How roles store location scope
Each customer or staff permission is encoded inside a base64 p field on the role. Every entry in that field carries a location_id, so the same role can grant Full Access at one branch and Read Only at another.
On top of that, the system keeps a roles_with_location map written in the format roleId-locId1,locId2. This list is what the UI uses to show which branches a role is currently attached to without having to decode every permission bit.
A computed getter called permissionLocations returns the unique set of location IDs where the user has any permission that is not None. This is the single source of truth used by the picker and by location-aware pages.
Editing roles on the role page
Open Admin → Settings → Roles to manage your role list. When the Multiple Locations feature is enabled on your account, each role row shows an inline <app-location-picker> directly beside the role name.
The inline picker displays the exact set of branches that the role currently grants access to. To extend a role to a new branch, open the picker, tick the branch, and save. The change is written back to both the encoded p field and the roles_with_location map.
- Ticking a branch grants the role's permissions at that branch.
- Unticking a branch revokes them everywhere on that branch.
- A role with zero ticked branches is effectively unused and will not appear in any staff member's picker.
Combining role × location
Effective access for a staff member is always the intersection of the role's location scope and the staff member's assigned locations. A role that allows branches A and B combined with a staff profile assigned to branches B and C yields effective access only at branch B.
This means you can safely reuse one role across many branches and rely on each staff member's location assignment to narrow the actual scope. There is no need to clone a role per branch.
- Decode the role's permissionLocations.
- Read the staff member's assigned locations.
- The overlap is what the staff member can actually use.
