─ All managers' entries │
│ ├─ All reports │
│ └─ All analytics │
└─────────────────────────────────────────┘
```
### WAREHOUSE_MANAGER View
```
┌─────────────────────────────────────────┐
│ MANAGER'S ASSIGNED DATA ONLY │
│ ├─ Manager's own entries │
│ ├─ Assigned Worker 1's entries │
│ ├─ Assigned Worker 2's entries │
│ ├─ Reports (aggregated from own + workers)
│ └─ Analytics (own + workers' data) │
└─────────────────────────────────────────┘
```
### WAREHOUSE_WORKER View
```
┌─────────────────────────────────────────┐
│ WORKER'S OWN DATA ONLY │
│ ├─ Own entries │
│ ├─ Own location assignments │
│ └─ Own submitted records │
│ │
│ ✗ Cannot see other workers' data │
│ ✗ Cannot view any reports │
│ ✗ Cannot access analytics │
└─────────────────────────────────────────┘
```
---
## Role Hierarchy & Capabilities
```
Level 100: SUPERADMIN
├─ Can do EVERYTHING
├─ Can override all restrictions
└─ Can manage all users & roles
Level 90: ADMIN
├─ Can do EVERYTHING (in practice)
├─ Can override all restrictions
└─ Can manage all users & roles
Level 75: WAREHOUSE_MANAGER
├─ Can access warehouse INPUT pages
│ ├─ Set box locations
│ ├─ Manage inventory entries
│ └─ Create/edit warehouse data
├─ Can access warehouse REPORTS
│ ├─ View analytics
│ ├─ Export data
│ └─ Download reports
├─ Can manage assigned workers
│ ├─ Assign/unassign workers
│ ├─ Set zone restrictions
│ └─ View worker activity logs
└─ Can view assigned workers' data
Level 70: MANAGER (Quality)
├─ Can access QUALITY module only
├─ Can create/edit/delete inspections
├─ Can export quality reports
└─ Cannot access WAREHOUSE at all
Level 50: WORKER (Quality)
├─ Can access QUALITY module only
├─ Can create quality inspections
├─ Can view inspections
└─ Cannot export or access reports
Level 35: WAREHOUSE_WORKER
├─ Can access INPUT pages ONLY
│ ├─ Set box locations
│ ├─ Create entries
│ └─ Edit own entries
├─ Cannot view reports
├─ Cannot view analytics
├─ Cannot export data
└─ Can only see own submitted data
```
---
## Database Schema Visualization
```
┌──────────────────────────┐
│ USERS TABLE │
├──────────────────────────┤
│ id │
│ username │
│ password_hash │
│ full_name │
│ email │
│ role ◄────────┐ │
│ is_active │ │
│ created_at │ │
└──────────────────┼───────┘
References │
┌──────────┴────────────────────────┐
│ │
▼ ▼
┌──────────────────────┐ ┌──────────────────────┐
│ ROLES TABLE │ │ USER_MODULES TABLE │
├──────────────────────┤ ├──────────────────────┤
│ id │ │ id │
│ name │ │ user_id ───┐ │
│ description │ │ module_name│ │
│ level │ │ created_at │ │
│ created_at │ └────────────┼────────┘
└──────────────────────┘ │
┌─────────▼────────────────┐
│ │
▼ ▼
┌──────────────────────┐ ┌──────────────────────┐
│ WAREHOUSE_MANAGER │ │ WAREHOUSE_WORKER │
│ role_id: 75 │ │ role_id: 35 │
└──────────────────────┘ └──────────────────────┘
│ │
└──────────┬───────────────┘
┌──────────────────────▼──────────────┐
│ WORKER_MANAGER_BINDINGS TABLE │
├─────────────────────────────────────┤
│ id │
│ manager_id ──────┐ (Foreign Key) │
│ worker_id ────────┼─ (Foreign Key) │
│ warehouse_zone │ (Optional) │
│ is_active │ (TINYINT) │
│ created_at │ │
│ updated_at │ │
└─────────────────────────────────────┘
│ One binding allows:
├─ Manager to oversee Worker
├─ Worker to input data
├─ Manager to view Worker's data
└─ Optional: Restrict to specific zone
```
---
## Example Bindings
### Scenario 1: Single Manager, Multiple Workers
```
Manager: John Smith (ID=5, role=warehouse_manager)
Workers:
- Alice Johnson (ID=12, role=warehouse_worker)
- Bob Wilson (ID=13, role=warehouse_worker)
- Carol Davis (ID=14, role=warehouse_worker)
Bindings:
binding_1: manager_id=5, worker_id=12, zone=NULL (all zones)
binding_2: manager_id=5, worker_id=13, zone=NULL (all zones)
binding_3: manager_id=5, worker_id=14, zone=NULL (all zones)
