08 — Portal Module Catalog

← Index

The IP4CMS admin portal (src/tenant-frontend) — an Angular SPA, the staff/operator UI. Feature modules are lazy-loaded under an authenticated shell and map closely to tenant-api modules (07). The portal shows only the features the tenant's license enables (04).

Portal structure & auth

• Two backends. All feature services call a shared ApiService (services/api.service.ts) whose base URL resolves at call time to the tenant-api / regional API (environment.apiBaseUrl). A separate core-api (environment.coreApiUrl) handles authentication and domain resolution. So the portal talks to core-api for auth/domain and tenant-api for all feature data.
• Tenant header. Every request carries Authorization: Bearer <JWT> and x-tenant-id: <paas_tenant_id> (set by AuthService.getAuthHeaders), plus an X-Branding-Key. The tenant id is read from localStorage('paas_tenant_id') (localhost dev falls back to environment.defaultTenantId).
• Auth flow. JWT access/refresh tokens in localStorage; interceptors/auth.interceptor.ts catches 401s and performs a single-flight token refresh (queuing concurrent requests), retrying with the new token, logging out if refresh fails. Login screens live in auth/.
• Guards. guards/auth.guard.ts gates the authenticated shell; additional guards are license/permission-aware (settings-route-access.guard.ts, documents-* guards).
• Layout & navigation. layout/layout.component is the authenticated chrome (sidebar + header). Navigation is build-time-configurable (navigation/build-time-nav-menu*.ts, with .prod / .member24 / .flex25 variants) and environment.navLabelOverrides relabels menu items per deployment — so the same module key surfaces under different UI names per vertical (e.g. financials → "Accounting", reporting → "Dashboard", flows → "Forms").
• License-aware UI. ApiService.handleError specially formats tenant-api 403 "Module not enabled in license" responses, and a portal ModuleService shows/hides nav and route guards by the tenant's enabled_modules (prefix-aware — a base enables its sub-modules). See 04.

Feature modules live under src/tenant-frontend/src/app/modules/. Below, grouped by domain, each with the tenant-api endpoints it primarily consumes.

Financial & Collections

• financials — Accounting back office: ledgers/accounts, transactions, billing cycles, collections, disbursements, payment authorizations. (→ /financials, /transactions, /accounts, /collections, /billing-cycles, /payment-links, /payment-channels)
• sales — Sales/orders: product catalog, packages, order management, provisioning channels. (→ /sales, /products, /orders, /packages, /provisioning-channels)
• customers — Customer records and their products/subscriptions. (→ /customers, /customer-products)
• suppliers — Supplier directory and categories. (→ /suppliers, /supplier-categories)

Membership & People

• members — Core member roster: create/edit, member types, custom properties. (→ /members, /member-types, /custom-properties)
• member-ranks — Member rank/tier definitions. (→ /member-ranks)
• member-requests — Inbound member-initiated requests/approvals queue. (→ /member-requests)
• directory — Member/contact directory browse view. (→ /directory)
• contact-groups — Audience/contact groups for targeting communications. (→ /contact-groups)

Property/Estate & Facilities

• properties — Property/estate register, property claims and a verification queue tying properties to members. (→ /properties, /property-claims, /members)
• facilities — Bookable facilities/amenities with calendar and reservations. (→ /facilities, /bookings, /booking-calendar)
• locations — Location hierarchy (sites/branches/zones). (→ /locations)
• mapping — GIS/map view of locations and assets. (→ /mapping, map /tile)
• vehicles — Vehicle register and types. (→ /vehicles, /vehicle-types)

Communications & Engagement

• communications — Central comms hub: compose/send, bulk messaging, templates, dashboards. (→ /communications, /message-templates, /bulk)
• news-stands — News/announcement publishing to members. (→ /news-stands, /send-logs)
• surveys — Member surveys/eForms with send tracking. (→ /surveys, /eforms, /send-logs)
• gallery — Photo albums/media gallery with storage usage. (→ /gallery, /albums)
• events — Event scheduling and event types. (→ /events, /event-types)
• classifieds — Member classifieds/marketplace listings. (→ /classifieds)
• faq — FAQ content management. (→ /faq)
• notifications — In-app notification center: list, read/unread, bulk actions. (→ /notifications)

Access, Security & Compliance

• panic — Panic/emergency-button monitoring: triggers, emergency types, responder groups. (→ /panic, /emergency-types, /panic-responder-groups)
• access-invites — Visitor/access invitations and access-management settings. (→ /access-invites, /access-management)
• visiting-points — Access/check-in points (gates/entry points). (→ /visiting-points)
• visiting-point-rules — Access rules governing visiting points. (→ /visiting-point-rules)
• kyc-requests — KYC verification request queue. (→ /kyc-requests)
• certificates — Certificate templates and member/location certificate issuance + download. (→ /certificate-templates, /certificates)
• devices — Registered device inventory (IoT/access devices). (→ /devices)

Operations & Field

• taskr — Field-task / work-order management (Taskr), flows-driven. (→ /taskr, /flows)
• feasibility — Feasibility requests and request groups. (→ /feasibility-requests, /feasibility-request-groups)
• utilities — Utility metering: channels, ingestion logs, activation. (→ /utilities, /utility-channels, /utility-ingestion-logs)
• support — Support tickets / help desk. (→ /support)
• documents / member-documents — Document library / file management for entities and members. (→ /documents, /document-types)
• flows — Onboarding/workflow flows: templates, instances, onboarding records. (→ /flow-templates, /flow-instances, /onboarding-records)

Platform & Configuration

• settings — Tenant configuration hub: branding, domain configs, numbering, payment/SMS/mail gateways, omni-channels, custom properties. (→ /settings, /domain-configs, /sms-gateways, /mail-servers, /omni-channels)
• users — Admin/staff user accounts. (→ /users)
• roles — RBAC roles and permission assignment. (→ /roles, /permissions)
• reporting — Dashboards/analytics, including Metabase-embedded dashboards. (→ /reporting, /dashboards, /metabase, /embed-token)
• webhooks — Outbound webhook subscription management. (→ /webhooks)

Notes & caveats

• Labels are deployment-specific via navLabelOverrides, so the same module surfaces under different UI names per tenant/vertical.
• Some areas are nested under route groups rather than top-level (e.g. feasibility, kyc-requests, access-invites under suppliers/documents groups; utilities, devices under settings).
• Module wiring is mixed: some use NgModule routing modules, others standalone *.routes.ts route arrays.

Key source paths: src/tenant-frontend/src/app/ — app-routing.module.ts, modules/*, services/{api.service,api-auth-bridge,auth.service}.ts, interceptors/auth.interceptor.ts, guards/, navigation/build-time-nav-menu*.ts, environments/environment.ts.

← Back to index