feat(core): More granular (entity-based) permissions

Relates to #617

packages/admin-ui/src/lib/core/src/common/generated-types.ts

@@ -2703,28 +2703,84 @@ export enum Permission {
   Authenticated = 'Authenticated',
   /** Grants permission to create Administrator */
   CreateAdministrator = 'CreateAdministrator',
-  /** Grants permission to create Catalog */
+  /** Grants permission to create Asset */
+  CreateAsset = 'CreateAsset',
+  /** Grants permission to create Products, Facets, Assets, Collections */
   CreateCatalog = 'CreateCatalog',
+  /** Grants permission to create Channel */
+  CreateChannel = 'CreateChannel',
+  /** Grants permission to create Collection */
+  CreateCollection = 'CreateCollection',
+  /** Grants permission to create Country */
+  CreateCountry = 'CreateCountry',
   /** Grants permission to create Customer */
   CreateCustomer = 'CreateCustomer',
+  /** Grants permission to create CustomerGroup */
+  CreateCustomerGroup = 'CreateCustomerGroup',
+  /** Grants permission to create Facet */
+  CreateFacet = 'CreateFacet',
   /** Grants permission to create Order */
   CreateOrder = 'CreateOrder',
+  /** Grants permission to create PaymentMethod */
+  CreatePaymentMethod = 'CreatePaymentMethod',
+  /** Grants permission to create Product */
+  CreateProduct = 'CreateProduct',
   /** Grants permission to create Promotion */
   CreatePromotion = 'CreatePromotion',
-  /** Grants permission to create Settings */
+  /** Grants permission to create PaymentMethods, ShippingMethods, TaxCategories, TaxRates, Zones, Countries, System & GlobalSettings */
   CreateSettings = 'CreateSettings',
+  /** Grants permission to create ShippingMethod */
+  CreateShippingMethod = 'CreateShippingMethod',
+  /** Grants permission to create System */
+  CreateSystem = 'CreateSystem',
+  /** Grants permission to create Tag */
+  CreateTag = 'CreateTag',
+  /** Grants permission to create TaxCategory */
+  CreateTaxCategory = 'CreateTaxCategory',
+  /** Grants permission to create TaxRate */
+  CreateTaxRate = 'CreateTaxRate',
+  /** Grants permission to create Zone */
+  CreateZone = 'CreateZone',
   /** Grants permission to delete Administrator */
   DeleteAdministrator = 'DeleteAdministrator',
-  /** Grants permission to delete Catalog */
+  /** Grants permission to delete Asset */
+  DeleteAsset = 'DeleteAsset',
+  /** Grants permission to delete Products, Facets, Assets, Collections */
   DeleteCatalog = 'DeleteCatalog',
+  /** Grants permission to delete Channel */
+  DeleteChannel = 'DeleteChannel',
+  /** Grants permission to delete Collection */
+  DeleteCollection = 'DeleteCollection',
+  /** Grants permission to delete Country */
+  DeleteCountry = 'DeleteCountry',
   /** Grants permission to delete Customer */
   DeleteCustomer = 'DeleteCustomer',
+  /** Grants permission to delete CustomerGroup */
+  DeleteCustomerGroup = 'DeleteCustomerGroup',
+  /** Grants permission to delete Facet */
+  DeleteFacet = 'DeleteFacet',
   /** Grants permission to delete Order */
   DeleteOrder = 'DeleteOrder',
+  /** Grants permission to delete PaymentMethod */
+  DeletePaymentMethod = 'DeletePaymentMethod',
+  /** Grants permission to delete Product */
+  DeleteProduct = 'DeleteProduct',
   /** Grants permission to delete Promotion */
   DeletePromotion = 'DeletePromotion',
-  /** Grants permission to delete Settings */
+  /** Grants permission to delete PaymentMethods, ShippingMethods, TaxCategories, TaxRates, Zones, Countries, System & GlobalSettings */
   DeleteSettings = 'DeleteSettings',
+  /** Grants permission to delete ShippingMethod */
+  DeleteShippingMethod = 'DeleteShippingMethod',
+  /** Grants permission to delete System */
+  DeleteSystem = 'DeleteSystem',
+  /** Grants permission to delete Tag */
+  DeleteTag = 'DeleteTag',
+  /** Grants permission to delete TaxCategory */
+  DeleteTaxCategory = 'DeleteTaxCategory',
+  /** Grants permission to delete TaxRate */
+  DeleteTaxRate = 'DeleteTaxRate',
+  /** Grants permission to delete Zone */
+  DeleteZone = 'DeleteZone',
   /** Owner means the user owns this entity, e.g. a Customer's own Order */
   Owner = 'Owner',
   Placeholder = 'Placeholder',
@@ -2732,30 +2788,88 @@ export enum Permission {
   Public = 'Public',
   /** Grants permission to read Administrator */
   ReadAdministrator = 'ReadAdministrator',
-  /** Grants permission to read Catalog */
+  /** Grants permission to read Asset */
+  ReadAsset = 'ReadAsset',
+  /** Grants permission to read Products, Facets, Assets, Collections */
   ReadCatalog = 'ReadCatalog',
+  /** Grants permission to read Channel */
+  ReadChannel = 'ReadChannel',
+  /** Grants permission to read Collection */
+  ReadCollection = 'ReadCollection',
+  /** Grants permission to read Country */
+  ReadCountry = 'ReadCountry',
   /** Grants permission to read Customer */
   ReadCustomer = 'ReadCustomer',
+  /** Grants permission to read CustomerGroup */
+  ReadCustomerGroup = 'ReadCustomerGroup',
+  /** Grants permission to read Facet */
+  ReadFacet = 'ReadFacet',
   /** Grants permission to read Order */
   ReadOrder = 'ReadOrder',
+  /** Grants permission to read PaymentMethod */
+  ReadPaymentMethod = 'ReadPaymentMethod',
+  /** Grants permission to read Product */
+  ReadProduct = 'ReadProduct',
   /** Grants permission to read Promotion */
   ReadPromotion = 'ReadPromotion',
-  /** Grants permission to read Settings */
+  /** Grants permission to read PaymentMethods, ShippingMethods, TaxCategories, TaxRates, Zones, Countries, System & GlobalSettings */
   ReadSettings = 'ReadSettings',
+  /** Grants permission to read ShippingMethod */
+  ReadShippingMethod = 'ReadShippingMethod',
+  /** Grants permission to read System */
+  ReadSystem = 'ReadSystem',
+  /** Grants permission to read Tag */
+  ReadTag = 'ReadTag',
+  /** Grants permission to read TaxCategory */
+  ReadTaxCategory = 'ReadTaxCategory',
+  /** Grants permission to read TaxRate */
+  ReadTaxRate = 'ReadTaxRate',
+  /** Grants permission to read Zone */
+  ReadZone = 'ReadZone',
   /** SuperAdmin has unrestricted access to all operations */
   SuperAdmin = 'SuperAdmin',
   /** Grants permission to update Administrator */
   UpdateAdministrator = 'UpdateAdministrator',
-  /** Grants permission to update Catalog */
+  /** Grants permission to update Asset */
+  UpdateAsset = 'UpdateAsset',
+  /** Grants permission to update Products, Facets, Assets, Collections */
   UpdateCatalog = 'UpdateCatalog',
+  /** Grants permission to update Channel */
+  UpdateChannel = 'UpdateChannel',
+  /** Grants permission to update Collection */
+  UpdateCollection = 'UpdateCollection',
+  /** Grants permission to update Country */
+  UpdateCountry = 'UpdateCountry',
   /** Grants permission to update Customer */
   UpdateCustomer = 'UpdateCustomer',
+  /** Grants permission to update CustomerGroup */
+  UpdateCustomerGroup = 'UpdateCustomerGroup',
+  /** Grants permission to update Facet */
+  UpdateFacet = 'UpdateFacet',
+  /** Grants permission to update GlobalSettings */
+  UpdateGlobalSettings = 'UpdateGlobalSettings',
   /** Grants permission to update Order */
   UpdateOrder = 'UpdateOrder',
+  /** Grants permission to update PaymentMethod */
+  UpdatePaymentMethod = 'UpdatePaymentMethod',
+  /** Grants permission to update Product */
+  UpdateProduct = 'UpdateProduct',
   /** Grants permission to update Promotion */
   UpdatePromotion = 'UpdatePromotion',
-  /** Grants permission to update Settings */
-  UpdateSettings = 'UpdateSettings'
+  /** Grants permission to update PaymentMethods, ShippingMethods, TaxCategories, TaxRates, Zones, Countries, System & GlobalSettings */
+  UpdateSettings = 'UpdateSettings',
+  /** Grants permission to update ShippingMethod */
+  UpdateShippingMethod = 'UpdateShippingMethod',
+  /** Grants permission to update System */
+  UpdateSystem = 'UpdateSystem',
+  /** Grants permission to update Tag */
+  UpdateTag = 'UpdateTag',
+  /** Grants permission to update TaxCategory */
+  UpdateTaxCategory = 'UpdateTaxCategory',
+  /** Grants permission to update TaxRate */
+  UpdateTaxRate = 'UpdateTaxRate',
+  /** Grants permission to update Zone */
+  UpdateZone = 'UpdateZone'
 }
 
 export enum SortOrder {
@@ -4123,7 +4237,7 @@ export type OrderLine = Node & {
   discounts: Array<Discount>;
   taxLines: Array<TaxLine>;
   order: Order;
-  customFields?: Maybe<OrderLineCustomFields>;
+  customFields?: Maybe<Scalars['JSON']>;
 };
 
 export type Refund = Node & {
@@ -4855,15 +4969,6 @@ export type HistoryEntrySortParameter = {
   updatedAt?: Maybe<SortOrder>;
 };
 
-export type OrderLineCustomFields = {
-  __typename?: 'OrderLineCustomFields';
-  giftCardValue?: Maybe<Scalars['Int']>;
-  giftCardRecipientName?: Maybe<Scalars['String']>;
-  giftCardRecipientEmailAddress?: Maybe<Scalars['String']>;
-  giftCardMessage?: Maybe<Scalars['String']>;
-  giftCardDeliveryDate?: Maybe<Scalars['DateTime']>;
-};
-
 export type AuthenticationInput = {
   native?: Maybe<NativeAuthInput>;
 };

packages/asset-server-plugin/e2e/graphql/generated-e2e-asset-server-plugin-types.ts