Result:
✓ John can see data from Alice, Bob, and Carol
✓ John can generate reports using all their data
✓ Alice/Bob/Carol can only see their own data
✓ Alice/Bob/Carol cannot see reports
```
### Scenario 2: Zone-Restricted Workers
```
Manager: Maria Garcia (ID=6, role=warehouse_manager)
Workers (restricted to zones):
- David Chen (ID=15, zone="Cold Storage")
- Eve Martinez (ID=16, zone="High Shelf")
Bindings:
binding_4: manager_id=6, worker_id=15, zone="Cold Storage"
binding_5: manager_id=6, worker_id=16, zone="High Shelf"
Result:
✓ David can only input in "Cold Storage"
✓ Eve can only input in "High Shelf"
✓ Maria can filter reports by zone
✓ Maria can see which worker handles which zone
```
### Scenario 3: Unassigned Worker
```
Worker: Frank Thompson (ID=17, role=warehouse_worker)
No binding exists for Frank
Result:
✗ Frank cannot access warehouse module
✗ Frank's dashboard shows no warehouse option
✗ If Frank tries to access /warehouse/*:
- Gets redirected with "Access denied" message
```
---
## Access Control Decision Tree
```
User Request → Is user logged in?
├─ NO → Redirect to login
└─ YES → Get user role
├─ Is role = 'superadmin'?
│ ├─ YES → ALLOW (all access)
│ └─ NO → Continue
├─ Is role = 'admin'?
│ ├─ YES → ALLOW (all access)
│ └─ NO → Continue
├─ Is user accessing report page?
│ ├─ YES → Is role = 'warehouse_manager'?
│ │ ├─ YES → ALLOW
│ │ └─ NO → DENY
│ │
│ └─ NO → Is user accessing input page?
│ ├─ YES → Is role = 'warehouse_manager' OR 'warehouse_worker'?
│ │ ├─ YES → Check binding (for worker)
│ │ │ ├─ If manager → ALLOW
│ │ │ └─ If worker → ALLOW (sees own data only)
│ │ └─ NO → DENY
│ │
│ └─ NO → Other page type
│ └─ DENY (unknown page type)
└─ DENY (role not recognized for warehouse)
```
---
## Implementation Checklist
### Database Changes
- [ ] Insert 2 new roles into `roles` table
- [ ] Create `worker_manager_bindings` table
- [ ] Verify foreign key constraints work
- [ ] Test data isolation queries
### Backend Code
- [ ] Update `access_control.py` ROLES dictionary
- [ ] Update `access_control.py` MODULE_PERMISSIONS
- [ ] Create `can_access_warehouse_reports()` decorator
- [ ] Create `can_access_warehouse_input()` decorator
- [ ] Update warehouse route handlers with decorators
- [ ] Implement data filtering logic in queries
- [ ] Add binding validation logic
### Frontend Code
- [ ] Update `user_form.html` with warehouse role options
- [ ] Create warehouse worker assignment page
- [ ] Add worker management UI in warehouse module
- [ ] Update dashboard to show warehouse module for eligible users
### Testing
- [ ] Test superadmin access (full access)
- [ ] Test admin access (full access)
- [ ] Test warehouse_manager access (input + reports)
- [ ] Test warehouse_worker access (input only, blocked from reports)
- [ ] Test data isolation (worker A cannot see worker B's data)
- [ ] Test manager sees assigned workers' data only
- [ ] Test zone restriction filtering
- [ ] Test unassigned worker cannot access warehouse
---
## Security Notes
⚠️ **Critical Points**
- Always verify user role in EVERY warehouse route
- Always include WHERE clauses to filter data by user/binding
- Never trust frontend filtering alone
- Log all access to reports for audit trail
- Validate zone restrictions server-side
- Regularly audit worker-manager bindings
⚠️ **Data Isolation**
- Workers MUST be completely isolated from each other
- Managers MUST only see assigned workers' data
- Database queries must reflect this isolation
- Test edge cases (deleted bindings, zone changes, etc.)
⚠️ **Role Confusion Prevention**
- Quality roles and warehouse roles are SEPARATE
- Explicitly assign each module
- Don't auto-grant cross-module access
- Always check module assignment + permission
Reference in New Issue View Git Blame Copy Permalink