Advanced ACL permissions in admin area (view/edit/delete)

[mariannk]

An online store may have multiple users who log in and manage various functionality. Every user must have an own account with special permissions that limit to only their areas of responsibility. We already have general "manage something" permissions (available at the "access control list" page in admin area). For example, "manage products". It includes all actions - view, edit and delete.

But it's better to havemore advanced ACL rules. For example, instead of just "Admin area. Manage Products" permission it'll have the following ones:

• Admin area. Products. View
• Admin area. Products. Create and edit
• Admin area. Products. Delete
• Admin area. Products. Export / import

One more example. An employee viewing an order, should have or not access to edit it, delete or create shipments. Same on products, campaigns and etc. Let's create a list of all new permissions for approval (before the implemention)

The task is quite simple. But it requires a lot of similar changes. We just have to be quite accurate when implementing it.

During the upgrade we should replace an old permission with new ones, and ensure that new ones are applied to the same roles as the original ones. For example, if a customer role "A" had the "Admin area. Manage Products" permission, then it'll have all 4 new permissions