Appearance
Navigation & Permissions
PinkApple ERP uses a permission-driven navigation system. The sidebar menus, available pages, and actions you see are determined entirely by the permissions assigned to your role.
Sidebar Structure
The sidebar uses a three-level hierarchy:
Level 1 (L1) — Top-level modules
├── Level 2 (L2) — Sections within a module
│ └── Level 3 (L3) — Pages/features within a sectionExample:
Administration (L1)
├── General Setup (L2)
│ ├── Organisation Details (L3)
│ ├── Business Units & Types (L3)
│ ├── Client & Group Types (L3)
│ └── Configurations (L3)
├── Financial Setup (L2)
│ ├── Currency (L3)
│ ├── Fiscal Calendar (L3)
│ └── Pricing (L3)
└── Accounting (L2)
├── Chart of Accounts (L3)
└── GL Posting Rules (L3)How Permissions Map to Navigation
Each permission level corresponds to a sidebar level:
| Permission Level | Sidebar Level | Controls |
|---|---|---|
permission_level_1 | L1 — Module | Whether the module appears in the sidebar |
permission_level_2 | L2 — Section | Whether the section appears under the module |
permission_level_3 | L3 — Page | Whether the page appears under the section |
permissions_name | Actions | What actions the user can perform (VIEW, CREATE, EDIT, DELETE, APPROVE) |
If a user's role does not include any L3 permissions under an L2 section, that section is hidden. If no L2 sections are visible, the entire L1 module is hidden.
Main Modules
The following L1 modules are available (depending on your service and permissions):
| Module | Icon | Description |
|---|---|---|
| Dashboard | 📊 | Home page with KPIs, approval items, and recent activity |
| Administration | ⚙️ | General setup, financial setup, accounting setup, products, access control, custom fields |
| Accounting | 💰 | GL journals, reconciliation, financial reports, back-office posting |
| Clients | 👥 | Individual clients and client groups |
| Deposit Accounts | 💵 | Deposit account operations, blocked funds, holds, mandates |
| Loan Accounts | 💳 | Loan applications and account management |
| Shares | 📈 | Share accounts, transactions, dividends, meetings |
| Assets | 🏗️ | Asset register, transactions, depreciation, CIP, compliance |
| HR | 👤 | Employees, leave, payroll, performance, separation |
| Reporting | 📋 | Run reports, snapshots, presets, schedules |
| Communication | ✉️ | Documents and messages |
Service Switcher
If you have access to multiple business units (potentially across multiple services), the Service Switcher appears in the sidebar.
Using the Service Switcher
- Click on the current business unit name in the sidebar header
- A dropdown appears showing all your available business units, grouped by business unit type
- If you have more than 5 business units, a search bar appears at the top
- Select the business unit you want to switch to
When you switch:
- The sidebar navigation updates to reflect the new service context
- The active business unit changes, affecting which data you can see
- Your permissions may change if different roles are assigned in different business units
TIP
The business unit type name appears as a group header in the switcher. If your admin has configured service display names, those custom names will appear instead of the default service names.
Route Guard
PinkApple enforces permissions at the route level. If you try to navigate to a URL you don't have permission to access:
- The system checks your permission tree against the URL path
- If access is denied, you're redirected to your default route (usually the Dashboard)
- This happens transparently — you won't see an error page
Public Routes
Some routes are accessible without authentication:
- Landing page (
/) - Privacy policy (
/privacy-policy) - Services page (
/services) - Company registration (
/register-company) - Login page (
/c/{alias}/auth/login)
Permission Types
Within each L3 page, individual permissions control specific actions:
| Permission | Meaning |
|---|---|
VIEW_* | Can see the page and its data |
CREATE_* | Can create new records |
EDIT_* / UPDATE_* | Can modify existing records |
DELETE_* | Can delete records |
APPROVE_* | Can approve pending records |
LIST_* | Can list/browse records |
RUN_* | Can execute operations (e.g., run reports) |
INFO
Permissions are additive. A user with no permissions sees nothing. Each permission explicitly grants access to a specific capability.