# Manager Role Implementation

## Overview
Added "Manager" as a new user role to the POS system with specific privileges between Admin and Staff levels.

## Database Changes

### 1. Users Table Schema Update
- **File**: `sql/create_users_table.sql`
- **Change**: Updated role ENUM to include 'manager'
- **Before**: `ENUM('admin', 'staff', 'cashier')`
- **After**: `ENUM('admin', 'manager', 'staff', 'cashier')`

### 2. Migration Script
- **File**: `sql/add_manager_role_migration.sql`
- **Purpose**: Update existing databases to include manager role
- **Status**: ✅ Successfully executed

## Role Privileges

### Manager Privileges
Managers have access to:
- ✅ User Management (branch-specific)
- ✅ Cash Flow Management (can view all cashiers)
- ✅ All standard POS features
- ❌ Branch Management (Admin only)

### Branch-Specific Restrictions
Managers can only:
- ✅ View staff and cashier users from their own branch
- ✅ Add staff and cashier users to their own branch only
- ✅ Edit staff and cashier users within their branch
- ✅ Delete staff and cashier users from their branch
- ❌ Cannot assign different branches to staff/cashiers
- ❌ Cannot promote staff to manager role (admin only)
- ❌ Cannot see or manage their own record
- ❌ Cannot see or manage other managers or admins

### Manager Limitations
Managers **cannot**:
- Create admin or manager users
- Modify admin or manager users (role/branch/delete)
- Delete admin or manager users
- Assign manager roles to staff (only admins can create managers)
- View their own record in user management
- Modify their own account
- Delete their own account
- Access branch management
- See admin or manager role options in dropdowns
- Manage users outside their own branch
- Assign different branches to staff and cashiers
- View users from other branches

## File Changes

### 1. Database Schema
- `sql/create_users_table.sql` - Updated role ENUM
- `sql/add_manager_role_migration.sql` - Migration script

### 2. User Management
- `admin/users.php` - Added manager access with restrictions
  - Managers can access user management
  - Cannot create/modify/delete admin users
  - Admin role hidden from manager dropdowns

### 3. Navigation & Access Control
- `includes/header.php` - Updated navigation menu
  - Staff Management moved to main navigation (accessible to admin/manager)
  - Admin menu simplified to only Branch Management (admin only)
  - User Management functionality moved to Staff Management

### 4. Cash Flow Management
- `pos/cash_flow.php` - Updated cashier selection
  - Managers included in cashier dropdown for admin view
  - Managers can view all cashier shifts

## User Interface Changes

### Navigation Menu
- **Admin users**: See "Staff Management" in main nav + "Branch Management" in admin section
- **Manager users**: See "Staff Management" in main nav only
- **Other roles**: No staff management access

### Staff Management Interface
- **Admin view**: Full access to all features
- **Manager view**: 
  - Cannot see admin/manager roles in dropdowns
  - Only see staff and cashiers from their branch
  - Cannot see their own record
  - Cannot create admin/manager users

## Security Implementation

### Access Control
1. **Route Protection**: Both admin and manager can access `/admin/users.php`
2. **Action Restrictions**: Managers blocked from admin-related operations
3. **UI Restrictions**: Admin options hidden from manager interface
4. **Database Validation**: Server-side checks prevent privilege escalation

### Manager Restrictions
```php
// Example restriction checks
if ($is_manager && $_POST['role'] === 'admin') {
    throw new Exception("Managers cannot create admin users");
}

if ($is_manager && $current_role === 'admin') {
    throw new Exception("Managers cannot modify admin users");
}
```

## Testing Checklist

### ✅ Database Migration
- [x] Role ENUM updated successfully
- [x] Existing data preserved
- [x] New manager role available

### ✅ User Management
- [x] Managers can access user management
- [x] Managers cannot create admin users
- [x] Managers cannot modify admin users
- [x] Managers cannot delete admin users
- [x] Admin role hidden from manager dropdowns

### ✅ Navigation
- [x] Managers see "Management" menu
- [x] Branch Management hidden from managers
- [x] User Management accessible to managers

### ✅ Cash Flow
- [x] Managers included in cashier selection
- [x] Managers can view all cashier shifts

## Usage Instructions

### Creating Manager Users
1. Login as Admin
2. Go to Staff Management
3. Click "Add New Staff Member"
4. Select "Manager" role
5. Assign to appropriate branch

### Manager Capabilities
Managers can:
- Manage only staff and cashier accounts within their branch
- View and manage cash flows for all cashiers
- Access all POS features
- Add new staff and cashier users to their own branch only
- Cannot promote staff to manager positions (admin privilege only)
- Cannot see or manage their own account
- Cannot manage admin, manager accounts, or branches
- Cannot assign different branches to their staff/cashiers

## Future Considerations

### Potential Enhancements
- Branch-specific manager permissions
- Custom permission sets for managers
- Manager-specific reporting features
- Audit logs for manager actions

### Security Notes
- Managers have elevated privileges but cannot escalate to admin
- All admin operations remain protected
- UI and server-side validation prevent unauthorized access