@@ -2486,22 +2486,24 @@ export enum Permission {
     Owner = 'Owner',
     /** Public means any unauthenticated user may perform the operation */
     Public = 'Public',
-    /** Grants permission to create Catalog */
+    /** Grants permission to update GlobalSettings */
+    UpdateGlobalSettings = 'UpdateGlobalSettings',
+    /** Grants permission to create Products, Facets, Assets, Collections */
     CreateCatalog = 'CreateCatalog',
-    /** Grants permission to read Catalog */
+    /** Grants permission to read Products, Facets, Assets, Collections */
     ReadCatalog = 'ReadCatalog',
-    /** Grants permission to update Catalog */
+    /** Grants permission to update Products, Facets, Assets, Collections */
     UpdateCatalog = 'UpdateCatalog',
-    /** Grants permission to delete Catalog */
+    /** Grants permission to delete Products, Facets, Assets, Collections */
     DeleteCatalog = 'DeleteCatalog',
-    /** Grants permission to create Customer */
-    CreateCustomer = 'CreateCustomer',
-    /** Grants permission to read Customer */
-    ReadCustomer = 'ReadCustomer',
-    /** Grants permission to update Customer */
-    UpdateCustomer = 'UpdateCustomer',
-    /** Grants permission to delete Customer */
-    DeleteCustomer = 'DeleteCustomer',
+    /** Grants permission to create PaymentMethods, ShippingMethods, TaxCategories, TaxRates, Zones, Countries, System & GlobalSettings */
+    CreateSettings = 'CreateSettings',
+    /** Grants permission to read PaymentMethods, ShippingMethods, TaxCategories, TaxRates, Zones, Countries, System & GlobalSettings */
+    ReadSettings = 'ReadSettings',
+    /** Grants permission to update PaymentMethods, ShippingMethods, TaxCategories, TaxRates, Zones, Countries, System & GlobalSettings */
+    UpdateSettings = 'UpdateSettings',
+    /** Grants permission to delete PaymentMethods, ShippingMethods, TaxCategories, TaxRates, Zones, Countries, System & GlobalSettings */
+    DeleteSettings = 'DeleteSettings',
     /** Grants permission to create Administrator */
     CreateAdministrator = 'CreateAdministrator',
     /** Grants permission to read Administrator */
@@ -2510,6 +2512,62 @@ export enum Permission {
     UpdateAdministrator = 'UpdateAdministrator',
     /** Grants permission to delete Administrator */
     DeleteAdministrator = 'DeleteAdministrator',
+    /** Grants permission to create Asset */
+    CreateAsset = 'CreateAsset',
+    /** Grants permission to read Asset */
+    ReadAsset = 'ReadAsset',
+    /** Grants permission to update Asset */
+    UpdateAsset = 'UpdateAsset',
+    /** Grants permission to delete Asset */
+    DeleteAsset = 'DeleteAsset',
+    /** Grants permission to create Channel */
+    CreateChannel = 'CreateChannel',
+    /** Grants permission to read Channel */
+    ReadChannel = 'ReadChannel',
+    /** Grants permission to update Channel */
+    UpdateChannel = 'UpdateChannel',
+    /** Grants permission to delete Channel */
+    DeleteChannel = 'DeleteChannel',
+    /** Grants permission to create Collection */
+    CreateCollection = 'CreateCollection',
+    /** Grants permission to read Collection */
+    ReadCollection = 'ReadCollection',
+    /** Grants permission to update Collection */
+    UpdateCollection = 'UpdateCollection',
+    /** Grants permission to delete Collection */
+    DeleteCollection = 'DeleteCollection',
+    /** Grants permission to create Country */
+    CreateCountry = 'CreateCountry',
+    /** Grants permission to read Country */
+    ReadCountry = 'ReadCountry',
+    /** Grants permission to update Country */
+    UpdateCountry = 'UpdateCountry',
+    /** Grants permission to delete Country */
+    DeleteCountry = 'DeleteCountry',
+    /** Grants permission to create Customer */
+    CreateCustomer = 'CreateCustomer',
+    /** Grants permission to read Customer */
+    ReadCustomer = 'ReadCustomer',
+    /** Grants permission to update Customer */
+    UpdateCustomer = 'UpdateCustomer',
+    /** Grants permission to delete Customer */
+    DeleteCustomer = 'DeleteCustomer',
+    /** Grants permission to create CustomerGroup */
+    CreateCustomerGroup = 'CreateCustomerGroup',
+    /** Grants permission to read CustomerGroup */
+    ReadCustomerGroup = 'ReadCustomerGroup',
+    /** Grants permission to update CustomerGroup */
+    UpdateCustomerGroup = 'UpdateCustomerGroup',
+    /** Grants permission to delete CustomerGroup */
+    DeleteCustomerGroup = 'DeleteCustomerGroup',
+    /** Grants permission to create Facet */
+    CreateFacet = 'CreateFacet',
+    /** Grants permission to read Facet */
+    ReadFacet = 'ReadFacet',
+    /** Grants permission to update Facet */
+    UpdateFacet = 'UpdateFacet',
+    /** Grants permission to delete Facet */
+    DeleteFacet = 'DeleteFacet',
     /** Grants permission to create Order */
     CreateOrder = 'CreateOrder',
     /** Grants permission to read Order */
@@ -2518,6 +2576,22 @@ export enum Permission {
     UpdateOrder = 'UpdateOrder',
     /** Grants permission to delete Order */
     DeleteOrder = 'DeleteOrder',
+    /** Grants permission to create PaymentMethod */
+    CreatePaymentMethod = 'CreatePaymentMethod',
+    /** Grants permission to read PaymentMethod */
+    ReadPaymentMethod = 'ReadPaymentMethod',
+    /** Grants permission to update PaymentMethod */
+    UpdatePaymentMethod = 'UpdatePaymentMethod',
+    /** Grants permission to delete PaymentMethod */
+    DeletePaymentMethod = 'DeletePaymentMethod',
+    /** Grants permission to create Product */
+    CreateProduct = 'CreateProduct',
+    /** Grants permission to read Product */
+    ReadProduct = 'ReadProduct',
+    /** Grants permission to update Product */
+    UpdateProduct = 'UpdateProduct',
+    /** Grants permission to delete Product */
+    DeleteProduct = 'DeleteProduct',
     /** Grants permission to create Promotion */
     CreatePromotion = 'CreatePromotion',
     /** Grants permission to read Promotion */
@@ -2526,14 +2600,54 @@ export enum Permission {
     UpdatePromotion = 'UpdatePromotion',
     /** Grants permission to delete Promotion */
     DeletePromotion = 'DeletePromotion',
-    /** Grants permission to create Settings */
-    CreateSettings = 'CreateSettings',
-    /** Grants permission to read Settings */
-    ReadSettings = 'ReadSettings',
-    /** Grants permission to update Settings */
-    UpdateSettings = 'UpdateSettings',
-    /** Grants permission to delete Settings */
-    DeleteSettings = 'DeleteSettings',
+    /** Grants permission to create ShippingMethod */
+    CreateShippingMethod = 'CreateShippingMethod',
+    /** Grants permission to read ShippingMethod */
+    ReadShippingMethod = 'ReadShippingMethod',
+    /** Grants permission to update ShippingMethod */
+    UpdateShippingMethod = 'UpdateShippingMethod',
+    /** Grants permission to delete ShippingMethod */
+    DeleteShippingMethod = 'DeleteShippingMethod',
+    /** Grants permission to create Tag */
+    CreateTag = 'CreateTag',
+    /** Grants permission to read Tag */
+    ReadTag = 'ReadTag',
+    /** Grants permission to update Tag */
+    UpdateTag = 'UpdateTag',
+    /** Grants permission to delete Tag */
+    DeleteTag = 'DeleteTag',
+    /** Grants permission to create TaxCategory */
+    CreateTaxCategory = 'CreateTaxCategory',
+    /** Grants permission to read TaxCategory */
+    ReadTaxCategory = 'ReadTaxCategory',
+    /** Grants permission to update TaxCategory */
+    UpdateTaxCategory = 'UpdateTaxCategory',
+    /** Grants permission to delete TaxCategory */
+    DeleteTaxCategory = 'DeleteTaxCategory',
+    /** Grants permission to create TaxRate */
+    CreateTaxRate = 'CreateTaxRate',
+    /** Grants permission to read TaxRate */
+    ReadTaxRate = 'ReadTaxRate',
+    /** Grants permission to update TaxRate */
+    UpdateTaxRate = 'UpdateTaxRate',
+    /** Grants permission to delete TaxRate */
+    DeleteTaxRate = 'DeleteTaxRate',
+    /** Grants permission to create System */
+    CreateSystem = 'CreateSystem',
+    /** Grants permission to read System */
+    ReadSystem = 'ReadSystem',
+    /** Grants permission to update System */
+    UpdateSystem = 'UpdateSystem',
+    /** Grants permission to delete System */
+    DeleteSystem = 'DeleteSystem',
+    /** Grants permission to create Zone */
+    CreateZone = 'CreateZone',
+    /** Grants permission to read Zone */
+    ReadZone = 'ReadZone',
+    /** Grants permission to update Zone */
+    UpdateZone = 'UpdateZone',
+    /** Grants permission to delete Zone */
+    DeleteZone = 'DeleteZone',
 }
 
 export enum SortOrder {
@@ -3861,7 +3975,7 @@ export type OrderLine = Node & {
     discounts: Array<Discount>;
     taxLines: Array<TaxLine>;
     order: Order;
-    customFields?: Maybe<OrderLineCustomFields>;
+    customFields?: Maybe<Scalars['JSON']>;
 };
 
 export type Refund = Node & {
@@ -4563,14 +4677,6 @@ export type HistoryEntrySortParameter = {
     updatedAt?: Maybe<SortOrder>;
 };
 
-export type OrderLineCustomFields = {
-    giftCardValue?: Maybe<Scalars['Int']>;
-    giftCardRecipientName?: Maybe<Scalars['String']>;
-    giftCardRecipientEmailAddress?: Maybe<Scalars['String']>;
-    giftCardMessage?: Maybe<Scalars['String']>;
-    giftCardDeliveryDate?: Maybe<Scalars['DateTime']>;
-};
-
 export type AuthenticationInput = {
     native?: Maybe<NativeAuthInput>;
 };

packages/common/src/generated-shop-types.ts

@@ -468,22 +468,24 @@ export enum Permission {
     Owner = 'Owner',
     /** Public means any unauthenticated user may perform the operation */
     Public = 'Public',
-    /** Grants permission to create Catalog */
+    /** Grants permission to update GlobalSettings */
+    UpdateGlobalSettings = 'UpdateGlobalSettings',
+    /** Grants permission to create Products, Facets, Assets, Collections */
     CreateCatalog = 'CreateCatalog',
-    /** Grants permission to read Catalog */
+    /** Grants permission to read Products, Facets, Assets, Collections */
     ReadCatalog = 'ReadCatalog',
-    /** Grants permission to update Catalog */
+    /** Grants permission to update Products, Facets, Assets, Collections */
     UpdateCatalog = 'UpdateCatalog',
-    /** Grants permission to delete Catalog */
+    /** Grants permission to delete Products, Facets, Assets, Collections */
     DeleteCatalog = 'DeleteCatalog',
-    /** Grants permission to create Customer */
-    CreateCustomer = 'CreateCustomer',
-    /** Grants permission to read Customer */
-    ReadCustomer = 'ReadCustomer',
-    /** Grants permission to update Customer */
-    UpdateCustomer = 'UpdateCustomer',
-    /** Grants permission to delete Customer */
-    DeleteCustomer = 'DeleteCustomer',
+    /** Grants permission to create PaymentMethods, ShippingMethods, TaxCategories, TaxRates, Zones, Countries, System & GlobalSettings */
+    CreateSettings = 'CreateSettings',
+    /** Grants permission to read PaymentMethods, ShippingMethods, TaxCategories, TaxRates, Zones, Countries, System & GlobalSettings */
+    ReadSettings = 'ReadSettings',
+    /** Grants permission to update PaymentMethods, ShippingMethods, TaxCategories, TaxRates, Zones, Countries, System & GlobalSettings */
+    UpdateSettings = 'UpdateSettings',
+    /** Grants permission to delete PaymentMethods, ShippingMethods, TaxCategories, TaxRates, Zones, Countries, System & GlobalSettings */
+    DeleteSettings = 'DeleteSettings',
     /** Grants permission to create Administrator */
     CreateAdministrator = 'CreateAdministrator',
     /** Grants permission to read Administrator */
@@ -492,6 +494,62 @@ export enum Permission {
     UpdateAdministrator = 'UpdateAdministrator',
     /** Grants permission to delete Administrator */
     DeleteAdministrator = 'DeleteAdministrator',
+    /** Grants permission to create Asset */
+    CreateAsset = 'CreateAsset',
+    /** Grants permission to read Asset */
+    ReadAsset = 'ReadAsset',
+    /** Grants permission to update Asset */
+    UpdateAsset = 'UpdateAsset',
+    /** Grants permission to delete Asset */
+    DeleteAsset = 'DeleteAsset',
+    /** Grants permission to create Channel */
+    CreateChannel = 'CreateChannel',
+    /** Grants permission to read Channel */
+    ReadChannel = 'ReadChannel',
+    /** Grants permission to update Channel */
+    UpdateChannel = 'UpdateChannel',
+    /** Grants permission to delete Channel */
+    DeleteChannel = 'DeleteChannel',
+    /** Grants permission to create Collection */
+    CreateCollection = 'CreateCollection',
+    /** Grants permission to read Collection */
+    ReadCollection = 'ReadCollection',
+    /** Grants permission to update Collection */
+    UpdateCollection = 'UpdateCollection',
+    /** Grants permission to delete Collection */
+    DeleteCollection = 'DeleteCollection',
+    /** Grants permission to create Country */
+    CreateCountry = 'CreateCountry',
+    /** Grants permission to read Country */
+    ReadCountry = 'ReadCountry',
+    /** Grants permission to update Country */
+    UpdateCountry = 'UpdateCountry',
+    /** Grants permission to delete Country */
+    DeleteCountry = 'DeleteCountry',
+    /** Grants permission to create Customer */
+    CreateCustomer = 'CreateCustomer',
+    /** Grants permission to read Customer */
+    ReadCustomer = 'ReadCustomer',
+    /** Grants permission to update Customer */
+    UpdateCustomer = 'UpdateCustomer',
+    /** Grants permission to delete Customer */
+    DeleteCustomer = 'DeleteCustomer',
+    /** Grants permission to create CustomerGroup */
+    CreateCustomerGroup = 'CreateCustomerGroup',
+    /** Grants permission to read CustomerGroup */
+    ReadCustomerGroup = 'ReadCustomerGroup',
+    /** Grants permission to update CustomerGroup */
+    UpdateCustomerGroup = 'UpdateCustomerGroup',
+    /** Grants permission to delete CustomerGroup */
+    DeleteCustomerGroup = 'DeleteCustomerGroup',
+    /** Grants permission to create Facet */
+    CreateFacet = 'CreateFacet',
+    /** Grants permission to read Facet */
+    ReadFacet = 'ReadFacet',
+    /** Grants permission to update Facet */
+    UpdateFacet = 'UpdateFacet',
+    /** Grants permission to delete Facet */
+    DeleteFacet = 'DeleteFacet',
     /** Grants permission to create Order */
     CreateOrder = 'CreateOrder',
     /** Grants permission to read Order */
@@ -500,6 +558,22 @@ export enum Permission {
     UpdateOrder = 'UpdateOrder',
     /** Grants permission to delete Order */
     DeleteOrder = 'DeleteOrder',
+    /** Grants permission to create PaymentMethod */
+    CreatePaymentMethod = 'CreatePaymentMethod',
+    /** Grants permission to read PaymentMethod */
+    ReadPaymentMethod = 'ReadPaymentMethod',
+    /** Grants permission to update PaymentMethod */
+    UpdatePaymentMethod = 'UpdatePaymentMethod',
+    /** Grants permission to delete PaymentMethod */
+    DeletePaymentMethod = 'DeletePaymentMethod',
+    /** Grants permission to create Product */
+    CreateProduct = 'CreateProduct',
+    /** Grants permission to read Product */
+    ReadProduct = 'ReadProduct',
+    /** Grants permission to update Product */
+    UpdateProduct = 'UpdateProduct',
+    /** Grants permission to delete Product */
+    DeleteProduct = 'DeleteProduct',
     /** Grants permission to create Promotion */
     CreatePromotion = 'CreatePromotion',
     /** Grants permission to read Promotion */
@@ -508,14 +582,54 @@ export enum Permission {
     UpdatePromotion = 'UpdatePromotion',
     /** Grants permission to delete Promotion */
     DeletePromotion = 'DeletePromotion',
-    /** Grants permission to create Settings */
-    CreateSettings = 'CreateSettings',
-    /** Grants permission to read Settings */
-    ReadSettings = 'ReadSettings',
-    /** Grants permission to update Settings */
-    UpdateSettings = 'UpdateSettings',
-    /** Grants permission to delete Settings */
-    DeleteSettings = 'DeleteSettings',
+    /** Grants permission to create ShippingMethod */
+    CreateShippingMethod = 'CreateShippingMethod',
+    /** Grants permission to read ShippingMethod */
+    ReadShippingMethod = 'ReadShippingMethod',
+    /** Grants permission to update ShippingMethod */
+    UpdateShippingMethod = 'UpdateShippingMethod',
+    /** Grants permission to delete ShippingMethod */
+    DeleteShippingMethod = 'DeleteShippingMethod',
+    /** Grants permission to create Tag */
+    CreateTag = 'CreateTag',
+    /** Grants permission to read Tag */
+    ReadTag = 'ReadTag',
+    /** Grants permission to update Tag */
+    UpdateTag = 'UpdateTag',
+    /** Grants permission to delete Tag */
+    DeleteTag = 'DeleteTag',
+    /** Grants permission to create TaxCategory */
+    CreateTaxCategory = 'CreateTaxCategory',
+    /** Grants permission to read TaxCategory */
+    ReadTaxCategory = 'ReadTaxCategory',
+    /** Grants permission to update TaxCategory */
+    UpdateTaxCategory = 'UpdateTaxCategory',
+    /** Grants permission to delete TaxCategory */
+    DeleteTaxCategory = 'DeleteTaxCategory',
+    /** Grants permission to create TaxRate */
+    CreateTaxRate = 'CreateTaxRate',
+    /** Grants permission to read TaxRate */
+    ReadTaxRate = 'ReadTaxRate',
+    /** Grants permission to update TaxRate */
+    UpdateTaxRate = 'UpdateTaxRate',
+    /** Grants permission to delete TaxRate */
+    DeleteTaxRate = 'DeleteTaxRate',
+    /** Grants permission to create System */
+    CreateSystem = 'CreateSystem',
+    /** Grants permission to read System */
+    ReadSystem = 'ReadSystem',
+    /** Grants permission to update System */
+    UpdateSystem = 'UpdateSystem',
+    /** Grants permission to delete System */
+    DeleteSystem = 'DeleteSystem',
+    /** Grants permission to create Zone */
+    CreateZone = 'CreateZone',
+    /** Grants permission to read Zone */
+    ReadZone = 'ReadZone',
+    /** Grants permission to update Zone */
+    UpdateZone = 'UpdateZone',
+    /** Grants permission to delete Zone */
+    DeleteZone = 'DeleteZone',
 }
 
