Privilege System Reference
Core Principles
- •Declare privileges in
Privileges.java- append to enum without reordering - •Check in controllers via
webUserController.hasPrivilege(...) - •Assign through UI via User Privileges admin interface; never seed in database
- •Name descriptively so usage is obvious from enum value
Common Privileges
| Privilege | Description |
|---|---|
StockTransactionViewRates | Rate/value fields in stock transactions |
PharmacyTransferViewRates | Rates in pharmacy transfer reports |
Developers | All bill formats for dev/QA validation |
Adding a New Privilege
- •Check
src/main/java/com/divudi/core/data/Privileges.java- reuse existing if matching behavior exists - •Never rename or edit legacy enum values (backward compatibility)
- •Add to most relevant section, keeping existing grouping
- •Update
src/main/webapp/admin/users/user_privileges.xhtmlfor UI assignment - •Extend
UserPrivilageController.createPrivilegeHolderTreeNodes()for tree rendering
Usage in XHTML
xhtml
<p:column rendered="#{webUserController.hasPrivilege('PharmacyTransferViewRates')}">
<h:outputText value="#{item.rate}" />
</p:column>
Testing Checklist
- •Log in WITHOUT the privilege - confirm UI element is hidden/disabled
- •Log in WITH the privilege - verify workflow succeeds end-to-end
- •Document new privilege in release notes
For complete reference, read developer_docs/security/privilege-system.md.