User Management

This document covers the user management functionality within the Hotelaro hotel management system, specifically focusing on customer management operations. The system provides comprehensive CRUD operations for managing customer data with multi-tenant isolation and role-based permissions.

Note: This page documents customer management functionality. For employee management and administrative user roles, see Authentication & Security.

System Overview

The user management system in Hotelaro is built around a modular architecture that handles customer data management with multi-tenant support. Each hotel property maintains its own isolated customer database through the admin_uid filtering mechanism.

Core Infrastructure

Database Layer

Customer Management System

Customer Controller
(Customer.php)

CustomerModel
(CustomerModel.php)

Customer Views
(content.php, customerlist.php)

Frontend JavaScript
(frontjavascript.php)

hotel_booking_clients table

permissionvaluecheck()

session()->get('uid')

csrf_hash()
    

Customer Management Module

The customer management system provides a complete interface for managing customer information including personal details, contact information, and geographical data. The system is located in the Core\\Customer namespace and follows the MVC pattern.

Core Components

The customer module configuration is defined in Config.php and referenced throughout the system using $this->config['id'] for permission checking and routing.

Database Schema

The customer data is stored in the hotel_booking_clients table with the following key fields:

hotel_booking_clients
int
id
PK
string
uid
Unique customer ID (CUS001, CUS002, etc)
int
admin_uid
Multi-tenant isolation key
string
c_name
Customer full name
string
c_email
Email address
string
c_phone
Phone number
string
c_address
Street address
string
c_country
Country
string
c_state
State/Province
string
c_city
City
string
c_zip
Postal code
string
password
Hashed password
    

Multi-Tenant Isolation

The system uses admin_uid for tenant isolation, ensuring each hotel property only sees its own customers. This is implemented in the model's getSearchAll() method:

$builder = $this->db->table('hotel_booking_clients')->where('admin_uid', $this->session->get('uid'));
    

The uid field follows the pattern CUS001, CUS002, etc., generated using the idbyorder() helper function.

CRUD Operations

The customer management system implements full CRUD (Create, Read, Update, Delete) functionality with proper permission checking and validation.

Model Operations

Model Operations

Permission Checks

Customer CRUD Flow

index() - List customers

add() - Show add form

edit(id) - Show edit form

datasetup() - Process form

deleteit() - Delete customer

get() - Fetch customer data

permissionvaluecheck('view')

permissionvaluecheck('create')

permissionvaluecheck('edit')

permissionvaluecheck('delete')

getSearchAll(searchMain)

insertit(data)

updateit(id, data)

deleteit(id)

getById(id)
    

Create Operation

The create operation involves form validation, unique ID generation, and password hashing:

• Route: /customer/add → add() method
• Form Processing: /customer/datasetup → datasetup() method
• Validation Rules: c_name, c_email, c_phone are required fields
• ID Generation: Uses idbyorder('hotel_booking_clients', $uid, "CUS", "uid")
• Password: Default password 123456 is hashed with PASSWORD_BCRYPT

Read Operations

The system provides multiple read operations:

• List View: index() method displays paginated customer list
• Search: customersearch() method handles customer search with ID prefix handling
• Filtering: Supports field-based filtering through the search system

Update Operation

• Route: /customer/edit/{id} → edit($id) method
• Processing: Same datasetup() method handles both create and update
• Validation: Checks if record exists before updating

Delete Operation

• Route: /customer/deleteit → deleteit() method
• Permission: Requires delete permission
• Response: Returns JSON success/error response

Frontend Interface

The frontend interface consists of two main views: a list view for displaying customers and a form view for adding/editing customer information.

Customer List View

The customer list (customerlist.php) provides:

• Paginated table display with sortable columns
• Search functionality
• Add new customer button
• Edit/delete actions for each row
• Responsive design with Bootstrap classes

Key table columns: Sr-No, ID, Customer name, Email, Phone, State, City, Country, Action

Customer Form View

The customer form (content.php) includes:

• Personal Information: Full name, email, phone
• Address Details: Street address, country, state, city, postal code
• Geographical Selectors: Cascading dropdown for country → state → city
• Form Validation: Required field indicators with red asterisks
• Submit Actions: Save and Reset buttons

JavaScript Interactions

The frontend JavaScript (frontjavascript.php) handles:

Backend Endpoints

User Interactions

Frontend JavaScript Functions

ajaxSend(page, alldata, routeurl, masterkey, pagelimit)

joinmainData(arrayhere, divID)

joinpagiData(dataObject, divID)

deletetr click handler

#searching click

#rowSelect click

#filtering click

#reseting click

.pagechange click

.deletetr click

/customer/get

/customer/deleteit

AJAX Data Loading: Dynamic table population without page refresh
Pagination: Click handlers for page navigation
Search & Filtering: Real-time search and multi-field filtering
Row Management: Inline edit/delete actions
Local Storage: Remembers user's preferred page size setting
    

Permission System

The customer management system implements role-based access control through the permissionvaluecheck() function. Each CRUD operation requires specific permissions:

Permission failures result in:

• AJAX requests: JSON error response with message
• Page requests: Flash message and redirect to customer list

The permission system uses the module configuration ID ($this->config['id']) to determine the specific permission context for the customer module.