 export enum SortOrder {

packages/common/src/generated-types.ts

@@ -2670,22 +2670,24 @@ export enum Permission {
   Owner = 'Owner',
   /** Public means any unauthenticated user may perform the operation */
   Public = 'Public',
-  /** Grants permission to create Catalog */
+  /** Grants permission to update GlobalSettings */
+  UpdateGlobalSettings = 'UpdateGlobalSettings',
+  /** Grants permission to create Products, Facets, Assets, Collections */
   CreateCatalog = 'CreateCatalog',
-  /** Grants permission to read Catalog */
+  /** Grants permission to read Products, Facets, Assets, Collections */
   ReadCatalog = 'ReadCatalog',
-  /** Grants permission to update Catalog */
+  /** Grants permission to update Products, Facets, Assets, Collections */
   UpdateCatalog = 'UpdateCatalog',
-  /** Grants permission to delete Catalog */
+  /** Grants permission to delete Products, Facets, Assets, Collections */
   DeleteCatalog = 'DeleteCatalog',
-  /** Grants permission to create Customer */
-  CreateCustomer = 'CreateCustomer',
-  /** Grants permission to read Customer */
-  ReadCustomer = 'ReadCustomer',
-  /** Grants permission to update Customer */
-  UpdateCustomer = 'UpdateCustomer',
-  /** Grants permission to delete Customer */
-  DeleteCustomer = 'DeleteCustomer',
+  /** Grants permission to create PaymentMethods, ShippingMethods, TaxCategories, TaxRates, Zones, Countries, System & GlobalSettings */
+  CreateSettings = 'CreateSettings',
+  /** Grants permission to read PaymentMethods, ShippingMethods, TaxCategories, TaxRates, Zones, Countries, System & GlobalSettings */
+  ReadSettings = 'ReadSettings',
+  /** Grants permission to update PaymentMethods, ShippingMethods, TaxCategories, TaxRates, Zones, Countries, System & GlobalSettings */
+  UpdateSettings = 'UpdateSettings',
+  /** Grants permission to delete PaymentMethods, ShippingMethods, TaxCategories, TaxRates, Zones, Countries, System & GlobalSettings */
+  DeleteSettings = 'DeleteSettings',
   /** Grants permission to create Administrator */
   CreateAdministrator = 'CreateAdministrator',
   /** Grants permission to read Administrator */
@@ -2694,6 +2696,62 @@ export enum Permission {
   UpdateAdministrator = 'UpdateAdministrator',
   /** Grants permission to delete Administrator */
   DeleteAdministrator = 'DeleteAdministrator',
+  /** Grants permission to create Asset */
+  CreateAsset = 'CreateAsset',
+  /** Grants permission to read Asset */
+  ReadAsset = 'ReadAsset',
+  /** Grants permission to update Asset */
+  UpdateAsset = 'UpdateAsset',
+  /** Grants permission to delete Asset */
+  DeleteAsset = 'DeleteAsset',
+  /** Grants permission to create Channel */
+  CreateChannel = 'CreateChannel',
+  /** Grants permission to read Channel */
+  ReadChannel = 'ReadChannel',
+  /** Grants permission to update Channel */
+  UpdateChannel = 'UpdateChannel',
+  /** Grants permission to delete Channel */
+  DeleteChannel = 'DeleteChannel',
+  /** Grants permission to create Collection */
+  CreateCollection = 'CreateCollection',
+  /** Grants permission to read Collection */
+  ReadCollection = 'ReadCollection',
+  /** Grants permission to update Collection */
+  UpdateCollection = 'UpdateCollection',
+  /** Grants permission to delete Collection */
+  DeleteCollection = 'DeleteCollection',
+  /** Grants permission to create Country */
+  CreateCountry = 'CreateCountry',
+  /** Grants permission to read Country */
+  ReadCountry = 'ReadCountry',
+  /** Grants permission to update Country */
+  UpdateCountry = 'UpdateCountry',
+  /** Grants permission to delete Country */
+  DeleteCountry = 'DeleteCountry',
+  /** Grants permission to create Customer */
+  CreateCustomer = 'CreateCustomer',
+  /** Grants permission to read Customer */
+  ReadCustomer = 'ReadCustomer',
+  /** Grants permission to update Customer */
+  UpdateCustomer = 'UpdateCustomer',
+  /** Grants permission to delete Customer */
+  DeleteCustomer = 'DeleteCustomer',
+  /** Grants permission to create CustomerGroup */
+  CreateCustomerGroup = 'CreateCustomerGroup',
+  /** Grants permission to read CustomerGroup */
+  ReadCustomerGroup = 'ReadCustomerGroup',
+  /** Grants permission to update CustomerGroup */
+  UpdateCustomerGroup = 'UpdateCustomerGroup',
+  /** Grants permission to delete CustomerGroup */
+  DeleteCustomerGroup = 'DeleteCustomerGroup',
+  /** Grants permission to create Facet */
+  CreateFacet = 'CreateFacet',
+  /** Grants permission to read Facet */
+  ReadFacet = 'ReadFacet',
+  /** Grants permission to update Facet */
+  UpdateFacet = 'UpdateFacet',
+  /** Grants permission to delete Facet */
+  DeleteFacet = 'DeleteFacet',
   /** Grants permission to create Order */
   CreateOrder = 'CreateOrder',
   /** Grants permission to read Order */
@@ -2702,6 +2760,22 @@ export enum Permission {
   UpdateOrder = 'UpdateOrder',
   /** Grants permission to delete Order */
   DeleteOrder = 'DeleteOrder',
+  /** Grants permission to create PaymentMethod */
+  CreatePaymentMethod = 'CreatePaymentMethod',
+  /** Grants permission to read PaymentMethod */
+  ReadPaymentMethod = 'ReadPaymentMethod',
+  /** Grants permission to update PaymentMethod */
+  UpdatePaymentMethod = 'UpdatePaymentMethod',
+  /** Grants permission to delete PaymentMethod */
+  DeletePaymentMethod = 'DeletePaymentMethod',
+  /** Grants permission to create Product */
+  CreateProduct = 'CreateProduct',
+  /** Grants permission to read Product */
+  ReadProduct = 'ReadProduct',
+  /** Grants permission to update Product */
+  UpdateProduct = 'UpdateProduct',
+  /** Grants permission to delete Product */
+  DeleteProduct = 'DeleteProduct',
   /** Grants permission to create Promotion */
   CreatePromotion = 'CreatePromotion',
   /** Grants permission to read Promotion */
@@ -2710,14 +2784,54 @@ export enum Permission {
   UpdatePromotion = 'UpdatePromotion',
   /** Grants permission to delete Promotion */
   DeletePromotion = 'DeletePromotion',
-  /** Grants permission to create Settings */
-  CreateSettings = 'CreateSettings',
-  /** Grants permission to read Settings */
-  ReadSettings = 'ReadSettings',
-  /** Grants permission to update Settings */
-  UpdateSettings = 'UpdateSettings',
-  /** Grants permission to delete Settings */
-  DeleteSettings = 'DeleteSettings'
+  /** Grants permission to create ShippingMethod */
+  CreateShippingMethod = 'CreateShippingMethod',
+  /** Grants permission to read ShippingMethod */
+  ReadShippingMethod = 'ReadShippingMethod',
+  /** Grants permission to update ShippingMethod */
+  UpdateShippingMethod = 'UpdateShippingMethod',
+  /** Grants permission to delete ShippingMethod */
+  DeleteShippingMethod = 'DeleteShippingMethod',
+  /** Grants permission to create Tag */
+  CreateTag = 'CreateTag',
+  /** Grants permission to read Tag */
+  ReadTag = 'ReadTag',
+  /** Grants permission to update Tag */
+  UpdateTag = 'UpdateTag',
+  /** Grants permission to delete Tag */
+  DeleteTag = 'DeleteTag',
+  /** Grants permission to create TaxCategory */
+  CreateTaxCategory = 'CreateTaxCategory',
+  /** Grants permission to read TaxCategory */
+  ReadTaxCategory = 'ReadTaxCategory',
+  /** Grants permission to update TaxCategory */
+  UpdateTaxCategory = 'UpdateTaxCategory',
+  /** Grants permission to delete TaxCategory */
+  DeleteTaxCategory = 'DeleteTaxCategory',
+  /** Grants permission to create TaxRate */
+  CreateTaxRate = 'CreateTaxRate',
+  /** Grants permission to read TaxRate */
+  ReadTaxRate = 'ReadTaxRate',
+  /** Grants permission to update TaxRate */
+  UpdateTaxRate = 'UpdateTaxRate',
+  /** Grants permission to delete TaxRate */
+  DeleteTaxRate = 'DeleteTaxRate',
+  /** Grants permission to create System */
+  CreateSystem = 'CreateSystem',
+  /** Grants permission to read System */
+  ReadSystem = 'ReadSystem',
+  /** Grants permission to update System */
+  UpdateSystem = 'UpdateSystem',
+  /** Grants permission to delete System */
+  DeleteSystem = 'DeleteSystem',
+  /** Grants permission to create Zone */
+  CreateZone = 'CreateZone',
+  /** Grants permission to read Zone */
+  ReadZone = 'ReadZone',
+  /** Grants permission to update Zone */
+  UpdateZone = 'UpdateZone',
+  /** Grants permission to delete Zone */
+  DeleteZone = 'DeleteZone'
 }
 
 export enum SortOrder {
@@ -4085,7 +4199,7 @@ export type OrderLine = Node & {
   discounts: Array<Discount>;
   taxLines: Array<TaxLine>;
   order: Order;
-  customFields?: Maybe<OrderLineCustomFields>;
+  customFields?: Maybe<Scalars['JSON']>;
 };
 
 export type Refund = Node & {
@@ -4817,15 +4931,6 @@ export type HistoryEntrySortParameter = {
   updatedAt?: Maybe<SortOrder>;
 };
 
