Commit e8798d13 authored by Mahmoud Aglan's avatar Mahmoud Aglan

Tighten receptionist permissions — remove access to financial dashboard, wallets, invoice creation

A receptionist should only:
- Register participants (wizard)
- Look up participant info (read-only)
- Collect payments on existing invoices
- Sell via POS
- Open/close their cash session

Removed: invoices.list (gates financial overview), invoices.create,
wallets.list/view/credit, participants.update, guardians.update,
enrollments.list, cash_sessions.manage, payments.list,
pos_sessions.open/close/list
Co-Authored-By: 's avatarClaude Opus 4.6 <noreply@anthropic.com>
parent 45a76a04
......@@ -239,15 +239,13 @@ private function getRolePermissions(array $allPermissions): array
],
'receptionist' => [
'dashboard.view',
'participants.list', 'participants.create', 'participants.update', 'participants.show',
'guardians.list', 'guardians.create', 'guardians.update',
'enrollments.list', 'enrollments.create',
'participants.list', 'participants.show', 'participants.create',
'guardians.list', 'guardians.create',
'enrollments.create',
'pos.access', 'pos.sell', 'pos.list',
'invoices.list', 'invoices.show', 'invoices.create',
'payments.list', 'payments.create',
'cash_sessions.open', 'cash_sessions.close', 'cash_sessions.list', 'cash_sessions.manage',
'pos_sessions.open', 'pos_sessions.close', 'pos_sessions.list',
'wallets.list', 'wallets.view', 'wallets.credit',
'invoices.show',
'payments.create',
'cash_sessions.open', 'cash_sessions.close', 'cash_sessions.list',
],
'accountant' => [
'dashboard.view',
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment