{ "glossary": { "*": "Full access to every permission-checked admin endpoint.", "dashboard.read": "Legacy dashboard metrics JSON.", "platform.read": "Platform overview / KPI cards.", "roles.read": "List role definitions and permission catalog.", "staff.read": "List admin (staff) accounts.", "financial.read": "Financial summaries where exposed (reserved for exports).", "commission.read": "View commission settings and category rules.", "commission.write": "Change commission defaults (Super Admin routes may still apply).", "orders.read": "List and inspect orders.", "orders.write": "Update order status / fulfilment.", "orders.*": "All order read and write actions.", "vendors.read": "List vendors and pending KYC queue.", "vendors.write": "Register vendors and edit vendor profile fields (e.g. TIN).", "vendors.approve": "Approve, reject, or suspend vendors.", "vendors.*": "Full vendor lifecycle including registration and KYC actions.", "products.read": "View products in admin context (catalogue is also public).", "products.write": "Create and update products.", "products.delete": "Delete products.", "products.*": "Create, update, and delete products.", "categories.*": "Reserved for category taxonomy tools aligned with products.", "catalog.read": "View merged storefront category tree and overlays.", "catalog.write": "Add or remove category overlay entries.", "payments.read": "View checkout payment method configuration.", "payments.write": "Create, update, delete, or reset payment methods.", "customers.read": "Reserved for customer directory features.", "inventory.read": "Inventory summary and low-stock reporting.", "inventory.adjust": "PATCH stock levels on products.", "inventory.*": "Read and adjust inventory.", "security.read": "Login events and active sessions.", "security.revoke": "Revoke another admin session (Super Admin route).", "audit.read": "Read audit log entries (GET /api/admin/audit-log).", "audit.export": "Download audit exports (GET /api/admin/audit-log/export, JSON or NDJSON).", "any_admin": "Admin JWT only; used for POST /api/admin/permissions/check (no permission pattern).", "compliance.*": "Reserved for compliance-specific tooling.", "reports.export": "Reserved for report downloads.", "wallet.read": "View any admin wallet balance (GET /api/admin/wallet/:userId). Own balance is always visible to admins via /me.", "commerce.vendors": "Extra Commerce nav: Vendor management (adds vendor API access when not already granted by role).", "commerce.shop_profile": "Extra Commerce nav: Shop profile (store geo / branding); also grants platform.read for that area when assigned alone.", "commerce.products": "Extra Commerce nav: Product management (adds products.read/write as needed).", "commerce.stock": "Extra Commerce nav: Stock management.", "commerce.catalog": "Extra Commerce nav: Catalog & payments.", "commerce.orders": "Extra Commerce nav: Order management.", "commerce.financial": "Extra Commerce nav: Financial management.", "commerce.tax": "Extra Commerce nav: Tax settings (view; Super Admin rules still apply to saves where enforced).", "commerce.notifications": "Extra Commerce nav: Notifications center.", "commerce.communications": "Extra Commerce nav: Communications (Deskia)." }, "glossaryEntries": [ { "key": "*", "meaning": "Full access to every permission-checked admin endpoint." }, { "key": "any_admin", "meaning": "Admin JWT only; used for POST /api/admin/permissions/check (no permission pattern)." }, { "key": "audit.export", "meaning": "Download audit exports (GET /api/admin/audit-log/export, JSON or NDJSON)." }, { "key": "audit.read", "meaning": "Read audit log entries (GET /api/admin/audit-log)." }, { "key": "catalog.read", "meaning": "View merged storefront category tree and overlays." }, { "key": "catalog.write", "meaning": "Add or remove category overlay entries." }, { "key": "categories.*", "meaning": "Reserved for category taxonomy tools aligned with products." }, { "key": "commerce.catalog", "meaning": "Extra Commerce nav: Catalog & payments." }, { "key": "commerce.communications", "meaning": "Extra Commerce nav: Communications (Deskia)." }, { "key": "commerce.financial", "meaning": "Extra Commerce nav: Financial management." }, { "key": "commerce.notifications", "meaning": "Extra Commerce nav: Notifications center." }, { "key": "commerce.orders", "meaning": "Extra Commerce nav: Order management." }, { "key": "commerce.products", "meaning": "Extra Commerce nav: Product management (adds products.read/write as needed)." }, { "key": "commerce.shop_profile", "meaning": "Extra Commerce nav: Shop profile (store geo / branding); also grants platform.read for that area when assigned alone." }, { "key": "commerce.stock", "meaning": "Extra Commerce nav: Stock management." }, { "key": "commerce.tax", "meaning": "Extra Commerce nav: Tax settings (view; Super Admin rules still apply to saves where enforced)." }, { "key": "commerce.vendors", "meaning": "Extra Commerce nav: Vendor management (adds vendor API access when not already granted by role)." }, { "key": "commission.read", "meaning": "View commission settings and category rules." }, { "key": "commission.write", "meaning": "Change commission defaults (Super Admin routes may still apply)." }, { "key": "compliance.*", "meaning": "Reserved for compliance-specific tooling." }, { "key": "customers.read", "meaning": "Reserved for customer directory features." }, { "key": "dashboard.read", "meaning": "Legacy dashboard metrics JSON." }, { "key": "financial.read", "meaning": "Financial summaries where exposed (reserved for exports)." }, { "key": "inventory.*", "meaning": "Read and adjust inventory." }, { "key": "inventory.adjust", "meaning": "PATCH stock levels on products." }, { "key": "inventory.read", "meaning": "Inventory summary and low-stock reporting." }, { "key": "orders.*", "meaning": "All order read and write actions." }, { "key": "orders.read", "meaning": "List and inspect orders." }, { "key": "orders.write", "meaning": "Update order status / fulfilment." }, { "key": "payments.read", "meaning": "View checkout payment method configuration." }, { "key": "payments.write", "meaning": "Create, update, delete, or reset payment methods." }, { "key": "platform.read", "meaning": "Platform overview / KPI cards." }, { "key": "products.*", "meaning": "Create, update, and delete products." }, { "key": "products.delete", "meaning": "Delete products." }, { "key": "products.read", "meaning": "View products in admin context (catalogue is also public)." }, { "key": "products.write", "meaning": "Create and update products." }, { "key": "reports.export", "meaning": "Reserved for report downloads." }, { "key": "roles.read", "meaning": "List role definitions and permission catalog." }, { "key": "security.read", "meaning": "Login events and active sessions." }, { "key": "security.revoke", "meaning": "Revoke another admin session (Super Admin route)." }, { "key": "staff.read", "meaning": "List admin (staff) accounts." }, { "key": "vendors.*", "meaning": "Full vendor lifecycle including registration and KYC actions." }, { "key": "vendors.approve", "meaning": "Approve, reject, or suspend vendors." }, { "key": "vendors.read", "meaning": "List vendors and pending KYC queue." }, { "key": "vendors.write", "meaning": "Register vendors and edit vendor profile fields (e.g. TIN)." }, { "key": "wallet.read", "meaning": "View any admin wallet balance (GET /api/admin/wallet/:userId). Own balance is always visible to admins via /me." } ], "wildcardHelp": "Patterns ending with .* match any permission key that starts with the same prefix (e.g. orders.* allows orders.read and orders.write)." }