-export type OrderLineCustomFields = {
-  __typename?: 'OrderLineCustomFields';
-  giftCardValue?: Maybe<Scalars['Int']>;
-  giftCardRecipientName?: Maybe<Scalars['String']>;
-  giftCardRecipientEmailAddress?: Maybe<Scalars['String']>;
-  giftCardMessage?: Maybe<Scalars['String']>;
-  giftCardDeliveryDate?: Maybe<Scalars['DateTime']>;
-};
-
 export type AuthenticationInput = {
   native?: Maybe<NativeAuthInput>;
 };

packages/core/e2e/__snapshots__/administrator.e2e-spec.ts.snap

@@ -18,30 +18,87 @@ Object {
         "permissions": Array [
           "Authenticated",
           "SuperAdmin",
+          "UpdateGlobalSettings",
           "CreateCatalog",
           "ReadCatalog",
           "UpdateCatalog",
           "DeleteCatalog",
-          "CreateCustomer",
-          "ReadCustomer",
-          "UpdateCustomer",
-          "DeleteCustomer",
+          "CreateSettings",
+          "ReadSettings",
+          "UpdateSettings",
+          "DeleteSettings",
           "CreateAdministrator",
           "ReadAdministrator",
           "UpdateAdministrator",
           "DeleteAdministrator",
+          "CreateAsset",
+          "ReadAsset",
+          "UpdateAsset",
+          "DeleteAsset",
+          "CreateChannel",
+          "ReadChannel",
+          "UpdateChannel",
+          "DeleteChannel",
+          "CreateCollection",
+          "ReadCollection",
+          "UpdateCollection",
+          "DeleteCollection",
+          "CreateCountry",
+          "ReadCountry",
+          "UpdateCountry",
+          "DeleteCountry",
+          "CreateCustomer",
+          "ReadCustomer",
+          "UpdateCustomer",
+          "DeleteCustomer",
+          "CreateCustomerGroup",
+          "ReadCustomerGroup",
+          "UpdateCustomerGroup",
+          "DeleteCustomerGroup",
+          "CreateFacet",
+          "ReadFacet",
+          "UpdateFacet",
+          "DeleteFacet",
           "CreateOrder",
           "ReadOrder",
           "UpdateOrder",
           "DeleteOrder",
+          "CreatePaymentMethod",
+          "ReadPaymentMethod",
+          "UpdatePaymentMethod",
+          "DeletePaymentMethod",
+          "CreateProduct",
+          "ReadProduct",
+          "UpdateProduct",
+          "DeleteProduct",
           "CreatePromotion",
           "ReadPromotion",
           "UpdatePromotion",
           "DeletePromotion",
-          "CreateSettings",
-          "ReadSettings",
-          "UpdateSettings",
-          "DeleteSettings",
+          "CreateShippingMethod",
+          "ReadShippingMethod",
+          "UpdateShippingMethod",
+          "DeleteShippingMethod",
+          "CreateTag",
+          "ReadTag",
+          "UpdateTag",
+          "DeleteTag",
+          "CreateTaxCategory",
+          "ReadTaxCategory",
+          "UpdateTaxCategory",
+          "DeleteTaxCategory",
+          "CreateTaxRate",
+          "ReadTaxRate",
+          "UpdateTaxRate",
+          "DeleteTaxRate",
+          "CreateSystem",
+          "ReadSystem",
+          "UpdateSystem",
+          "DeleteSystem",
+          "CreateZone",
+          "ReadZone",
+          "UpdateZone",
+          "DeleteZone",
         ],
       },
     ],

packages/core/e2e/graphql/generated-e2e-admin-types.ts

@@ -2486,22 +2486,24 @@ export enum Permission {
     Owner = 'Owner',
     /** Public means any unauthenticated user may perform the operation */
     Public = 'Public',
-    /** Grants permission to create Catalog */
+    /** Grants permission to update GlobalSettings */
+    UpdateGlobalSettings = 'UpdateGlobalSettings',
+    /** Grants permission to create Products, Facets, Assets, Collections */
     CreateCatalog = 'CreateCatalog',
-    /** Grants permission to read Catalog */
+    /** Grants permission to read Products, Facets, Assets, Collections */
     ReadCatalog = 'ReadCatalog',
-    /** Grants permission to update Catalog */
+    /** Grants permission to update Products, Facets, Assets, Collections */
     UpdateCatalog = 'UpdateCatalog',
-    /** Grants permission to delete Catalog */
+    /** Grants permission to delete Products, Facets, Assets, Collections */
     DeleteCatalog = 'DeleteCatalog',
-    /** Grants permission to create Customer */
-    CreateCustomer = 'CreateCustomer',
-    /** Grants permission to read Customer */
-    ReadCustomer = 'ReadCustomer',
-    /** Grants permission to update Customer */
-    UpdateCustomer = 'UpdateCustomer',
-    /** Grants permission to delete Customer */
-    DeleteCustomer = 'DeleteCustomer',
+    /** Grants permission to create PaymentMethods, ShippingMethods, TaxCategories, TaxRates, Zones, Countries, System & GlobalSettings */
+    CreateSettings = 'CreateSettings',
+    /** Grants permission to read PaymentMethods, ShippingMethods, TaxCategories, TaxRates, Zones, Countries, System & GlobalSettings */
+    ReadSettings = 'ReadSettings',
+    /** Grants permission to update PaymentMethods, ShippingMethods, TaxCategories, TaxRates, Zones, Countries, System & GlobalSettings */
+    UpdateSettings = 'UpdateSettings',
+    /** Grants permission to delete PaymentMethods, ShippingMethods, TaxCategories, TaxRates, Zones, Countries, System & GlobalSettings */
+    DeleteSettings = 'DeleteSettings',
     /** Grants permission to create Administrator */
     CreateAdministrator = 'CreateAdministrator',
     /** Grants permission to read Administrator */
@@ -2510,6 +2512,62 @@ export enum Permission {
     UpdateAdministrator = 'UpdateAdministrator',
     /** Grants permission to delete Administrator */
     DeleteAdministrator = 'DeleteAdministrator',
+    /** Grants permission to create Asset */
+    CreateAsset = 'CreateAsset',
+    /** Grants permission to read Asset */
+    ReadAsset = 'ReadAsset',
+    /** Grants permission to update Asset */
+    UpdateAsset = 'UpdateAsset',
+    /** Grants permission to delete Asset */
+    DeleteAsset = 'DeleteAsset',
+    /** Grants permission to create Channel */
+    CreateChannel = 'CreateChannel',
+    /** Grants permission to read Channel */
+    ReadChannel = 'ReadChannel',
+    /** Grants permission to update Channel */
+    UpdateChannel = 'UpdateChannel',
+    /** Grants permission to delete Channel */
+    DeleteChannel = 'DeleteChannel',
+    /** Grants permission to create Collection */
+    CreateCollection = 'CreateCollection',
+    /** Grants permission to read Collection */
+    ReadCollection = 'ReadCollection',
+    /** Grants permission to update Collection */
+    UpdateCollection = 'UpdateCollection',
+    /** Grants permission to delete Collection */
+    DeleteCollection = 'DeleteCollection',
+    /** Grants permission to create Country */
+    CreateCountry = 'CreateCountry',
+    /** Grants permission to read Country */
+    ReadCountry = 'ReadCountry',
+    /** Grants permission to update Country */
+    UpdateCountry = 'UpdateCountry',
+    /** Grants permission to delete Country */
+    DeleteCountry = 'DeleteCountry',
+    /** Grants permission to create Customer */
+    CreateCustomer = 'CreateCustomer',
+    /** Grants permission to read Customer */
+    ReadCustomer = 'ReadCustomer',
+    /** Grants permission to update Customer */
+    UpdateCustomer = 'UpdateCustomer',
+    /** Grants permission to delete Customer */
+    DeleteCustomer = 'DeleteCustomer',
+    /** Grants permission to create CustomerGroup */
+    CreateCustomerGroup = 'CreateCustomerGroup',
+    /** Grants permission to read CustomerGroup */
+    ReadCustomerGroup = 'ReadCustomerGroup',
+    /** Grants permission to update CustomerGroup */
+    UpdateCustomerGroup = 'UpdateCustomerGroup',
+    /** Grants permission to delete CustomerGroup */
+    DeleteCustomerGroup = 'DeleteCustomerGroup',
+    /** Grants permission to create Facet */
+    CreateFacet = 'CreateFacet',
+    /** Grants permission to read Facet */
+    ReadFacet = 'ReadFacet',
+    /** Grants permission to update Facet */
+    UpdateFacet = 'UpdateFacet',
+    /** Grants permission to delete Facet */
+    DeleteFacet = 'DeleteFacet',
     /** Grants permission to create Order */
     CreateOrder = 'CreateOrder',
     /** Grants permission to read Order */
@@ -2518,6 +2576,22 @@ export enum Permission {
     UpdateOrder = 'UpdateOrder',
     /** Grants permission to delete Order */
     DeleteOrder = 'DeleteOrder',
+    /** Grants permission to create PaymentMethod */
+    CreatePaymentMethod = 'CreatePaymentMethod',
+    /** Grants permission to read PaymentMethod */
+    ReadPaymentMethod = 'ReadPaymentMethod',
+    /** Grants permission to update PaymentMethod */
+    UpdatePaymentMethod = 'UpdatePaymentMethod',
+    /** Grants permission to delete PaymentMethod */
+    DeletePaymentMethod = 'DeletePaymentMethod',
+    /** Grants permission to create Product */
+    CreateProduct = 'CreateProduct',
+    /** Grants permission to read Product */
+    ReadProduct = 'ReadProduct',
+    /** Grants permission to update Product */
+    UpdateProduct = 'UpdateProduct',
+    /** Grants permission to delete Product */
+    DeleteProduct = 'DeleteProduct',
     /** Grants permission to create Promotion */
     CreatePromotion = 'CreatePromotion',
     /** Grants permission to read Promotion */
@@ -2526,14 +2600,54 @@ export enum Permission {
     UpdatePromotion = 'UpdatePromotion',
     /** Grants permission to delete Promotion */
     DeletePromotion = 'DeletePromotion',
-    /** Grants permission to create Settings */
-    CreateSettings = 'CreateSettings',
-    /** Grants permission to read Settings */
-    ReadSettings = 'ReadSettings',
-    /** Grants permission to update Settings */
-    UpdateSettings = 'UpdateSettings',
-    /** Grants permission to delete Settings */
-    DeleteSettings = 'DeleteSettings',
+    /** Grants permission to create ShippingMethod */
+    CreateShippingMethod = 'CreateShippingMethod',
+    /** Grants permission to read ShippingMethod */
+    ReadShippingMethod = 'ReadShippingMethod',
+    /** Grants permission to update ShippingMethod */
+    UpdateShippingMethod = 'UpdateShippingMethod',
+    /** Grants permission to delete ShippingMethod */
+    DeleteShippingMethod = 'DeleteShippingMethod',
+    /** Grants permission to create Tag */
+    CreateTag = 'CreateTag',
+    /** Grants permission to read Tag */
+    ReadTag = 'ReadTag',
+    /** Grants permission to update Tag */
+    UpdateTag = 'UpdateTag',
+    /** Grants permission to delete Tag */
+    DeleteTag = 'DeleteTag',
+    /** Grants permission to create TaxCategory */
+    CreateTaxCategory = 'CreateTaxCategory',
+    /** Grants permission to read TaxCategory */
+    ReadTaxCategory = 'ReadTaxCategory',
+    /** Grants permission to update TaxCategory */
+    UpdateTaxCategory = 'UpdateTaxCategory',
+    /** Grants permission to delete TaxCategory */
+    DeleteTaxCategory = 'DeleteTaxCategory',
+    /** Grants permission to create TaxRate */
+    CreateTaxRate = 'CreateTaxRate',
+    /** Grants permission to read TaxRate */
+    ReadTaxRate = 'ReadTaxRate',
+    /** Grants permission to update TaxRate */
+    UpdateTaxRate = 'UpdateTaxRate',
+    /** Grants permission to delete TaxRate */
+    DeleteTaxRate = 'DeleteTaxRate',
+    /** Grants permission to create System */
+    CreateSystem = 'CreateSystem',
+    /** Grants permission to read System */
+    ReadSystem = 'ReadSystem',
+    /** Grants permission to update System */
+    UpdateSystem = 'UpdateSystem',
+    /** Grants permission to delete System */
+    DeleteSystem = 'DeleteSystem',
+    /** Grants permission to create Zone */
+    CreateZone = 'CreateZone',
+    /** Grants permission to read Zone */
+    ReadZone = 'ReadZone',
+    /** Grants permission to update Zone */
+    UpdateZone = 'UpdateZone',
+    /** Grants permission to delete Zone */
+    DeleteZone = 'DeleteZone',
 }
 
 export enum SortOrder {
@@ -3861,7 +3975,7 @@ export type OrderLine = Node & {
     discounts: Array<Discount>;
     taxLines: Array<TaxLine>;
     order: Order;
-    customFields?: Maybe<OrderLineCustomFields>;
+    customFields?: Maybe<Scalars['JSON']>;
 };
 
 export type Refund = Node & {
@@ -4563,14 +4677,6 @@ export type HistoryEntrySortParameter = {
     updatedAt?: Maybe<SortOrder>;
 };
 
