User Roles & Permissions
CruiseAppy defines several user roles, each with specific permissions to ensure secure and efficient operation of the platform. Roles and permissions are enforced both in the WordPress backend and within the CruiseAppy plugin features.
Roles Overview
| Role | Description | Key Permissions |
|---|---|---|
| Admin | Full access to all system features and settings. | Manage users, settings, bookings, payments, reports |
| Agent | Handles cruise bookings and customer management. | Create/edit bookings, manage customers, view reports |
| Customer | End user who searches, books, and manages their own cruises. | Search cruises, book, view/manage own bookings |
| API User | System/service account for API integrations and automation tasks. | Access API endpoints, import/export data |
Permissions Matrix
| Feature/Action | Admin | Agent | Customer | API User |
|---|---|---|---|---|
| Access Dashboard | ✓ | ✓ | ||
| Manage Users | ✓ | |||
| Manage Bookings | ✓ | ✓ | ✓* | ✓ |
| Manage Payments | ✓ | ✓ | ✓* | ✓ |
| View Reports | ✓ | ✓ | ✓ | |
| Access API | ✓ | ✓ | ||
| Import/Export Data | ✓ | ✓ | ||
| Configure Settings | ✓ | |||
| Search Cruises | ✓ | ✓ | ✓ | ✓ |
| Manage Own Profile | ✓ | ✓ | ✓ |
*Customers can only manage their own bookings and payments.
Notes
- Permissions are enforced via WordPress capabilities and custom plugin logic.
- Additional roles or customizations can be added via WordPress or plugin extensions.
- API users are typically used for integrations, automation, or data sync tasks.