Discussions
From FusionPBX
Group Permissions
The way group permissions work today in FusionPBX should/must be improved. This discussion section will try to get the input from everyone interested on contributing to make group permissions better.
With the latest FusionPBX, from now on fusion, everytime a new tenant is created all the information on the v_groups table is duplicated and linked with the new tennat uuid (domain_uuid). The table v_group_permissions tells which permissions are enabled for a specific group (Ex: view, add , delete options on one app). Database table v_menu_item_groups is responsible for the definition of which menu a group can see/access. If a group isn't in this table, it won't be able to see/access the menu.
The current approach has 2 problems:
- If a specific group is in v_menu_item_grous DB table, it will be able to see/access the menu. However if the same group doesn't exist in DB table v_group_permissions, with permission view, add, delete set, any user on that group will get an error message "access denied" when he tries to access that menu option.
- If a specific group isn't in the DB table v_menu_item_groups, any user in that group won't be able to see/access the menu, even if the group is in DB table v_group_permissions with permission view, add, delete set.