Business Flow Diagrams
Yetki matrisi, tenant onboarding, kullanici davet akislari
Permission Matrix (K-002)
K-002Granuler yetki sistemi - Checkbox tabanli. Sabit roller (Admin/Editor/Viewer) YOK. Her kullanici icin ozel yetki politikasi.
flowchart TB
subgraph HIERARCHY["Yetki Atama Hiyerarsisi"]
SA["Super Admin
Platform Level"]
TA["Tenant Admin
Project Level"]
ED["Editor
User Level"]
end
subgraph ASSIGN["Yetki Atama"]
SA -->|"Tenant Admin olustur"| TA
TA -->|"Checkbox ile yetki ata"| ED
end
subgraph CATEGORIES["Yetki Kategorileri"]
STORE["Store
E-commerce"]
CMS["CMS
Icerik"]
CAMPAIGN["Kampanyalar"]
ADMIN["Yonetici"]
end
subgraph PERMS_STORE["Store Yetkileri"]
S1["Siparisleri goruntule"]
S2["Siparisleri duzenle"]
S3["Kargo yonetimi"]
S4["Urun fiyat duzenleme"]
end
subgraph PERMS_CMS["CMS Yetkileri"]
C1["Icerik goruntule"]
C2["Icerik duzenle"]
C3["Icerik olustur"]
C4["Icerik sil"]
end
subgraph PERMS_CAMP["Kampanya Yetkileri"]
K1["Kampanya goruntule"]
K2["Kampanya olustur"]
K3["Kampanya duzenle"]
end
subgraph PERMS_ADMIN["Yonetici Yetkileri"]
A1["Kullanici goruntule"]
A2["Kullanici olustur"]
A3["Kullanici duzenle"]
end
ED --> STORE & CMS & CAMPAIGN & ADMIN
STORE --> S1 & S2 & S3 & S4
CMS --> C1 & C2 & C3 & C4
CAMPAIGN --> K1 & K2 & K3
ADMIN --> A1 & A2 & A3
style SA fill:#8b5cf6,stroke:#7c3aed,color:#fff
style TA fill:#3b82f6,stroke:#2563eb,color:#fff
style ED fill:#0d9488,stroke:#0f766e,color:#fff
style CATEGORIES fill:#fef3c7,stroke:#f59e0b
Onemli Kurallar
- Sabit Rol YOK: Yonetici/Editor/Goruntuleyici gibi preset roller kullanilmayacak
- Checkbox Tabanli: Her yetki ayri checkbox ile atanir
- Tenant Bazli: Yetkiler tenant icinde gecerli
- Editor Kisitlamasi: Baska kullanici olusturma yetkisi YOK
- Tenant Admin: Sadece kendi tenant'indaki editor'lere yetki atayabilir
Yetki Kategorileri
Tenant Onboarding Flow
K-003Super Admin tarafindan yeni tenant olusturma ve Tenant Admin atama sureci.
sequenceDiagram
autonumber
actor SA as Super Admin
participant PD as Platform Dashboard
participant API as System API
participant SDB as system_db
participant TDB as tenant_xxx_db
participant SMS as SMS Service
actor TA as Tenant Admin
SA->>PD: Login (Phone + OTP)
PD->>SA: Platform Dashboard
rect rgb(240, 253, 244)
Note over SA,TDB: Tenant Olusturma
SA->>PD: "Yeni Tenant" butonuna tikla
PD->>SA: Tenant form goster
SA->>PD: Tenant bilgileri gir
(isim, domain, slug)
PD->>API: POST /tenants
API->>SDB: INSERT tenant record
API->>TDB: CREATE DATABASE tenant_xxx_db
API->>TDB: Run migrations
API-->>PD: Tenant created
end
rect rgb(254, 243, 199)
Note over SA,TA: Tenant Admin Atama
SA->>PD: "Tenant Admin Ekle" tikla
PD->>SA: Admin form goster
SA->>PD: Admin bilgileri gir
(telefon, ad soyad, email)
PD->>API: POST /tenants/{id}/admins
API->>SDB: INSERT user (role: tenant_admin)
API->>SMS: Send invitation SMS
SMS-->>TA: Davet SMS'i
end
rect rgb(219, 234, 254)
Note over TA,TDB: Tenant Admin Aktivasyon
TA->>PD: SMS linkine tikla
PD->>TA: OTP dogrulama
TA->>PD: OTP gir
PD->>API: POST /auth/otp/verify
API->>SDB: Activate user
API-->>PD: Session token
PD->>TA: Tenant Dashboard
end
Onboarding Adimlari
- 1-2: Super Admin platform'a giris yapar
- 3-8: Yeni tenant olusturulur, ayri database yaratilir
- 9-14: Tenant Admin atanir, SMS daveti gonderilir
- 15-20: Tenant Admin daveti kabul eder, OTP ile aktive olur
Database Isolation
| Database | Icerik | Erisim |
|---|---|---|
system_db |
Tenant kayitlari, Super Admin, platform config | Super Admin only |
tenant_xxx_db |
Tenant Admin, Editor, tenant verileri | Tenant Admin + Editor |
User Invitation Flow
K-003Tenant Admin tarafindan Editor davet etme ve yetki atama sureci.
