Appearance
Users and Preferences
| Backlog field | Value |
|---|---|
| Story ID | AP-SHR-006 |
| Epic | Shared Platform |
| Story type | Business workflow |
| Review status | Draft - business analyst and business owner review required |
| Source evidence | AppsPortal.Apis controller, application command/query handlers, validators, domain entities, and matching MFE workflow where available |
| Last source review | 2026-07-10 |
User story
As AppsPortal users, I want to load my identity, branch context, language, and display preferences so that the application behaves consistently for my working context.
Acceptance criteria
- Only authorized users can view or execute the feature's actions.
- Required business data, active dependencies, tenant/branch scope, and current document state are validated.
- Invalid requests return actionable validation errors without applying a partial change.
- Search, list, view, print, and export operations use the same authorized business scope.
- Material create, edit, status, approval, posting, reversal, and integration actions are auditable where applicable.
- Financial or stock effects are applied atomically and no more than once.
Business rules
Required
Authenticated user and valid company/branch membership are required.
Optional or conditional
Language, default branch, layout, table, and display preferences are optional.
Action behavior
Preference Save changes only that user's future experience and no business record/GL.
Blocking rule or downstream effect
Security/role/branch authorization cannot be overridden by a preference.
Frontend page coverage
The following UI coverage is sourced from the pulled MFE route configuration. A Module-level supporting artifact mapping is evidence of a reachable screen, but requires BA confirmation that it belongs to this story rather than a more specific feature story.
| Route/page | Component | Mode | Route permission/guard | Mapping confidence | Source |
|---|---|---|---|---|---|
| users/:id | UsersComponent | View/detail | Guards: AuthGuard | Feature token match | apps/bussinessOwners/src/app/remote-entry/modules/user/user.module.ts:21 |
| users/bouserdetails/:id | bouserdetails | View/detail | Guards: AuthGuard | Feature token match | apps/bussinessOwners/src/app/remote-entry/modules/user/user.module.ts:29 |
| users/userconfirmation/:id | AcceptUserInviteComponent } | View/detail | No route-level permission/guard found in source window | Feature token match | apps/bussinessOwners/src/app/remote-entry/routes.ts:26 |
Observed frontend fields and validation
| Component | Control | Observed frontend rule | Component source |
|---|---|---|---|
| - | - | No reactive formControlName controls were found for the routed components; review template-driven/shared child components. | Route sources above |
Observed frontend actions
| Component | Click action/handler | Business review requirement | Component source |
|---|---|---|---|
| AcceptUserInviteComponent | acceptInvitation | Document the enabled state, permission, input context, resulting API or navigation effect, success refresh, and concrete failure behavior for this handler. | apps/bussinessOwners/src/app/remote-entry/modules/user/pages/accept-user-invite/accept-user-invite.component.ts |
| UsersComponent | changed | Document the enabled state, permission, input context, resulting API or navigation effect, success refresh, and concrete failure behavior for this handler. | apps/bussinessOwners/src/app/remote-entry/modules/user/pages/user-list/users.component.ts |
| UsersComponent | command | Document the enabled state, permission, input context, resulting API or navigation effect, success refresh, and concrete failure behavior for this handler. | apps/bussinessOwners/src/app/remote-entry/modules/user/pages/user-list/users.component.ts |
| UsersComponent | deAttachUser | Document the enabled state, permission, input context, resulting API or navigation effect, success refresh, and concrete failure behavior for this handler. | apps/bussinessOwners/src/app/remote-entry/modules/user/pages/user-list/users.component.ts |
| UsersComponent | editUser | Open the identified editable record only with Edit permission; posted/locked records remain blocked by route or action state and list context must be recoverable on return. | apps/bussinessOwners/src/app/remote-entry/modules/user/pages/user-list/users.component.ts |
| UsersComponent | openInviteModal | Document the enabled state, permission, input context, resulting API or navigation effect, success refresh, and concrete failure behavior for this handler. | apps/bussinessOwners/src/app/remote-entry/modules/user/pages/user-list/users.component.ts |
| UsersComponent | removeUser | Available only in deletable states with Delete permission; identify the record in confirmation, call delete once, remove/refresh the list row on success, and retain the row with the API reason on failure. | apps/bussinessOwners/src/app/remote-entry/modules/user/pages/user-list/users.component.ts |
| UsersComponent | resendInvitation | Document the enabled state, permission, input context, resulting API or navigation effect, success refresh, and concrete failure behavior for this handler. | apps/bussinessOwners/src/app/remote-entry/modules/user/pages/user-list/users.component.ts |
| UsersComponent | showMenu | Document the enabled state, permission, input context, resulting API or navigation effect, success refresh, and concrete failure behavior for this handler. | apps/bussinessOwners/src/app/remote-entry/modules/user/pages/user-list/users.component.ts |
Page-specific frontend acceptance criteria
- users/:id - View/detail: Load an authorized immutable/detail representation with status-aware actions, linked records, print/export where exposed, and not-found/forbidden handling. Security observed: Guards: AuthGuard
- users/bouserdetails/:id - View/detail: Load an authorized immutable/detail representation with status-aware actions, linked records, print/export where exposed, and not-found/forbidden handling. Security observed: Guards: AuthGuard
- users/userconfirmation/:id - View/detail: Load an authorized immutable/detail representation with status-aware actions, linked records, print/export where exposed, and not-found/forbidden handling. Security observed: No route-level permission/guard found in source window