Cashier Roles & Permissions
HandyCafe uses role-based access control (RBAC) to manage what each staff member can see and do within the system. Every cashier is assigned a role and that role determines their exact permissions across the entire application.
Role Types
HandyCafe provides three types of roles:
Admin
The Admin role grants unrestricted access to every feature in the system. Admins can manage cashiers, view all reports, modify settings, and perform any operation. This role is intended for cafe owners and senior managers who need full control.
There is always at least one Admin account in the system. The Admin role cannot be deleted or have its permissions reduced.
Default
The Default role has no special permissions assigned. A cashier with the Default role can log in and perform basic operations but cannot access restricted areas like member management, reporting, or console configuration. Use this as a starting point for new hires who only need to handle basic tasks.
Custom
Custom roles allow you to define exactly which permissions a cashier has. You pick a name, set a level, and then check or uncheck individual permission flags across six categories. This gives you fine-grained control over what each staff member can access.
Permission Categories
HandyCafe has 22 individual permission flags organized into 6 categories. Each flag controls a specific action or view within the system.
1. Authentication (1 flag)
| Flag | Description |
|---|---|
| CLIENT_LOGIN | Allows the cashier to log in client PCs (start sessions on behalf of customers) |
Without this permission, a cashier cannot start or manage client sessions.
2. Members (6 flags)
| Flag | Description |
|---|---|
| VIEW | See the members list and member details |
| ADD | Create new member accounts |
| DELETE | Remove member accounts from the system |
| UPDATE | Edit existing member information (name, balance, etc.) |
| DISPLAY_EMAIL | View member email addresses in the members list |
| DISPLAY_GSM | View member phone numbers in the members list |
A cashier with only VIEW can browse the members list but cannot create, edit, or remove any member. The DISPLAY_EMAIL and DISPLAY_GSM flags control whether sensitive contact information is visible. This is useful for privacy compliance where not all staff should see personal data.
3. Consoles (4 flags)
| Flag | Description |
|---|---|
| VIEW | See the consoles page and console status cards |
| ADD | Register new gaming consoles in the system |
| DELETE | Remove consoles from the system |
| UPDATE | Edit console details (name, MAC address, pricing) |
4. Logs (4 flags)
| Flag | Description |
|---|---|
| VIEW | Access the logs page |
| DISPLAY_FULL | View the complete log history (all dates) |
| DISPLAY_TODAY | View only today's log entries |
| DELETE | Delete log entries |
If a cashier has VIEW and DISPLAY_TODAY but not DISPLAY_FULL, they can only see log entries from the current day. This is useful for shift supervisors who need to monitor current activity without accessing historical records.
5. Reports (3 flags)
| Flag | Description |
|---|---|
| PAGE_VIEW | Access the reports/cash report page |
| DISPLAY_FULL | View the complete report history (all dates) |
| DISPLAY_TODAY | View only today's report data |
Similar to logs, report permissions let you control whether staff can see full financial history or only the current day's figures. A cashier with PAGE_VIEW and DISPLAY_TODAY can review their own shift's transactions but cannot access historical revenue data.
6. Payment Methods (4 flags)
| Flag | Description |
|---|---|
| MANAGE | Access the payment methods management area |
| ADD | Create new payment methods (cash, card, mobile payment, etc.) |
| DELETE | Remove payment methods from the system |
| UPDATE | Edit existing payment method details |
Summary
| Category | Flags | Total |
|---|---|---|
| Authentication | CLIENT_LOGIN | 1 |
| Members | VIEW, ADD, DELETE, UPDATE, DISPLAY_EMAIL, DISPLAY_GSM | 6 |
| Consoles | VIEW, ADD, DELETE, UPDATE | 4 |
| Logs | VIEW, DISPLAY_FULL, DISPLAY_TODAY, DELETE | 4 |
| Reports | PAGE_VIEW, DISPLAY_FULL, DISPLAY_TODAY | 3 |
| Payment Methods | MANAGE, ADD, DELETE, UPDATE | 4 |
| Total | 22 |
How Permissions Work
Each permission category has a set of individual permission flags. Each flag can be enabled or disabled independently using checkboxes in the role editor.