-export type OrderLineCustomFields = {
-    giftCardValue?: Maybe<Scalars['Int']>;
-    giftCardRecipientName?: Maybe<Scalars['String']>;
-    giftCardRecipientEmailAddress?: Maybe<Scalars['String']>;
-    giftCardMessage?: Maybe<Scalars['String']>;
-    giftCardDeliveryDate?: Maybe<Scalars['DateTime']>;
-};
-
 export type AuthenticationInput = {
     native?: Maybe<NativeAuthInput>;
 };

packages/core/e2e/graphql/generated-e2e-shop-types.ts

@@ -454,22 +454,24 @@ export enum Permission {
     Owner = 'Owner',
     /** Public means any unauthenticated user may perform the operation */
     Public = 'Public',
-    /** Grants permission to create Catalog */
+    /** Grants permission to update GlobalSettings */
+    UpdateGlobalSettings = 'UpdateGlobalSettings',
+    /** Grants permission to create Products, Facets, Assets, Collections */
     CreateCatalog = 'CreateCatalog',
-    /** Grants permission to read Catalog */
+    /** Grants permission to read Products, Facets, Assets, Collections */
     ReadCatalog = 'ReadCatalog',
-    /** Grants permission to update Catalog */
+    /** Grants permission to update Products, Facets, Assets, Collections */
     UpdateCatalog = 'UpdateCatalog',
-    /** Grants permission to delete Catalog */
+    /** Grants permission to delete Products, Facets, Assets, Collections */
     DeleteCatalog = 'DeleteCatalog',
-    /** Grants permission to create Customer */
-    CreateCustomer = 'CreateCustomer',
-    /** Grants permission to read Customer */
-    ReadCustomer = 'ReadCustomer',
-    /** Grants permission to update Customer */
-    UpdateCustomer = 'UpdateCustomer',
-    /** Grants permission to delete Customer */
-    DeleteCustomer = 'DeleteCustomer',
+    /** Grants permission to create PaymentMethods, ShippingMethods, TaxCategories, TaxRates, Zones, Countries, System & GlobalSettings */
+    CreateSettings = 'CreateSettings',
+    /** Grants permission to read PaymentMethods, ShippingMethods, TaxCategories, TaxRates, Zones, Countries, System & GlobalSettings */
+    ReadSettings = 'ReadSettings',
+    /** Grants permission to update PaymentMethods, ShippingMethods, TaxCategories, TaxRates, Zones, Countries, System & GlobalSettings */
+    UpdateSettings = 'UpdateSettings',
+    /** Grants permission to delete PaymentMethods, ShippingMethods, TaxCategories, TaxRates, Zones, Countries, System & GlobalSettings */
+    DeleteSettings = 'DeleteSettings',
     /** Grants permission to create Administrator */
     CreateAdministrator = 'CreateAdministrator',
     /** Grants permission to read Administrator */
@@ -478,6 +480,62 @@ export enum Permission {
     UpdateAdministrator = 'UpdateAdministrator',
     /** Grants permission to delete Administrator */
     DeleteAdministrator = 'DeleteAdministrator',
+    /** Grants permission to create Asset */
+    CreateAsset = 'CreateAsset',
+    /** Grants permission to read Asset */
+    ReadAsset = 'ReadAsset',
+    /** Grants permission to update Asset */
+    UpdateAsset = 'UpdateAsset',
+    /** Grants permission to delete Asset */
+    DeleteAsset = 'DeleteAsset',
+    /** Grants permission to create Channel */
+    CreateChannel = 'CreateChannel',
+    /** Grants permission to read Channel */
+    ReadChannel = 'ReadChannel',
+    /** Grants permission to update Channel */
+    UpdateChannel = 'UpdateChannel',
+    /** Grants permission to delete Channel */
+    DeleteChannel = 'DeleteChannel',
+    /** Grants permission to create Collection */
+    CreateCollection = 'CreateCollection',
+    /** Grants permission to read Collection */
+    ReadCollection = 'ReadCollection',
+    /** Grants permission to update Collection */
+    UpdateCollection = 'UpdateCollection',
+    /** Grants permission to delete Collection */
+    DeleteCollection = 'DeleteCollection',
+    /** Grants permission to create Country */
+    CreateCountry = 'CreateCountry',
+    /** Grants permission to read Country */
+    ReadCountry = 'ReadCountry',
+    /** Grants permission to update Country */
+    UpdateCountry = 'UpdateCountry',
+    /** Grants permission to delete Country */
+    DeleteCountry = 'DeleteCountry',
+    /** Grants permission to create Customer */
+    CreateCustomer = 'CreateCustomer',
+    /** Grants permission to read Customer */
+    ReadCustomer = 'ReadCustomer',
+    /** Grants permission to update Customer */
+    UpdateCustomer = 'UpdateCustomer',
+    /** Grants permission to delete Customer */
+    DeleteCustomer = 'DeleteCustomer',
+    /** Grants permission to create CustomerGroup */
+    CreateCustomerGroup = 'CreateCustomerGroup',
+    /** Grants permission to read CustomerGroup */
+    ReadCustomerGroup = 'ReadCustomerGroup',
+    /** Grants permission to update CustomerGroup */
+    UpdateCustomerGroup = 'UpdateCustomerGroup',
+    /** Grants permission to delete CustomerGroup */
+    DeleteCustomerGroup = 'DeleteCustomerGroup',
+    /** Grants permission to create Facet */
+    CreateFacet = 'CreateFacet',
+    /** Grants permission to read Facet */
+    ReadFacet = 'ReadFacet',
+    /** Grants permission to update Facet */
+    UpdateFacet = 'UpdateFacet',
+    /** Grants permission to delete Facet */
+    DeleteFacet = 'DeleteFacet',
     /** Grants permission to create Order */
     CreateOrder = 'CreateOrder',
     /** Grants permission to read Order */
@@ -486,6 +544,22 @@ export enum Permission {
     UpdateOrder = 'UpdateOrder',
     /** Grants permission to delete Order */
     DeleteOrder = 'DeleteOrder',
+    /** Grants permission to create PaymentMethod */
+    CreatePaymentMethod = 'CreatePaymentMethod',
+    /** Grants permission to read PaymentMethod */
+    ReadPaymentMethod = 'ReadPaymentMethod',
+    /** Grants permission to update PaymentMethod */
+    UpdatePaymentMethod = 'UpdatePaymentMethod',
+    /** Grants permission to delete PaymentMethod */
+    DeletePaymentMethod = 'DeletePaymentMethod',
+    /** Grants permission to create Product */
+    CreateProduct = 'CreateProduct',
+    /** Grants permission to read Product */
+    ReadProduct = 'ReadProduct',
+    /** Grants permission to update Product */
+    UpdateProduct = 'UpdateProduct',
+    /** Grants permission to delete Product */
+    DeleteProduct = 'DeleteProduct',
     /** Grants permission to create Promotion */
     CreatePromotion = 'CreatePromotion',
     /** Grants permission to read Promotion */
@@ -494,14 +568,54 @@ export enum Permission {
     UpdatePromotion = 'UpdatePromotion',
     /** Grants permission to delete Promotion */
     DeletePromotion = 'DeletePromotion',
-    /** Grants permission to create Settings */
-    CreateSettings = 'CreateSettings',
-    /** Grants permission to read Settings */
-    ReadSettings = 'ReadSettings',
-    /** Grants permission to update Settings */
-    UpdateSettings = 'UpdateSettings',
-    /** Grants permission to delete Settings */
-    DeleteSettings = 'DeleteSettings',
+    /** Grants permission to create ShippingMethod */
+    CreateShippingMethod = 'CreateShippingMethod',
+    /** Grants permission to read ShippingMethod */
+    ReadShippingMethod = 'ReadShippingMethod',
+    /** Grants permission to update ShippingMethod */
+    UpdateShippingMethod = 'UpdateShippingMethod',
+    /** Grants permission to delete ShippingMethod */
+    DeleteShippingMethod = 'DeleteShippingMethod',
+    /** Grants permission to create Tag */
+    CreateTag = 'CreateTag',
+    /** Grants permission to read Tag */
+    ReadTag = 'ReadTag',
+    /** Grants permission to update Tag */
+    UpdateTag = 'UpdateTag',
+    /** Grants permission to delete Tag */
+    DeleteTag = 'DeleteTag',
+    /** Grants permission to create TaxCategory */
+    CreateTaxCategory = 'CreateTaxCategory',
+    /** Grants permission to read TaxCategory */
+    ReadTaxCategory = 'ReadTaxCategory',
+    /** Grants permission to update TaxCategory */
+    UpdateTaxCategory = 'UpdateTaxCategory',
+    /** Grants permission to delete TaxCategory */
+    DeleteTaxCategory = 'DeleteTaxCategory',
+    /** Grants permission to create TaxRate */
+    CreateTaxRate = 'CreateTaxRate',
+    /** Grants permission to read TaxRate */
+    ReadTaxRate = 'ReadTaxRate',
+    /** Grants permission to update TaxRate */
+    UpdateTaxRate = 'UpdateTaxRate',
+    /** Grants permission to delete TaxRate */
+    DeleteTaxRate = 'DeleteTaxRate',
+    /** Grants permission to create System */
+    CreateSystem = 'CreateSystem',
+    /** Grants permission to read System */
+    ReadSystem = 'ReadSystem',
+    /** Grants permission to update System */
+    UpdateSystem = 'UpdateSystem',
+    /** Grants permission to delete System */
+    DeleteSystem = 'DeleteSystem',
+    /** Grants permission to create Zone */
+    CreateZone = 'CreateZone',
+    /** Grants permission to read Zone */
+    ReadZone = 'ReadZone',
+    /** Grants permission to update Zone */
+    UpdateZone = 'UpdateZone',
+    /** Grants permission to delete Zone */
+    DeleteZone = 'DeleteZone',
 }
 
 export enum SortOrder {

packages/core/src/api/resolvers/admin/asset.resolver.ts

@@ -24,20 +24,20 @@ export class AssetResolver {
     constructor(private assetService: AssetService) {}
 
     @Query()
-    @Allow(Permission.ReadCatalog)
+    @Allow(Permission.ReadCatalog, Permission.ReadAsset)
     async asset(@Ctx() ctx: RequestContext, @Args() args: QueryAssetArgs): Promise<Asset | undefined> {
         return this.assetService.findOne(ctx, args.id);
     }
 
     @Query()
-    @Allow(Permission.ReadCatalog)
+    @Allow(Permission.ReadCatalog, Permission.ReadAsset)
     async assets(@Ctx() ctx: RequestContext, @Args() args: QueryAssetsArgs): Promise<PaginatedList<Asset>> {
         return this.assetService.findAll(ctx, args.options || undefined);
     }
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.CreateCatalog)
+    @Allow(Permission.CreateCatalog, Permission.CreateAsset)
     async createAssets(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationCreateAssetsArgs,
@@ -54,14 +54,14 @@ export class AssetResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.UpdateCatalog)
+    @Allow(Permission.UpdateCatalog, Permission.UpdateAsset)
     async updateAsset(@Ctx() ctx: RequestContext, @Args() { input }: MutationUpdateAssetArgs) {
         return this.assetService.update(ctx, input);
     }
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.DeleteCatalog)
+    @Allow(Permission.DeleteCatalog, Permission.DeleteAsset)
     async deleteAsset(
         @Ctx() ctx: RequestContext,
         @Args() { input: { assetId, force, deleteFromAllChannels } }: MutationDeleteAssetArgs,
@@ -76,7 +76,7 @@ export class AssetResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.DeleteCatalog)
+    @Allow(Permission.DeleteCatalog, Permission.DeleteAsset)
     async deleteAssets(
         @Ctx() ctx: RequestContext,
         @Args() { input: { assetIds, force, deleteFromAllChannels } }: MutationDeleteAssetsArgs,
@@ -91,7 +91,7 @@ export class AssetResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.UpdateCatalog)
+    @Allow(Permission.UpdateCatalog, Permission.UpdateAsset)
     async assignAssetsToChannel(
         @Ctx() ctx: RequestContext,
         @Args() { input }: MutationAssignAssetsToChannelArgs,

packages/core/src/api/resolvers/admin/channel.resolver.ts

@@ -24,13 +24,13 @@ export class ChannelResolver {
     constructor(private channelService: ChannelService, private roleService: RoleService) {}
 
     @Query()
-    @Allow(Permission.ReadSettings)
+    @Allow(Permission.ReadSettings, Permission.ReadChannel)
     channels(@Ctx() ctx: RequestContext): Promise<Channel[]> {
         return this.channelService.findAll(ctx);
     }
 
     @Query()
-    @Allow(Permission.ReadSettings)
+    @Allow(Permission.ReadSettings, Permission.ReadChannel)
     async channel(@Ctx() ctx: RequestContext, @Args() args: QueryChannelArgs): Promise<Channel | undefined> {
         return this.channelService.findOne(ctx, args.id);
     }

packages/core/src/api/resolvers/admin/collection.resolver.ts

@@ -33,7 +33,7 @@ export class CollectionResolver {
     ) {}
 
     @Query()
-    @Allow(Permission.ReadCatalog)
+    @Allow(Permission.ReadCatalog, Permission.ReadCollection)
     async collectionFilters(
         @Ctx() ctx: RequestContext,
         @Args() args: QueryCollectionsArgs,
@@ -42,7 +42,7 @@ export class CollectionResolver {
     }
 
