Appearance
Permissions Matrix
Complete permission breakdown for the two public-facing roles: Admin and Seller.
REST API Permissions (Token Scopes)
Both Admin and Seller tokens can be scoped with these permissions:
| Scope | Admin | Seller |
|---|---|---|
CREATE LEADS | ✅ | ✅ |
VIEW LEADS | ✅ | ✅ |
UPDATE LEADS | ✅ | ✅ |
DELETE LEADS | ✅ | ✅ |
CREATE ORDERS | ✅ | ✅ |
VIEW ORDERS | ✅ | ✅ |
UPDATE ORDERS | ✅ | ✅ |
DELETE ORDERS | ✅ | ✅ |
Dashboard Permissions — Admin
Admins have full CRUD access to most resources.
Core Resources
| Resource | View | Create | Update | Delete | Export | Import |
|---|---|---|---|---|---|---|
| Products | ✅ | ✅ | ✅ | ✅ | — | — |
| Stocks | ✅ | ✅ | ✅ | ✅ | — | — |
| Warehouses | ✅ | ✅ | ✅ | ✅ | — | — |
| Categories | ✅ | ✅ | ✅ | ✅ | — | — |
| Leads | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Orders (all statuses) | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Shipping Companies | ✅ | ✅ | ✅ | ✅ | ✅ | — |
| Call Centers | ✅ | ✅ | ✅ | ✅ | — | — |
| Invoices | ✅ | ✅ | ✅ | ✅ | — | — |
| Sourcings | ✅ | ✅ | ✅ | ✅ | — | — |
| Marketplace Products | ✅ | ✅ | ✅ | ✅ | — | — |
| Marketplace Stocks | ✅ | ✅ | ✅ | ✅ | — | — |
| Notifications | ✅ | ✅ | — | ✅ | — | — |
User Management
| User Role | View | Create | Update | Activate/Deactivate |
|---|---|---|---|---|
| Admins | ✅ | ✅ | ✅ | ✅ |
| Manager Leaders | ✅ | ✅ | ✅ | ✅ |
| Managers | ✅ | ✅ | ✅ | — |
| Sellers | ✅ | ✅ | ✅ | ✅ |
| Agents | ✅ | ✅ | ✅ | — |
| Sourcing Agents | ✅ | ✅ | ✅ | — |
| Stock Managers | ✅ | ✅ | ✅ | — |
| Call Center Managers | ✅ | ✅ | ✅ | — |
| Deliveries | ✅ | ✅ | ✅ | — |
| Follow-Up Agents | ✅ | ✅ | ✅ | — |
Geography
| Resource | View | Create | Update | Delete |
|---|---|---|---|---|
| Cities | ✅ | ✅ | ✅ | ✅ |
| Areas | ✅ | ✅ | ✅ | ✅ |
Statistics
| Stat Type | Access |
|---|---|
| Lead Statistics | ✅ |
| Order Statistics | ✅ |
| Agent Statistics | ✅ |
| Agent Call Statistics | ✅ |
| Product Statistics | ✅ |
| Product Stock Statistics | ✅ |
| Profit Statistics | ✅ |
Special Operations
| Operation | Access |
|---|---|
| Push orders to shipping company | ✅ |
| Assign orders to delivery | ✅ |
| Mark orders (shipped/delivered/returned/canceled) | ✅ |
| Generate tracking labels | ✅ |
| Renew orders | ✅ |
| Login as user (impersonation) | ✅ |
| Assign products to sellers/agents | ✅ |
| Stock increment/decrement | ✅ |
| Invoice paid/cancel actions | ✅ |
Dashboard Permissions — Seller
Sellers have read-heavy access with limited write capabilities.
Core Resources
| Resource | View | Create | Update | Delete | Export | Import |
|---|---|---|---|---|---|---|
| Products | ✅ | — | ✅ (limited) | — | — | — |
| Stocks | ✅ | — | — | — | — | — |
| Leads | ✅ | ✅ | — | ✅ | ✅ | ✅ |
| Orders (all statuses) | ✅ | ✅ | — | — | ✅ | — |
| Marketplace Products | ✅ | — | — | — | — | — |
| Invoices | ✅ | — | — | — | — | — |
| Sourcings | ✅ | ✅ | — | — | — | — |
Seller Product Updates
Sellers can only update: status, free_shipping, landing_page_url, and script fields.
Team Management
| Resource | View | Create | Update | Delete |
|---|---|---|---|---|
| Team Members | ✅ | ✅ | ✅ | — |
Statistics
| Stat Type | Access |
|---|---|
| Lead Statistics | ✅ |
| Order Statistics | ✅ |
| Product Statistics | ✅ |
Integrations
| Application | Access |
|---|---|
| Google Sheets | ✅ (full CRUD + sync) |
| YouCan | ✅ (full CRUD) |
| LightFunnels | ✅ (full CRUD) |
Settings
| Setting | Access |
|---|---|
| API Keys | ✅ (generate, list, delete) |
| Webhooks | ✅ (configure outgoing) |
| Profile | ✅ (update) |
| Payment Methods | ✅ (update bank/PayPal) |
Permission Enforcement
Permissions are enforced at multiple levels:
- Route middleware — Role checks before reaching the controller
- Form Request authorization —
authorize()method validatescan()policies ortokenCan()scopes - Policy classes — Laravel policies for resource-level CRUD authorization
- Account scoping — All queries are automatically scoped to the user's account (except system admins)