sequenceDiagram
autonumber
actor TA as Tenant Admin
participant TD as Tenant Dashboard
participant API as Tenant API
participant TDB as tenant_xxx_db
participant SMS as SMS Service
actor ED as Editor
TA->>TD: Login (Phone + OTP)
TD->>TA: Tenant Dashboard
rect rgb(240, 253, 244)
Note over TA,TDB: Editor Olusturma
TA->>TD: "Editor Ekle" butonuna tikla
TD->>TA: Editor form goster
TA->>TD: Editor bilgileri gir
(telefon, ad soyad, email)
end
rect rgb(254, 243, 199)
Note over TA,TDB: Yetki Atama (K-002)
TD->>TA: Yetki checkbox'lari goster
TA->>TD: Yetkileri sec
(Store, CMS, Kampanya...)
TD->>API: POST /editors
API->>TDB: INSERT user (role: editor)
API->>TDB: INSERT permissions
end
rect rgb(219, 234, 254)
Note over TA,ED: SMS Davet
API->>SMS: Send invitation SMS
SMS-->>ED: Davet SMS'i
"Legends DXP'ye davet edildiniz"
end
rect rgb(243, 232, 255)
Note over ED,TDB: Editor Aktivasyon
ED->>TD: SMS linkine tikla
TD->>ED: OTP dogrulama
ED->>TD: OTP gir
TD->>API: POST /auth/otp/verify
API->>TDB: Activate user
API-->>TD: Session token
TD->>ED: Editor Dashboard
(yetkilere gore menu)
end
Onemli Noktalar
- Checkbox Yetkileri: Her editor icin farkli yetki kombinasyonu
- SMS Davet: E-posta degil, telefon ile davet (K-001)
- Rol Bazli Menu: Editor sadece yetkili oldugu modulleri gorur
- Editor Kisitlamasi: Editor baska kullanici olusturamaz
Multi-Tenant Data Flow
K-003Multi-database izolasyonu ile tenant verileri arasindaki ayrim.
flowchart TB
subgraph USERS["Kullanicilar"]
SA["Super Admin"]
TA1["Tenant Admin A"]
TA2["Tenant Admin B"]
ED1["Editor A1"]
ED2["Editor A2"]
ED3["Editor B1"]
end
subgraph API["API Layer"]
AUTH["Auth Middleware
JWT decode"]
TENANT_CTX["Tenant Context
tenant_id from token"]
ROUTER["DB Router
select connection"]
end
subgraph DATABASES["Databases"]
SDB[("system_db
Platform data")]
TDB_A[("tenant_a_db
Tenant A data")]
TDB_B[("tenant_b_db
Tenant B data")]
end
SA --> AUTH
TA1 & ED1 & ED2 --> AUTH
TA2 & ED3 --> AUTH
AUTH --> TENANT_CTX
TENANT_CTX --> ROUTER
ROUTER -->|"Super Admin"| SDB
ROUTER -->|"Tenant A users"| TDB_A
ROUTER -->|"Tenant B users"| TDB_B
SDB -.->|"tenant list"| ROUTER
style SA fill:#8b5cf6,stroke:#7c3aed,color:#fff
style TA1 fill:#3b82f6,stroke:#2563eb,color:#fff
style TA2 fill:#3b82f6,stroke:#2563eb,color:#fff
style ED1 fill:#0d9488,stroke:#0f766e,color:#fff
style ED2 fill:#0d9488,stroke:#0f766e,color:#fff
style ED3 fill:#0d9488,stroke:#0f766e,color:#fff
style SDB fill:#fef3c7,stroke:#f59e0b
style TDB_A fill:#dbeafe,stroke:#3b82f6
style TDB_B fill:#dcfce7,stroke:#22c55e
Izolasyon Kurallari
- Super Admin: system_db'ye erisir, tum tenant'lari gorur
- Tenant Admin: Sadece kendi tenant_xxx_db'sine erisir
- Editor: Sadece kendi tenant_xxx_db'sine erisir
- Cross-tenant: Kesinlikle yasak, API layer'da engellenir
- JWT Token: tenant_id claim icinde saklanir
System DB vs Tenant DB
| system_db | tenant_xxx_db |
|---|---|
| Tenant kayitlari | Users (Tenant Admin + Editor) |
| Super Admin users | Permissions |
| Platform config | Products, Orders, Payments |
| Billing info | Customers, Campaigns |
| Audit logs (platform) | CMS content |