     @Query()
-    @Allow(Permission.ReadCatalog)
+    @Allow(Permission.ReadCatalog, Permission.ReadCollection)
     async collections(
         @Ctx() ctx: RequestContext,
         @Args() args: QueryCollectionsArgs,
@@ -54,7 +54,7 @@ export class CollectionResolver {
     }
 
     @Query()
-    @Allow(Permission.ReadCatalog)
+    @Allow(Permission.ReadCatalog, Permission.ReadCollection)
     async collection(
         @Ctx() ctx: RequestContext,
         @Args() args: QueryCollectionArgs,
@@ -76,7 +76,7 @@ export class CollectionResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.CreateCatalog)
+    @Allow(Permission.CreateCatalog, Permission.CreateCollection)
     async createCollection(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationCreateCollectionArgs,
@@ -88,7 +88,7 @@ export class CollectionResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.UpdateCatalog)
+    @Allow(Permission.UpdateCatalog, Permission.UpdateCollection)
     async updateCollection(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationUpdateCollectionArgs,
@@ -100,7 +100,7 @@ export class CollectionResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.UpdateCatalog)
+    @Allow(Permission.UpdateCatalog, Permission.UpdateCollection)
     async moveCollection(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationMoveCollectionArgs,
@@ -111,7 +111,7 @@ export class CollectionResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.DeleteCatalog)
+    @Allow(Permission.DeleteCatalog, Permission.DeleteCollection)
     async deleteCollection(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationDeleteCollectionArgs,

packages/core/src/api/resolvers/admin/country.resolver.ts

@@ -23,7 +23,7 @@ export class CountryResolver {
     constructor(private countryService: CountryService) {}
 
     @Query()
-    @Allow(Permission.ReadSettings)
+    @Allow(Permission.ReadSettings, Permission.ReadCountry)
     countries(
         @Ctx() ctx: RequestContext,
         @Args() args: QueryCountriesArgs,
@@ -32,7 +32,7 @@ export class CountryResolver {
     }
 
     @Query()
-    @Allow(Permission.ReadSettings)
+    @Allow(Permission.ReadSettings, Permission.ReadCountry)
     async country(
         @Ctx() ctx: RequestContext,
         @Args() args: QueryCountryArgs,
@@ -42,7 +42,7 @@ export class CountryResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.CreateSettings)
+    @Allow(Permission.CreateSettings, Permission.CreateCountry)
     async createCountry(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationCreateCountryArgs,
@@ -52,7 +52,7 @@ export class CountryResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.UpdateSettings)
+    @Allow(Permission.UpdateSettings, Permission.UpdateCountry)
     async updateCountry(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationUpdateCountryArgs,
@@ -62,7 +62,7 @@ export class CountryResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.DeleteSettings)
+    @Allow(Permission.DeleteSettings, Permission.DeleteCountry)
     async deleteCountry(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationDeleteCountryArgs,

packages/core/src/api/resolvers/admin/customer-group.resolver.ts

@@ -24,7 +24,7 @@ export class CustomerGroupResolver {
     constructor(private customerGroupService: CustomerGroupService) {}
 
     @Query()
-    @Allow(Permission.ReadCustomer)
+    @Allow(Permission.ReadCustomer, Permission.ReadCustomerGroup)
     customerGroups(
         @Ctx() ctx: RequestContext,
         @Args() args: QueryCustomerGroupsArgs,
@@ -33,7 +33,7 @@ export class CustomerGroupResolver {
     }
 
     @Query()
-    @Allow(Permission.ReadCustomer)
+    @Allow(Permission.ReadCustomer, Permission.ReadCustomerGroup)
     async customerGroup(
         @Ctx() ctx: RequestContext,
         @Args() args: QueryCustomerGroupArgs,
@@ -43,7 +43,7 @@ export class CustomerGroupResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.CreateCustomer)
+    @Allow(Permission.CreateCustomerGroup)
     async createCustomerGroup(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationCreateCustomerGroupArgs,
@@ -53,7 +53,7 @@ export class CustomerGroupResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.UpdateCustomer)
+    @Allow(Permission.UpdateCustomerGroup)
     async updateCustomerGroup(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationUpdateCustomerGroupArgs,
@@ -63,7 +63,7 @@ export class CustomerGroupResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.DeleteCustomer)
+    @Allow(Permission.DeleteCustomerGroup)
     async deleteCustomerGroup(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationDeleteCustomerGroupArgs,
@@ -73,7 +73,7 @@ export class CustomerGroupResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.UpdateCustomer)
+    @Allow(Permission.UpdateCustomerGroup)
     async addCustomersToGroup(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationAddCustomersToGroupArgs,
@@ -83,7 +83,7 @@ export class CustomerGroupResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.UpdateCustomer)
+    @Allow(Permission.UpdateCustomerGroup)
     async removeCustomersFromGroup(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationRemoveCustomersFromGroupArgs,

packages/core/src/api/resolvers/admin/facet.resolver.ts

@@ -34,7 +34,7 @@ export class FacetResolver {
     ) {}
 
     @Query()
-    @Allow(Permission.ReadCatalog)
+    @Allow(Permission.ReadCatalog, Permission.ReadProduct, Permission.ReadFacet)
     facets(
         @Ctx() ctx: RequestContext,
         @Args() args: QueryFacetsArgs,
@@ -43,7 +43,7 @@ export class FacetResolver {
     }
 
     @Query()
-    @Allow(Permission.ReadCatalog)
+    @Allow(Permission.ReadCatalog, Permission.ReadProduct, Permission.ReadFacet)
     async facet(
         @Ctx() ctx: RequestContext,
         @Args() args: QueryFacetArgs,
@@ -53,7 +53,7 @@ export class FacetResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.CreateCatalog)
+    @Allow(Permission.CreateCatalog, Permission.CreateFacet)
     async createFacet(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationCreateFacetArgs,
@@ -72,7 +72,7 @@ export class FacetResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.UpdateCatalog)
+    @Allow(Permission.UpdateCatalog, Permission.UpdateFacet)
     async updateFacet(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationUpdateFacetArgs,
@@ -83,7 +83,7 @@ export class FacetResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.DeleteCatalog)
+    @Allow(Permission.DeleteCatalog, Permission.DeleteFacet)
     async deleteFacet(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationDeleteFacetArgs,
@@ -93,7 +93,7 @@ export class FacetResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.CreateCatalog)
+    @Allow(Permission.CreateCatalog, Permission.CreateFacet)
     async createFacetValues(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationCreateFacetValuesArgs,
@@ -114,7 +114,7 @@ export class FacetResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.UpdateCatalog)
+    @Allow(Permission.UpdateCatalog, Permission.UpdateFacet)
     async updateFacetValues(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationUpdateFacetValuesArgs,
@@ -125,7 +125,7 @@ export class FacetResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.DeleteCatalog)
+    @Allow(Permission.DeleteCatalog, Permission.DeleteFacet)
     async deleteFacetValues(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationDeleteFacetValuesArgs,

packages/core/src/api/resolvers/admin/global-settings.resolver.ts

@@ -71,7 +71,7 @@ export class GlobalSettingsResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.UpdateSettings)
+    @Allow(Permission.UpdateSettings, Permission.UpdateGlobalSettings)
     async updateGlobalSettings(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationUpdateGlobalSettingsArgs,

packages/core/src/api/resolvers/admin/job.resolver.ts

@@ -18,7 +18,7 @@ export class JobResolver {
     constructor(private configService: ConfigService, private jobService: JobQueueService) {}
 
     @Query()
-    @Allow(Permission.ReadSettings)
+    @Allow(Permission.ReadSettings, Permission.ReadSystem)
     async job(@Args() args: QueryJobArgs) {
         const strategy = this.requireInspectableJobQueueStrategy();
         if (!strategy) {
@@ -28,7 +28,7 @@ export class JobResolver {
     }
 
     @Query()
-    @Allow(Permission.ReadSettings)
+    @Allow(Permission.ReadSettings, Permission.ReadSystem)
     async jobs(@Args() args: QueryJobsArgs) {
         const strategy = this.requireInspectableJobQueueStrategy();
         if (!strategy) {
@@ -41,7 +41,7 @@ export class JobResolver {
     }
 
     @Query()
-    @Allow(Permission.ReadSettings)
+    @Allow(Permission.ReadSettings, Permission.ReadSystem)
     async jobsById(@Args() args: QueryJobsByIdArgs) {
         const strategy = this.requireInspectableJobQueueStrategy();
         if (!strategy) {
@@ -51,13 +51,13 @@ export class JobResolver {
     }
 
     @Query()
-    @Allow(Permission.ReadSettings)
+    @Allow(Permission.ReadSettings, Permission.ReadSystem)
     jobQueues(): JobQueue[] {
         return this.jobService.getJobQueues();
     }
 
     @Mutation()
-    @Allow(Permission.DeleteSettings)
+    @Allow(Permission.DeleteSettings, Permission.DeleteSystem)
     async removeSettledJobs(@Args() args: MutationRemoveSettledJobsArgs) {
         const strategy = this.requireInspectableJobQueueStrategy();
         if (!strategy) {
@@ -67,7 +67,7 @@ export class JobResolver {
     }
 
     @Mutation()
-    @Allow(Permission.DeleteSettings)
+    @Allow(Permission.DeleteSettings, Permission.DeleteSystem)
     async cancelJob(@Args() args: MutationCancelJobArgs) {
         const strategy = this.requireInspectableJobQueueStrategy();
         if (!strategy) {

packages/core/src/api/resolvers/admin/payment-method.resolver.ts

@@ -23,7 +23,7 @@ export class PaymentMethodResolver {
     constructor(private paymentMethodService: PaymentMethodService) {}
 
     @Query()
-    @Allow(Permission.ReadSettings)
+    @Allow(Permission.ReadSettings, Permission.ReadPaymentMethod)
     paymentMethods(
         @Ctx() ctx: RequestContext,
         @Args() args: QueryPaymentMethodsArgs,
@@ -32,7 +32,7 @@ export class PaymentMethodResolver {
     }
 
     @Query()
-    @Allow(Permission.ReadSettings)
+    @Allow(Permission.ReadSettings, Permission.ReadPaymentMethod)
     paymentMethod(
         @Ctx() ctx: RequestContext,
         @Args() args: QueryPaymentMethodArgs,
@@ -42,7 +42,7 @@ export class PaymentMethodResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.CreateSettings)
+    @Allow(Permission.CreateSettings, Permission.CreatePaymentMethod)
     createPaymentMethod(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationCreatePaymentMethodArgs,
@@ -52,7 +52,7 @@ export class PaymentMethodResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.UpdateSettings)
+    @Allow(Permission.UpdateSettings, Permission.UpdatePaymentMethod)
     updatePaymentMethod(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationUpdatePaymentMethodArgs,
@@ -62,7 +62,7 @@ export class PaymentMethodResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.DeleteSettings)
+    @Allow(Permission.DeleteSettings, Permission.DeletePaymentMethod)
     deletePaymentMethod(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationDeletePaymentMethodArgs,
@@ -71,13 +71,13 @@ export class PaymentMethodResolver {
     }
 
     @Query()
-    @Allow(Permission.ReadSettings)
+    @Allow(Permission.ReadSettings, Permission.ReadPaymentMethod)
     paymentMethodHandlers(@Ctx() ctx: RequestContext): ConfigurableOperationDefinition[] {
         return this.paymentMethodService.getPaymentMethodHandlers(ctx);
     }
 
     @Query()
-    @Allow(Permission.ReadSettings)
+    @Allow(Permission.ReadSettings, Permission.ReadPaymentMethod)
     paymentMethodEligibilityCheckers(@Ctx() ctx: RequestContext): ConfigurableOperationDefinition[] {
         return this.paymentMethodService.getPaymentMethodEligibilityCheckers(ctx);
     }

packages/core/src/api/resolvers/admin/product-option.resolver.ts

@@ -27,7 +27,7 @@ export class ProductOptionResolver {
     ) {}
 
     @Query()
-    @Allow(Permission.ReadCatalog)
+    @Allow(Permission.ReadCatalog, Permission.ReadProduct)
     productOptionGroups(
         @Ctx() ctx: RequestContext,
         @Args() args: QueryProductOptionGroupsArgs,
@@ -36,7 +36,7 @@ export class ProductOptionResolver {
     }
 
