10% OFF
Website Exclusive Promotion 10% discount for new customers. Offer expires 30th June 2026.
Use code: JIFFYWEB10
Buy Pro
Try Free

Plugin Documentation

Documentation
← Back

Unlocking & Permanent Deletion Rules

2 March 2026 jiffytrade Role Based Access Control (RBAC)

JiffyTrade separates visibility, editing, unlocking, and permanent deletion into different permission layers.

This ensures financial records cannot be altered or destroyed casually.

This article explains how system safeguards work.

🔐 The Locking System (Recap)

Documents may be locked:

  • Manually by a user
  • Automatically when:
    • Sent
    • Converted (Quote → Invoice)
    • Reminder sent
    • Marked as paid

Locked documents:

  • Cannot be edited
  • Cannot be modified
  • Remain part of the audit trail

Unlocking requires explicit permission.

🔓 Unlocking Documents

Unlocking is controlled by two capability levels:

unlock_documents

Allows unlocking of general locked documents.

unlock_financial_documents

Allows unlocking of financially sensitive documents, including:

  • Sent invoices
  • Paid invoices
  • Converted quotes

Unlocking financial documents carries higher risk.

Best practice: restrict to senior roles or Plugin Super Administrators.

🗑 Permanent Deletion Rules

Deletion in JiffyTrade is a staged process:

  1. Move to Trash
  2. Restore from Trash (optional)
  3. Permanently delete

Permanent deletion is controlled by:

delete_documents_permanently

This action:

  • Completely removes the document
  • Cannot be undone
  • Deletes the audit record

🚫 System-Level Deletion Protections

Even with permission, certain actions are blocked by design.

🔗 Quotes with Associated Invoices

A Quote that has generated one or more Invoices:

  • Cannot be permanently deleted
  • Is protected until all linked invoices are deleted

This prevents:

  • Broken conversion chains
  • Lost pricing history
  • Audit inconsistencies

This protection is enforced at system level.

👤 Customers with Existing Documents

Customers that have associated Quotes or Invoices:

  • Cannot be deleted
  • Delete option is disabled
  • Documents must be removed first

This prevents relational data corruption.

💰 Paid Invoices

Paid invoices:

  • Are automatically locked
  • Should not be deleted in normal operation
  • Affect financial reports and tax summaries

Even if permanent deletion is technically allowed via RBAC, deletion of paid invoices is strongly discouraged.

Best practice: cancel instead.

🧠 Why These Restrictions Exist

Without enforced protections:

  • Revenue records could disappear
  • Quote → Invoice history could break
  • Audit trails could be invalidated
  • Financial reports could become inaccurate

JiffyTrade prevents structural damage even if permissions are misconfigured.

⚠ Unlocking vs Deleting — Important Distinction

Unlocking:

  • Allows editing
  • Does not remove history

Permanent deletion:

  • Removes the record entirely
  • Is irreversible

These are intentionally separated permissions.

🛡 Recommended Safeguards

For most businesses:

  • Allow staff to move to Trash
  • Restrict unlocking to managers
  • Restrict financial unlocking to owners
  • Restrict permanent deletion to Plugin Super Administrators

This ensures:

✔ Operational flexibility
✔ Controlled financial authority
✔ Strong audit protection

🎯 Key Principle

RBAC controls who can attempt an action.

System safeguards control what is structurally allowed.

Even high-level users cannot break document relationships or delete protected records without meeting required conditions.