QuickBillInvoice · QBI Enterprise
Inventory Management Platform
Modular SaaS + PaaS UI with tenant isolation boundaries, dual RBAC ladders, role dashboards (widgets + mock telemetry), workbench pages per feature, and expansion hooks for SignalR, CQRS APIs, and future modules.
Platform dashboards
Super Admin through User views for global SaaS/PaaS operations.
Open area →Client dashboards
Tenant-scoped hierarchy: Client Super Admin down to Client User.
Open area →Inventory operations
Products, warehouses, transfers, purchases, sales, returns, and tracking.
Open area →SaaS control plane
Subscriptions, billing, onboarding, branding, and feature gates.
Open area →PaaS extensions
Environments, API management, webhooks, plugins, and integrations.
Open area →Security & reports
RBAC, audit trails, analytics, and scheduled exports.
Open area →Organization
Tenant users, departments, workflows, branding.
Open area →Platform control
Tenants, global analytics, billing console, gateway.
Open area →Future modules
HRMS, CRM, payroll, ERP, IoT marketplace slots.
Open area →Requirements coverage (this Angular app)
“Implemented” below means routes + responsive UI patterns + mock data. Backend (.NET), JWT/MFA, Redis, gateways, payment processors, and mobile shells still require integration.
| Area | UI shell | Backend / infra |
|---|---|---|
| Multi-tenant / single-tenant modes | Tenant context service + deployment signal (demo) | Database isolation, tenant resolver middleware |
| Dual RBAC + 8 dashboards | Yes — separate components in QBI/Internal vs QBI/Client | JWT claims, policy handlers, row-level security |
| Inventory / SaaS / PaaS modules | Yes — workbench + exports + tables per route | CQRS, domain services, webhooks, billing APIs |
| Auth (login, MFA, sessions, audit) | Existing QBI Auth pages; enterprise role→dashboard helper added | .NET Identity, MFA, device/session stores |
| REST + real-time | Integration tab stubs on workbench pages | SignalR hubs, API gateway, rate limits |
| Security (encryption, GDPR, DR) | Yes — dedicated routes under /security/* | KMS, legal holds, backup automation |
| Advanced (AI, OCR, offline…) | Yes — routes under /advanced/* | ML pipelines, scanner SDKs, job runners |
| Future modules (HRMS, CRM…) | Yes — /future/* placeholders | Optional bounded contexts / plugins |
RBAC tiers, SaaS/PaaS catalog & internal (platform) parity
Implemented here means routes + responsive UI (often mock data). Internal = platform operator surfaces under QBI/Internal and /platform/* — not the tenant green “Client” banner. Enforcement (JWT policies, row-level security, payment gateways, SignalR, MFA) is backend work.
| Requirement area | Tenant (client) UI | Platform (internal) UI | Gap / next step |
|---|---|---|---|
| Regular user — assigned inventory, tasks, requests, personal metrics | Client User dashboard + /inventory/* feature pages; Advanced → Approvals / Notifications | Platform User dashboard — operational queue (support/SRE) | Hide unrelated nav via JWT claims; task inbox API |
| Manager — team performance, approvals, dept inventory, analytics, reports | Client Manager dashboard + Reports + inventory routes | Platform Manager dashboard + new /platform/workforce-productivity | Wiring manager hierarchy from directory service |
| Admin — org-wide inventory, departments/wh, permissions, workflows, advanced analytics | Client Admin dashboard + Organization + Admin + Reports | Platform Admin dashboard + tenants + RBAC oversight | Department-scoped data filters on APIs |
| Super Admin — full tenant control | Client Super Admin dashboard + SaaS admin routes | Platform Super Admin + all /platform/* including billing & gateway | Tenant admin vs platform admin separation in tokens |
| SaaS — plans, billing, trials, usage, onboarding, branding, feature gates, payments, invoices, usage analytics | /saas/* tenant screens | /platform/billing-console, global analytics; tenant billing drill-down | Stripe (or PSP) + webhook reconciliation APIs |
| PaaS — environments, API mgmt, plugins, SDKs, webhooks, integrations, deploys, DB isolation, workflow builder | N/A (tenant consumes APIs) | /paas/* internal workbench components | Provisioning workers & IaC hooks |
| Advanced — AI forecast, OCR, docs, search, timeline, approvals, dynamic forms/ACLs, i18n/currency, theme, offline, exports | /advanced/* | Same patterns available to impersonation / support flows | Job runners & storage backends |
| Reporting & analytics — live dashboards, movement, user perf, sales/purchase, warehouse, financial, custom, scheduled, downloads | /reports/* | /platform/global-analytics + cross-tenant operational routes | Report scheduler service & blob delivery |
| Security — encryption, tenant isolation, rate limits, IP/device, DR, audit, monitoring, GDPR, secure files | /admin/*, /security/* (tenant policies) | Same modules + platform gateway / abuse desks | KMS, WORM, SIEM connectors |
| Internal inventory oversight (cross-tenant) | Tenant inventory screens remain scoped to one org | New:/platform/inventory-operations (aggregate ops) | Federated queries + impersonation audit log |
| Technical — API gateway, Angular SPA, responsive admin, RBAC UI, dynamic menus, reusable components | Angular app + Enterprise shell + shared workbench/views; dark/light toggle in shell | Open: dynamic menus & route guards from JWT (sidebar lists all areas today) | |
| Future scalability — new modules / plugins | /future/* | PaaS plugins + tenant directory | Plugin contracts & sandbox isolation |
Backend alignment
Pair this UI with your .NET 10 Web API (Clean Architecture, MediatR, SignalR, Hangfire/Quartz, Redis). Use shared/utils/post-login-dashboard.ts when wiring login redirects by role claim.