User Roles
| Role | Description | Status |
|---|---|---|
| Admin | Full administrative access within configured permissions | Confirmed |
| School Manager | Manages school-scoped operations | Confirmed |
| Supplier | Manages supplier store, products, orders, and delivery flows | Confirmed |
| Operator | Operates cafeteria/store workflows within assigned scope | Confirmed |
| Parent | Manages own students, wallet, orders, and allowed credential actions | Confirmed |
| Student | Uses student-scoped actions where enabled | Confirmed |
Role Rules
- Every protected action must be tied to an authenticated user.
- Scope must be derived from authenticated user context, not from user-submitted data only.