Saas, companies

Database

All companies are stored in the same database.

Tables

Each table with company data need to have the column:

• companyID

All unique indexes need to contain the companyID.

Session

The companyID is stored int the Session by logging in, SESSION[]:

• companyID

Portal admin

The portal admin is:

• superuser

The superuser is not assigned to a company.

Portal emails

Portal emails are send by the portal:

• Account verification
• Reset password

Menu

The menu is same for all companies. It is configured by the portal admin.

config/_init.php

$GLOBALS['domain_rightmode']=3; $GLOBALS['domain_includes']['registeruser']=array(""); $GLOBALS['domain_includes']['registercompany']=array("company_register.php"); $GLOBALS['domain_includes']['verificationuser']=array(""); $GLOBALS['domain_includes']['verificationcompany']=array("company_register.php"); $GLOBALS['config']=array( 'rolecompanydefault'=>'6,7,19,21,25,32', 'rolecompanyadmin'=>7, 'rolescompany'=>[6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,32], 'company_motiondata_tables'=>array(), 'company_motiondata_datadefIDs'=>array(), 'company_masterdata_tables'=>array('k8groupdefinitions'), 'company_masterdata_datadefIDs'=>array() )

domain_rightmode

• domain_rightmode=3

This implements the "companyID" to the data access.

domain_includes

When registering a new company this file is executed:

• company_register.php

Depending on "useractive" it is executed by this events:

• registercompany
• verificationcompany

rolecompanydefault

By registering the company the user is inserted as company employee with this default roles (look to roles).

rolecompanyadmin

A user with the role company admin is allowed to configure the user roles.

rolescompany

The company admin is not allowed to controle all roles. He is limited to this defined roles.

By compnay delete

When deleting motion data or master data the affected records in tables or datadefs are configured here:

• motion data
• master data

Difference between datadefID and tables:

• tables: only the records in the table are deleted
• datadefID: the delete function of the data definition is executed. Depencies, like file delitions are also executed.

To execute programm code the domain includes can be used:

• delete: company_delete.php

datadefID: k8logincompany

Fields:

• company name: the name of the company
• username: this user is the admin of your company
• email: for the moment no verification necessary!
• password: don't forget it!

The roles of the user are set to:

• rolecompanydefault

The domain include file for company register is called. So necessary tables can be filled.

With invititation

An invitation is send by the employee dialogue. The invitation link calls the registration and The link fills the email and the hidden field companyID. Thanks to the invitation the username is automatically add to the company employee.

Without invititation

First the registration is done. The employee has to inform the admin outside this system and give him the username. The admin adds the username in the employee list.

domain_includes:

• login: company_login.php
• logout: company_logout.php

Company assignement is being verified. The Session variable "companyID" is set.

After the login the include file is called.

Functions:

• Email assignement
• Delete company
• Delete motion data
• Update session

New

Only company admins are allowed to manage employees.

User name

This is the name the use is logged in with. Unassigned user can be added here.

Internal name

This is the name of the user, which is used in the company.

Email invitation

This functionality is added later.

Email designation

This functionality is added later.

Roles

Only users with this company role are allowed to set roles, which are in the array:

• rolescompany

masterdata/k8companyemployee/k8companyemployee.json:

{ "masterdata": { "defaultvalues":{ "roles":"6,19,21,25,32" } } }

In the datadefinition: k8companyemployee the default values for the roles are set.

Company

The main company fields allow to note address and contact data.

Employees

For test and support the admin can act as an employee:

• take identity
• identity + admin

By a new login the original admin rights are set again.

domain_roles:

{ "6": "company, own data", "7": "company, admin", "19": "company, login", "21": "company, read", "25": "company, create standard", "32": "sebd email", }

Roles:

• 6: employee
• 7: admin
• 19: login
• 21: read
• 25: create standard
• 32: write email

The methods are placed int this functions:

• bRecordReadPermission() (include: RBAC_Read)
• bRecordUDPermission() (include: RBAC_RUD)
• bRecordAccess() (include: RBAC_CUD)

Methods:

• 4: exist companyID
• 5: exist companyID and creatorID

domain_defautltrights:

{ "masterdata":{ "rights":{ "create":{ "30":2, "2":2 } "read":{ "19":4, "2":2 } "update":{ "6":5, "7":4,, "2":2 } "delete":{ "6":5, "7":4,, "2":2 } } } }

The default rights for a table are defined in:

• config/_ini.php
• <myproject>/_ini.json

config/_init.php, domain_includes:

$GLOBALS['domain_includes']['head']=array(); $GLOBALS['domain_includes']['login']=array(); //array(str_repeat('../',$GLOBALS['script_depth'])."kitamples/_service_login.php"); $GLOBALS['domain_includes']['logout']=array(); //array(str_repeat('../',$GLOBALS['script_depth'])."kitamples/_service_logout.php"); $GLOBALS['domain_includes']['registeruser']=array(); //array(str_repeat('../',$GLOBALS['script_depth'])."kitamples/_service_login.php"); $GLOBALS['domain_includes']['verificationuser']=array(); $GLOBALS['domain_includes']['verificationcompany']=array(); $GLOBALS['domain_includes']['registercompany']=array(); //array(str_repeat('../',$GLOBALS['script_depth'])."kitamples/_service_login.php"); $GLOBALS['domain_includes']['delete']=array(); //array(str_repeat('../',$GLOBALS['script_depth'])."kitamples/_service_logout.php"); $GLOBALS['domain_includes']['RBAC_Read']=array(); // array("kitsamples/RBAC_Read.php"); $GLOBALS['domain_includes']['RBAC_RUD']=array(); // "kitsamples/RBAC_RUD.php" $GLOBALS['domain_includes']['RBAC_CUD']=array(); // "kitsamples/RBAC_CUD.php"

This are the supported events:

• head
• Register
  • company
  • user
• Verification eamil
  • company
  • user
• Login
• Logout
• Delete
  • company
  • motion data
• RBAC
  • Read
  • RUD
  • CUD

company_register.php

<?php // $companyID=1; // set by k8logincompany_afterinsert.php mylog(basename(__FILE__),2); $sql=<<<EOD INSERT INTO `k8groupdefinitions` (`title`, `type`, `special`, `creatorID`, `clientID`, `companyID`) VALUES ('Address group', 'address_group', 1, 2, 0, {{companyID}}); #GO INSERT INTO `k8groupdefinitions` (`title`, `type`, `special`, `creatorID`, `clientID`, `companyID`) VALUES ('Workflow main', 'workflow_main', 1, 2, 0, {{companyID}}); INSERT INTO `k8groupdefinitions` (`title`, `type`, `special`, `creatorID`, `clientID`, `companyID`) VALUES ('Workflow sub', 'workflow_sub', 1, 2, 0, {{companyID}}); #GO EOD; $sql=str_replace('{{companyID}}',$companyID,$sql); // execute sql $this->db->multi_query($sql);

datadefinition: k8company

events:

• registercompany
• verificationcompany

excerp: config/_init.php

// delete tables, look to config

datadefinition: k8company

File, k8companyMethod.php:

• process_action=
  • deleteCompany
• mode=
  • 0: company
  • 1: motion data

Tables

To clean company tables, add them in:

• $tables_motiondata
• $datadefIDs_motiondata
• $tables_masterdata
• $datadefIDs_masterdata

k8login

Logins are deleted, if they are not member of another company!

company_delete.php

// write you own code for the delition

Use this include to write your own programm code for the company deletion.

_head_js.php

let userID=1; let dat_user={"username":"superuser","...":"..."}; let companyID=1; let dat_company={"name1":"Example LTD","...":"..."}; let GLOBALS_sessionroles=["3","7","..."];

This variables can be used in JavaScript.

userID

This is the ID of the logged in user.

dat_user

This is the record of the user table "k8login".

companyID

This is the ID of the logged in company.

dat_company

This is the record of the user table "k8company".

GLOBALS_sessionroles

The GLOBALS_sessionroles contain the roles of the logged in user.

config/_init.php

$GLOBALS['domain_rightmode']==3;

Sorry a solution import is not configured for a Saas project!