I'm finding the names of the permissions and their effects confusing or wrong. For example:

1) "Administer bookings"
Actual text: Allows users to perform administrative tasks on bookings. Warning: Give to trusted roles only; this permission has security implications.

Observed effect: this permission allows access to the URL /admin/rooms/bookings.
- Without any further permissions you get an empty list of bookings, i.e. despite the scary warning it perhaps does almost nothing on its own.
- Conversely if you don't set it, the various other permissions on bookings seem fairly useless. To edit a room, you would have to know the exact URL of the edit page.

2) "Edit availability XXX units"
Observed effect:
- This permission is required to be able to add or edit bookings of the unit type, otherwise they don't appear in the drop down list of booking types. Surely the permissions "Create XXX bookings" and "Edit XXX bookings" should be sufficient?
- It also grants (as I would expect) permission to bulk set availability (admin/rooms/units/unit/XX/availability), which I don't necessarily want to give to ordinary staff.

Comments

cecrs’s picture

cecrs CreditAttribution: cecrs at roomify - online and open source reservation solutions commented
Category: Bug report » Feature request
romeof1980’s picture

romeof1980 CreditAttribution: romeof1980 commented
Title: Permissions are confusing » Rooms permissions don't work as expected
Version: 7.x-1.3 » 7.x-1.10
Component: Code » Rooms Availability
Category: Feature request » Bug report
Priority: Normal » Major

hi guys,
my issue is slightly different:
I tried to set permissions in 7.x-1.10 in order to give my customers (I'm the webmaster, my customers are the hotels' owners) the opportunity to look at the "Booking Situation" (what they call the "Booking Register") and the opportunity to add/edit/delete reservations.

That's practically impossible without granting FULL permissions due to a couple of problems:
1) it does not exist the opportunity to access a "Booking Register" without giving the opportunity to bulk prices and availability
2) it does not exist the opportunity to manage the "Booking Situation" without granting the opportunity to add/edit/delete unit type: THAT'S DANGEROUS for s simple client-side booking-management-dashboard, and practically invalidates the reason for which the Rooms permissions themselves exist.

Point 2 above is not a feature request but a bug: if you select the right permissions in the "People" -> "Role" they won't work as expected: it turns out you need to grant "Bypass access to bookable units" just in order to see the "Booking Register" and no matter which permissions I granted, you need to be allowed to have FULL administration permissions in order to see THE AVAILABILITY displayed in the "Booking Register's" FullCalendar (where each room, in a 'per-day' basis, should be highlighted with different colours due to the booking situation in order to make the hotel's clerk understand if a room is booked or not).

hence, as far as I can see, that's definitely a bug in the permissions' tree.

have a great day,
romeo

ronald_istos’s picture

ronald_istos CreditAttribution: ronald_istos at roomify - online and open source reservation solutions commented
Status: Active » Needs review

I am not sure this will resolve your specific use case - but it is certainly a step in the right direction. Can you check the latest dev version of Rooms. Point 2 was a valid point and that should now be fixed.

ronald_istos’s picture

ronald_istos CreditAttribution: ronald_istos at roomify - online and open source reservation solutions commented
Status: Needs review » Closed (fixed)