Skip to content

Users and Preferences

Backlog fieldValue
Story IDAP-SHR-006
EpicShared Platform
Story typeBusiness workflow
Review statusDraft - business analyst and business owner review required
Source evidenceAppsPortal.Apis controller, application command/query handlers, validators, domain entities, and matching MFE workflow where available
Last source review2026-07-10

User story

As AppsPortal users, I want to load my identity, branch context, language, and display preferences so that the application behaves consistently for my working context.

Acceptance criteria

  1. Only authorized users can view or execute the feature's actions.
  2. Required business data, active dependencies, tenant/branch scope, and current document state are validated.
  3. Invalid requests return actionable validation errors without applying a partial change.
  4. Search, list, view, print, and export operations use the same authorized business scope.
  5. Material create, edit, status, approval, posting, reversal, and integration actions are auditable where applicable.
  6. Financial or stock effects are applied atomically and no more than once.

Business rules

Required

Authenticated user and valid company/branch membership are required.

Optional or conditional

Language, default branch, layout, table, and display preferences are optional.

Action behavior

Preference Save changes only that user's future experience and no business record/GL.

Blocking rule or downstream effect

Security/role/branch authorization cannot be overridden by a preference.

Frontend page coverage

The following UI coverage is sourced from the pulled MFE route configuration. A Module-level supporting artifact mapping is evidence of a reachable screen, but requires BA confirmation that it belongs to this story rather than a more specific feature story.

Route/pageComponentModeRoute permission/guardMapping confidenceSource
users/:idUsersComponentView/detailGuards: AuthGuardFeature token matchapps/bussinessOwners/src/app/remote-entry/modules/user/user.module.ts:21
users/bouserdetails/:idbouserdetailsView/detailGuards: AuthGuardFeature token matchapps/bussinessOwners/src/app/remote-entry/modules/user/user.module.ts:29
users/userconfirmation/:idAcceptUserInviteComponent }View/detailNo route-level permission/guard found in source windowFeature token matchapps/bussinessOwners/src/app/remote-entry/routes.ts:26

Observed frontend fields and validation

ComponentControlObserved frontend ruleComponent source
--No reactive formControlName controls were found for the routed components; review template-driven/shared child components.Route sources above

Observed frontend actions

ComponentClick action/handlerBusiness review requirementComponent source
AcceptUserInviteComponentacceptInvitationDocument the enabled state, permission, input context, resulting API or navigation effect, success refresh, and concrete failure behavior for this handler.apps/bussinessOwners/src/app/remote-entry/modules/user/pages/accept-user-invite/accept-user-invite.component.ts
UsersComponentchangedDocument the enabled state, permission, input context, resulting API or navigation effect, success refresh, and concrete failure behavior for this handler.apps/bussinessOwners/src/app/remote-entry/modules/user/pages/user-list/users.component.ts
UsersComponentcommandDocument the enabled state, permission, input context, resulting API or navigation effect, success refresh, and concrete failure behavior for this handler.apps/bussinessOwners/src/app/remote-entry/modules/user/pages/user-list/users.component.ts
UsersComponentdeAttachUserDocument the enabled state, permission, input context, resulting API or navigation effect, success refresh, and concrete failure behavior for this handler.apps/bussinessOwners/src/app/remote-entry/modules/user/pages/user-list/users.component.ts
UsersComponenteditUserOpen the identified editable record only with Edit permission; posted/locked records remain blocked by route or action state and list context must be recoverable on return.apps/bussinessOwners/src/app/remote-entry/modules/user/pages/user-list/users.component.ts
UsersComponentopenInviteModalDocument the enabled state, permission, input context, resulting API or navigation effect, success refresh, and concrete failure behavior for this handler.apps/bussinessOwners/src/app/remote-entry/modules/user/pages/user-list/users.component.ts
UsersComponentremoveUserAvailable only in deletable states with Delete permission; identify the record in confirmation, call delete once, remove/refresh the list row on success, and retain the row with the API reason on failure.apps/bussinessOwners/src/app/remote-entry/modules/user/pages/user-list/users.component.ts
UsersComponentresendInvitationDocument the enabled state, permission, input context, resulting API or navigation effect, success refresh, and concrete failure behavior for this handler.apps/bussinessOwners/src/app/remote-entry/modules/user/pages/user-list/users.component.ts
UsersComponentshowMenuDocument the enabled state, permission, input context, resulting API or navigation effect, success refresh, and concrete failure behavior for this handler.apps/bussinessOwners/src/app/remote-entry/modules/user/pages/user-list/users.component.ts

Page-specific frontend acceptance criteria

  1. users/:id - View/detail: Load an authorized immutable/detail representation with status-aware actions, linked records, print/export where exposed, and not-found/forbidden handling. Security observed: Guards: AuthGuard
  2. users/bouserdetails/:id - View/detail: Load an authorized immutable/detail representation with status-aware actions, linked records, print/export where exposed, and not-found/forbidden handling. Security observed: Guards: AuthGuard
  3. users/userconfirmation/:id - View/detail: Load an authorized immutable/detail representation with status-aware actions, linked records, print/export where exposed, and not-found/forbidden handling. Security observed: No route-level permission/guard found in source window

Internal Documentation — Microtec