     @Query()
-    @Allow(Permission.ReadCatalog)
+    @Allow(Permission.ReadCatalog, Permission.ReadProduct)
     productOptionGroup(
         @Ctx() ctx: RequestContext,
         @Args() args: QueryProductOptionGroupArgs,
@@ -46,7 +46,7 @@ export class ProductOptionResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.CreateCatalog)
+    @Allow(Permission.CreateCatalog, Permission.CreateProduct)
     async createProductOptionGroup(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationCreateProductOptionGroupArgs,
@@ -65,7 +65,7 @@ export class ProductOptionResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.UpdateCatalog)
+    @Allow(Permission.UpdateCatalog, Permission.UpdateProduct)
     async updateProductOptionGroup(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationUpdateProductOptionGroupArgs,
@@ -76,7 +76,7 @@ export class ProductOptionResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.CreateCatalog)
+    @Allow(Permission.CreateCatalog, Permission.CreateProduct)
     async createProductOption(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationCreateProductOptionArgs,
@@ -87,7 +87,7 @@ export class ProductOptionResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.UpdateCatalog)
+    @Allow(Permission.UpdateCatalog, Permission.UpdateProduct)
     async updateProductOption(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationUpdateProductOptionArgs,

packages/core/src/api/resolvers/admin/product.resolver.ts

@@ -44,7 +44,7 @@ export class ProductResolver {
     ) {}
 
     @Query()
-    @Allow(Permission.ReadCatalog)
+    @Allow(Permission.ReadCatalog, Permission.ReadProduct)
     async products(
         @Ctx() ctx: RequestContext,
         @Args() args: QueryProductsArgs,
@@ -53,7 +53,7 @@ export class ProductResolver {
     }
 
     @Query()
-    @Allow(Permission.ReadCatalog)
+    @Allow(Permission.ReadCatalog, Permission.ReadProduct)
     async product(
         @Ctx() ctx: RequestContext,
         @Args() args: QueryProductArgs,
@@ -72,7 +72,7 @@ export class ProductResolver {
     }
 
     @Query()
-    @Allow(Permission.ReadCatalog)
+    @Allow(Permission.ReadCatalog, Permission.ReadProduct)
     async productVariants(
         @Ctx() ctx: RequestContext,
         @Args() args: QueryProductVariantsArgs,
@@ -89,7 +89,7 @@ export class ProductResolver {
     }
 
     @Query()
-    @Allow(Permission.ReadCatalog)
+    @Allow(Permission.ReadCatalog, Permission.ReadProduct)
     async productVariant(
         @Ctx() ctx: RequestContext,
         @Args() args: QueryProductVariantArgs,
@@ -99,7 +99,7 @@ export class ProductResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.CreateCatalog)
+    @Allow(Permission.CreateCatalog, Permission.CreateProduct)
     async createProduct(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationCreateProductArgs,
@@ -110,7 +110,7 @@ export class ProductResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.UpdateCatalog)
+    @Allow(Permission.UpdateCatalog, Permission.UpdateProduct)
     async updateProduct(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationUpdateProductArgs,
@@ -121,7 +121,7 @@ export class ProductResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.DeleteCatalog)
+    @Allow(Permission.DeleteCatalog, Permission.DeleteProduct)
     async deleteProduct(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationDeleteProductArgs,
@@ -131,7 +131,7 @@ export class ProductResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.UpdateCatalog)
+    @Allow(Permission.UpdateCatalog, Permission.UpdateProduct)
     async addOptionGroupToProduct(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationAddOptionGroupToProductArgs,
@@ -142,7 +142,7 @@ export class ProductResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.UpdateCatalog)
+    @Allow(Permission.UpdateCatalog, Permission.UpdateProduct)
     async removeOptionGroupFromProduct(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationRemoveOptionGroupFromProductArgs,
@@ -153,7 +153,7 @@ export class ProductResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.UpdateCatalog)
+    @Allow(Permission.UpdateCatalog, Permission.UpdateProduct)
     async createProductVariants(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationCreateProductVariantsArgs,
@@ -164,7 +164,7 @@ export class ProductResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.UpdateCatalog)
+    @Allow(Permission.UpdateCatalog, Permission.UpdateProduct)
     async updateProductVariants(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationUpdateProductVariantsArgs,
@@ -175,7 +175,7 @@ export class ProductResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.DeleteCatalog)
+    @Allow(Permission.DeleteCatalog, Permission.DeleteProduct)
     async deleteProductVariant(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationDeleteProductVariantArgs,
@@ -185,7 +185,7 @@ export class ProductResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.UpdateCatalog)
+    @Allow(Permission.UpdateCatalog, Permission.UpdateProduct)
     async assignProductsToChannel(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationAssignProductsToChannelArgs,
@@ -195,7 +195,7 @@ export class ProductResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.UpdateCatalog)
+    @Allow(Permission.UpdateCatalog, Permission.UpdateProduct)
     async removeProductsFromChannel(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationRemoveProductsFromChannelArgs,
@@ -205,7 +205,7 @@ export class ProductResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.UpdateCatalog)
+    @Allow(Permission.UpdateCatalog, Permission.UpdateProduct)
     async assignProductVariantsToChannel(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationAssignProductVariantsToChannelArgs,
@@ -215,7 +215,7 @@ export class ProductResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.UpdateCatalog)
+    @Allow(Permission.UpdateCatalog, Permission.UpdateProduct)
     async removeProductVariantsFromChannel(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationRemoveProductVariantsFromChannelArgs,

packages/core/src/api/resolvers/admin/promotion.resolver.ts

@@ -33,7 +33,7 @@ export class PromotionResolver {
     ) {}
 
     @Query()
-    @Allow(Permission.ReadPromotion)
+    @Allow(Permission.ReadPromotion, Permission.ReadPromotion)
     promotions(
         @Ctx() ctx: RequestContext,
         @Args() args: QueryPromotionsArgs,
@@ -45,26 +45,26 @@ export class PromotionResolver {
     }
 
     @Query()
-    @Allow(Permission.ReadPromotion)
+    @Allow(Permission.ReadPromotion, Permission.ReadPromotion)
     promotion(@Ctx() ctx: RequestContext, @Args() args: QueryPromotionArgs): Promise<Promotion | undefined> {
         return this.promotionService.findOne(ctx, args.id).then(this.encodeConditionsAndActions);
     }
 
     @Query()
-    @Allow(Permission.ReadPromotion)
+    @Allow(Permission.ReadPromotion, Permission.ReadPromotion)
     promotionConditions(@Ctx() ctx: RequestContext) {
         return this.promotionService.getPromotionConditions(ctx);
     }
 
     @Query()
-    @Allow(Permission.ReadPromotion)
+    @Allow(Permission.ReadPromotion, Permission.ReadPromotion)
     promotionActions(@Ctx() ctx: RequestContext) {
         return this.promotionService.getPromotionActions(ctx);
     }
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.CreatePromotion)
+    @Allow(Permission.CreatePromotion, Permission.CreatePromotion)
     createPromotion(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationCreatePromotionArgs,
@@ -82,7 +82,7 @@ export class PromotionResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.UpdatePromotion)
+    @Allow(Permission.UpdatePromotion, Permission.UpdatePromotion)
     updatePromotion(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationUpdatePromotionArgs,
@@ -104,7 +104,7 @@ export class PromotionResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.DeletePromotion)
+    @Allow(Permission.DeletePromotion, Permission.DeletePromotion)
     deletePromotion(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationDeletePromotionArgs,
@@ -114,7 +114,7 @@ export class PromotionResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.UpdatePromotion)
+    @Allow(Permission.UpdatePromotion, Permission.UpdatePromotion)
     assignPromotionsToChannel(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationAssignPromotionsToChannelArgs,
@@ -124,7 +124,7 @@ export class PromotionResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.UpdatePromotion)
+    @Allow(Permission.UpdatePromotion, Permission.UpdatePromotion)
     removePromotionsFromChannel(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationRemovePromotionsFromChannelArgs,

packages/core/src/api/resolvers/admin/search.resolver.ts

@@ -10,7 +10,7 @@ import { Allow } from '../../decorators/allow.decorator';
 @Resolver()
 export class SearchResolver {
     @Query()
-    @Allow(Permission.ReadCatalog)
+    @Allow(Permission.ReadCatalog, Permission.ReadProduct)
     async search(...args: any): Promise<Omit<SearchResponse, 'facetValues'>> {
         throw new InternalServerError(`error.no-search-plugin-configured`);
     }
@@ -21,7 +21,7 @@ export class SearchResolver {
     }
 
     @Mutation()
-    @Allow(Permission.UpdateCatalog)
+    @Allow(Permission.UpdateCatalog, Permission.UpdateProduct)
     async reindex(...args: any[]): Promise<any> {
         throw new InternalServerError(`error.no-search-plugin-configured`);
     }

packages/core/src/api/resolvers/admin/shipping-method.resolver.ts

@@ -29,7 +29,7 @@ export class ShippingMethodResolver {
     ) {}
 
     @Query()
-    @Allow(Permission.ReadSettings)
+    @Allow(Permission.ReadSettings, Permission.ReadShippingMethod)
     shippingMethods(
         @Ctx() ctx: RequestContext,
         @Args() args: QueryShippingMethodsArgs,
@@ -38,7 +38,7 @@ export class ShippingMethodResolver {
     }
 
     @Query()
-    @Allow(Permission.ReadSettings)
+    @Allow(Permission.ReadSettings, Permission.ReadShippingMethod)
     shippingMethod(
         @Ctx() ctx: RequestContext,
         @Args() args: QueryShippingMethodArgs,
@@ -47,26 +47,26 @@ export class ShippingMethodResolver {
     }
 
     @Query()
-    @Allow(Permission.ReadSettings, Permission.ReadOrder)
+    @Allow(Permission.ReadSettings, Permission.ReadOrder, Permission.ReadShippingMethod)
     shippingEligibilityCheckers(@Ctx() ctx: RequestContext): ConfigurableOperationDefinition[] {
         return this.shippingMethodService.getShippingEligibilityCheckers(ctx);
     }
 
     @Query()
-    @Allow(Permission.ReadSettings, Permission.ReadOrder)
+    @Allow(Permission.ReadSettings, Permission.ReadOrder, Permission.ReadShippingMethod)
     shippingCalculators(@Ctx() ctx: RequestContext): ConfigurableOperationDefinition[] {
         return this.shippingMethodService.getShippingCalculators(ctx);
     }
 
     @Query()
-    @Allow(Permission.ReadSettings, Permission.ReadOrder)
+    @Allow(Permission.ReadSettings, Permission.ReadOrder, Permission.ReadShippingMethod)
     fulfillmentHandlers(@Ctx() ctx: RequestContext): ConfigurableOperationDefinition[] {
         return this.shippingMethodService.getFulfillmentHandlers(ctx);
     }
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.CreateSettings)
+    @Allow(Permission.CreateSettings, Permission.CreateShippingMethod)
     createShippingMethod(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationCreateShippingMethodArgs,
@@ -77,7 +77,7 @@ export class ShippingMethodResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.UpdateSettings)
+    @Allow(Permission.UpdateSettings, Permission.UpdateShippingMethod)
     updateShippingMethod(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationUpdateShippingMethodArgs,
@@ -88,7 +88,7 @@ export class ShippingMethodResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.DeleteSettings)
+    @Allow(Permission.DeleteSettings, Permission.DeleteShippingMethod)
     deleteShippingMethod(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationDeleteShippingMethodArgs,
@@ -98,14 +98,14 @@ export class ShippingMethodResolver {
     }
 
     @Query()
-    @Allow(Permission.ReadSettings)
+    @Allow(Permission.ReadSettings, Permission.ReadShippingMethod)
     testShippingMethod(@Ctx() ctx: RequestContext, @Args() args: QueryTestShippingMethodArgs) {
         const { input } = args;
         return this.orderTestingService.testShippingMethod(ctx, input);
     }
 
     @Query()
-    @Allow(Permission.ReadSettings)
+    @Allow(Permission.ReadSettings, Permission.ReadShippingMethod)
     testEligibleShippingMethods(
         @Ctx() ctx: RequestContext,
         @Args() args: QueryTestEligibleShippingMethodsArgs,

packages/core/src/api/resolvers/admin/tag.resolver.ts

@@ -22,34 +22,34 @@ export class TagResolver {
     constructor(private tagService: TagService) {}
 
     @Query()
-    @Allow(Permission.ReadSettings)
+    @Allow(Permission.ReadSettings, Permission.ReadTag, Permission.ReadAsset)
     async tags(@Ctx() ctx: RequestContext, @Args() args: QueryTagsArgs): Promise<TagList> {
         return this.tagService.findAll(ctx, args.options);
     }
 
     @Query()
-    @Allow(Permission.ReadSettings)
+    @Allow(Permission.ReadSettings, Permission.ReadTag, Permission.ReadAsset)
     async tag(@Ctx() ctx: RequestContext, @Args() args: QueryTagArgs): Promise<Tag | undefined> {
         return this.tagService.findOne(ctx, args.id);
     }
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.CreateSettings)
+    @Allow(Permission.CreateSettings, Permission.CreateTag)
     async createTag(@Ctx() ctx: RequestContext, @Args() args: MutationCreateTagArgs): Promise<Tag> {
         return this.tagService.create(ctx, args.input);
     }
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.UpdateSettings)
+    @Allow(Permission.UpdateSettings, Permission.UpdateTag)
     async updateTag(@Ctx() ctx: RequestContext, @Args() args: MutationUpdateTagArgs): Promise<Tag> {
         return this.tagService.update(ctx, args.input);
     }
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.DeleteSettings)
+    @Allow(Permission.DeleteSettings, Permission.DeleteTag)
     async deleteTag(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationDeleteTagArgs,

packages/core/src/api/resolvers/admin/tax-category.resolver.ts

@@ -20,13 +20,13 @@ export class TaxCategoryResolver {
     constructor(private taxCategoryService: TaxCategoryService) {}
 