The UI provides checkboxes for each permission. Simply check or uncheck the permissions you want to grant or revoke. The system handles the underlying storage automatically -- you do not need to calculate any values manually.
For example, in the Members category, you can independently enable or disable: VIEW, ADD, DELETE, UPDATE, DISPLAY_EMAIL, and DISPLAY_GSM. A cashier with only VIEW and UPDATE checked can see and edit members, but cannot add or delete them.
Creating a Cashier Account
- Navigate to Management > Cashiers in the server application.
- Click the Add Cashier button.
- Enter the cashier's username. This is what they will use to log in.
- Set a password. Choose a strong password. This account may have access to financial data and customer information.
- Select a role from the dropdown. You can choose Admin, Default, or any custom role you have created.
- Click Save to create the account.
The new cashier can now log in to the HandyCafe server using their credentials.
Creating a Custom Role
- Navigate to Management > Cashier Roles in the server application.
- Click the Add Role button.
- Enter a role name (e.g., "Shift Supervisor", "Junior Cashier", "Night Staff").
- Set the role level. Higher levels indicate more authority. This is used for display ordering and organizational hierarchy.
- Check or uncheck individual permissions across all six categories. Each checkbox corresponds to one of the 22 permission settings.
- Click Save to create the role.
Once created, you can assign this role to any cashier account.
Backend Enforcement
Permissions are enforced on the server side, not just hidden in the UI. Even if someone were to bypass the client interface or manipulate the frontend code, the server validates every request against the cashier's role permissions before executing it.
This means:
- A cashier without MEMBER_DELETE cannot delete a member, even by sending a direct API request.
- A cashier without REPORT_DISPLAY_FULL cannot retrieve historical report data, regardless of how they access the system.
- All permission checks happen in the Rust backend before any database operation is performed.
Security: Rate Limiting
To protect against brute-force attacks, HandyCafe enforces login rate limiting:
- 5 failed login attempts within a 10-minute window triggers an automatic lockout.
- The lockout lasts 15 minutes, during which no login attempts are accepted for that account.
- After the lockout period expires, the cashier can try again.
This applies to both the server login screen and the cashier login on client PCs.
Shift Management
Each cashier's activity is tracked individually throughout their shift:
- All transactions (session payments, order payments, etc.) are recorded with the cashier's identity.
- The cash register tracks the opening and closing balance for each cashier's shift separately.
- Shift reports can be generated per cashier, showing exactly how much revenue they processed during their shift.
- When a cashier logs out, their shift is closed and a summary is available for review.
This per-cashier tracking ensures accountability and makes it easy to identify discrepancies at the end of each shift.
Permission Examples
Scenario 1: Basic Cashier A new hire who only needs to start/stop sessions and take payments. Assign them a custom role with only CLIENT_LOGIN enabled. They cannot view members, reports, logs, or consoles.
Scenario 2: Shift Supervisor A trusted employee who oversees the floor. Assign them a role with CLIENT_LOGIN, MEMBER_VIEW, MEMBER_UPDATE, CONSOLE_VIEW, REPORT_PAGE_VIEW, and REPORT_DISPLAY_TODAY. They can manage sessions, view (but not delete) members, see consoles, and check today's revenue but cannot access full historical reports or modify payment methods.
Scenario 3: Night Manager A manager who handles the late shift independently. Give them most permissions except MEMBER_DELETE, LOG_DELETE, and PAYMENT_METHOD_DELETE. They can manage everything during their shift but cannot permanently remove critical data.
Scenario 4: Privacy-Restricted Staff A cashier who should not see customer contact details. Create a role with MEMBER_VIEW enabled but DISPLAY_EMAIL and DISPLAY_GSM disabled. They can look up members by name but personal contact information is hidden.