     @Query()
-    @Allow(Permission.ReadSettings, Permission.ReadCatalog)
+    @Allow(Permission.ReadSettings, Permission.ReadCatalog, Permission.ReadTaxCategory)
     taxCategories(@Ctx() ctx: RequestContext): Promise<TaxCategory[]> {
         return this.taxCategoryService.findAll(ctx);
     }
 
     @Query()
-    @Allow(Permission.ReadSettings)
+    @Allow(Permission.ReadSettings, Permission.ReadTaxCategory)
     async taxCategory(
         @Ctx() ctx: RequestContext,
         @Args() args: QueryTaxCategoryArgs,
@@ -36,7 +36,7 @@ export class TaxCategoryResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.CreateSettings)
+    @Allow(Permission.CreateSettings, Permission.CreateTaxCategory)
     async createTaxCategory(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationCreateTaxCategoryArgs,
@@ -46,7 +46,7 @@ export class TaxCategoryResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.UpdateSettings)
+    @Allow(Permission.UpdateSettings, Permission.UpdateTaxCategory)
     async updateTaxCategory(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationUpdateTaxCategoryArgs,
@@ -56,7 +56,7 @@ export class TaxCategoryResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.DeleteSettings)
+    @Allow(Permission.DeleteSettings, Permission.DeleteTaxCategory)
     async deleteTaxCategory(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationDeleteTaxCategoryArgs,

packages/core/src/api/resolvers/admin/tax-rate.resolver.ts

@@ -22,20 +22,20 @@ export class TaxRateResolver {
     constructor(private taxRateService: TaxRateService) {}
 
     @Query()
-    @Allow(Permission.ReadSettings, Permission.ReadCatalog)
+    @Allow(Permission.ReadSettings, Permission.ReadCatalog, Permission.ReadTaxRate)
     taxRates(@Ctx() ctx: RequestContext, @Args() args: QueryTaxRatesArgs): Promise<PaginatedList<TaxRate>> {
         return this.taxRateService.findAll(ctx, args.options || undefined);
     }
 
     @Query()
-    @Allow(Permission.ReadSettings, Permission.ReadCatalog)
+    @Allow(Permission.ReadSettings, Permission.ReadCatalog, Permission.ReadTaxRate)
     async taxRate(@Ctx() ctx: RequestContext, @Args() args: QueryTaxRateArgs): Promise<TaxRate | undefined> {
         return this.taxRateService.findOne(ctx, args.id);
     }
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.CreateSettings)
+    @Allow(Permission.CreateSettings, Permission.CreateTaxRate)
     async createTaxRate(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationCreateTaxRateArgs,
@@ -45,7 +45,7 @@ export class TaxRateResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.UpdateSettings)
+    @Allow(Permission.UpdateSettings, Permission.UpdateTaxRate)
     async updateTaxRate(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationUpdateTaxRateArgs,
@@ -55,7 +55,7 @@ export class TaxRateResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.DeleteSettings)
+    @Allow(Permission.DeleteSettings, Permission.DeleteTaxRate)
     async deleteTaxRate(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationDeleteTaxRateArgs,

packages/core/src/api/resolvers/admin/zone.resolver.ts

@@ -22,34 +22,34 @@ export class ZoneResolver {
     constructor(private zoneService: ZoneService) {}
 
     @Query()
-    @Allow(Permission.ReadSettings)
+    @Allow(Permission.ReadSettings, Permission.ReadZone)
     zones(@Ctx() ctx: RequestContext): Zone[] {
         return this.zoneService.findAll(ctx);
     }
 
     @Query()
-    @Allow(Permission.ReadSettings)
+    @Allow(Permission.ReadSettings, Permission.ReadZone)
     async zone(@Ctx() ctx: RequestContext, @Args() args: QueryZoneArgs): Promise<Zone | undefined> {
         return this.zoneService.findOne(ctx, args.id);
     }
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.CreateSettings)
+    @Allow(Permission.CreateSettings, Permission.CreateZone)
     async createZone(@Ctx() ctx: RequestContext, @Args() args: MutationCreateZoneArgs): Promise<Zone> {
         return this.zoneService.create(ctx, args.input);
     }
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.UpdateSettings)
+    @Allow(Permission.UpdateSettings, Permission.UpdateZone)
     async updateZone(@Ctx() ctx: RequestContext, @Args() args: MutationUpdateZoneArgs): Promise<Zone> {
         return this.zoneService.update(ctx, args.input);
     }
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.DeleteSettings)
+    @Allow(Permission.DeleteSettings, Permission.DeleteZone)
     async deleteZone(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationDeleteZoneArgs,
@@ -59,7 +59,7 @@ export class ZoneResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.UpdateSettings)
+    @Allow(Permission.UpdateSettings, Permission.UpdateZone)
     async addMembersToZone(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationAddMembersToZoneArgs,
@@ -69,7 +69,7 @@ export class ZoneResolver {
 
     @Transaction()
     @Mutation()
-    @Allow(Permission.UpdateSettings)
+    @Allow(Permission.UpdateSettings, Permission.UpdateZone)
     async removeMembersFromZone(
         @Ctx() ctx: RequestContext,
         @Args() args: MutationRemoveMembersFromZoneArgs,

packages/core/src/api/resolvers/entity/product-option-entity.resolver.ts

@@ -24,7 +24,7 @@ export class ProductOptionEntityResolver {
     }
 
     @ResolveField()
-    @Allow(Permission.ReadCatalog, Permission.Public)
+    @Allow(Permission.ReadCatalog, Permission.Public, Permission.ReadProduct)
     async group(
         @Ctx() ctx: RequestContext,
         @Parent() option: Translated<ProductOption>,

packages/core/src/api/resolvers/entity/product-option-group-entity.resolver.ts

@@ -23,7 +23,7 @@ export class ProductOptionGroupEntityResolver {
     }
 
     @ResolveField()
-    @Allow(Permission.ReadCatalog, Permission.Public)
+    @Allow(Permission.ReadCatalog, Permission.Public, Permission.ReadProduct)
     async options(
         @Ctx() ctx: RequestContext,
         @Parent() optionGroup: Translated<ProductOptionGroup>,

packages/core/src/api/resolvers/entity/tax-rate-entity.resolver.ts

@@ -14,7 +14,7 @@ import { Ctx } from '../../decorators/request-context.decorator';
 export class TaxRateEntityResolver {
     constructor(private taxRateService: TaxRateService) {}
 
-    @Allow(Permission.ReadCustomer)
+    @Allow(Permission.ReadCustomer, Permission.ReadCustomerGroup)
     @ResolveField()
     async customerGroup(
         @Ctx() ctx: RequestContext,

packages/core/src/common/constants.ts

@@ -34,12 +34,39 @@ export const DEFAULT_PERMISSIONS: PermissionDefinition[] = [
         assignable: false,
         internal: true,
     }),
-    new CrudPermissionDefinition('Catalog'),
-    new CrudPermissionDefinition('Customer'),
+    new PermissionDefinition({
+        name: 'UpdateGlobalSettings',
+        description: `Grants permission to update GlobalSettings`,
+        assignable: true,
+        internal: false,
+    }),
+    new CrudPermissionDefinition(
+        'Catalog',
+        operation => `Grants permission to ${operation} Products, Facets, Assets, Collections`,
+    ),
+    new CrudPermissionDefinition(
+        'Settings',
+        operation =>
+            `Grants permission to ${operation} PaymentMethods, ShippingMethods, TaxCategories, TaxRates, Zones, Countries, System & GlobalSettings`,
+    ),
     new CrudPermissionDefinition('Administrator'),
+    new CrudPermissionDefinition('Asset'),
+    new CrudPermissionDefinition('Channel'),
+    new CrudPermissionDefinition('Collection'),
+    new CrudPermissionDefinition('Country'),
+    new CrudPermissionDefinition('Customer'),
+    new CrudPermissionDefinition('CustomerGroup'),
+    new CrudPermissionDefinition('Facet'),
     new CrudPermissionDefinition('Order'),
+    new CrudPermissionDefinition('PaymentMethod'),
+    new CrudPermissionDefinition('Product'),
     new CrudPermissionDefinition('Promotion'),
-    new CrudPermissionDefinition('Settings'),
+    new CrudPermissionDefinition('ShippingMethod'),
+    new CrudPermissionDefinition('Tag'),
+    new CrudPermissionDefinition('TaxCategory'),
+    new CrudPermissionDefinition('TaxRate'),
+    new CrudPermissionDefinition('System'),
+    new CrudPermissionDefinition('Zone'),
 ];
 
 export function getAllPermissionsMetadata(customPermissions: PermissionDefinition[]): PermissionMetadata[] {

packages/core/src/common/permission-definition.ts

@@ -144,7 +144,10 @@ export class PermissionDefinition {
  * @docsWeight 1
  */
 export class CrudPermissionDefinition extends PermissionDefinition {
-    constructor(name: string) {
+    constructor(
+        name: string,
+        private descriptionFn?: (operation: 'create' | 'read' | 'update' | 'delete') => string,
+    ) {
         super({ name });
     }
 
@@ -152,7 +155,10 @@ export class CrudPermissionDefinition extends PermissionDefinition {
     getMetadata(): PermissionMetadata[] {
         return ['Create', 'Read', 'Update', 'Delete'].map(operation => ({
             name: `${operation}${this.config.name}`,
-            description: `Grants permission to ${operation.toLocaleLowerCase()} ${this.config.name}`,
+            description:
+                typeof this.descriptionFn === 'function'
+                    ? this.descriptionFn(operation.toLocaleLowerCase() as any)
+                    : `Grants permission to ${operation.toLocaleLowerCase()} ${this.config.name}`,
             assignable: true,
             internal: false,
         }));

packages/core/src/plugin/default-search-plugin/fulltext-search.resolver.ts

@@ -37,7 +37,7 @@ export class ShopFulltextSearchResolver implements Omit<BaseSearchResolver, 'rei
         @Parent() parent: { input: SearchInput },
     ): Promise<Array<{ facetValue: FacetValue; count: number }>> {
         const facetValues = await this.fulltextSearchService.facetValues(ctx, parent.input, true);
-        return facetValues.filter((i) => !i.facetValue.facet.isPrivate);
+        return facetValues.filter(i => !i.facetValue.facet.isPrivate);
     }
 }
 
@@ -46,7 +46,7 @@ export class AdminFulltextSearchResolver implements BaseSearchResolver {
     constructor(private fulltextSearchService: FulltextSearchService) {}
 
     @Query()
-    @Allow(Permission.ReadCatalog)
+    @Allow(Permission.ReadCatalog, Permission.ReadProduct)
     async search(
         @Ctx() ctx: RequestContext,
         @Args() args: QuerySearchArgs,
@@ -66,7 +66,7 @@ export class AdminFulltextSearchResolver implements BaseSearchResolver {
     }
 
     @Mutation()
-    @Allow(Permission.UpdateCatalog)
+    @Allow(Permission.UpdateCatalog, Permission.UpdateProduct)
     async reindex(@Ctx() ctx: RequestContext) {
         return this.fulltextSearchService.reindex(ctx);
     }

packages/elasticsearch-plugin/e2e/graphql/generated-e2e-elasticsearch-plugin-types.ts

@@ -2486,22 +2486,24 @@ export enum Permission {
     Owner = 'Owner',
     /** Public means any unauthenticated user may perform the operation */
     Public = 'Public',
-    /** Grants permission to create Catalog */
+    /** Grants permission to update GlobalSettings */
+    UpdateGlobalSettings = 'UpdateGlobalSettings',
+    /** Grants permission to create Products, Facets, Assets, Collections */
     CreateCatalog = 'CreateCatalog',
-    /** Grants permission to read Catalog */
+    /** Grants permission to read Products, Facets, Assets, Collections */
     ReadCatalog = 'ReadCatalog',
-    /** Grants permission to update Catalog */
+    /** Grants permission to update Products, Facets, Assets, Collections */
     UpdateCatalog = 'UpdateCatalog',
-    /** Grants permission to delete Catalog */
+    /** Grants permission to delete Products, Facets, Assets, Collections */
     DeleteCatalog = 'DeleteCatalog',
-    /** Grants permission to create Customer */
-    CreateCustomer = 'CreateCustomer',
-    /** Grants permission to read Customer */
-    ReadCustomer = 'ReadCustomer',
-    /** Grants permission to update Customer */
-    UpdateCustomer = 'UpdateCustomer',
-    /** Grants permission to delete Customer */
-    DeleteCustomer = 'DeleteCustomer',
+    /** Grants permission to create PaymentMethods, ShippingMethods, TaxCategories, TaxRates, Zones, Countries, System & GlobalSettings */
+    CreateSettings = 'CreateSettings',
+    /** Grants permission to read PaymentMethods, ShippingMethods, TaxCategories, TaxRates, Zones, Countries, System & GlobalSettings */
+    ReadSettings = 'ReadSettings',
+    /** Grants permission to update PaymentMethods, ShippingMethods, TaxCategories, TaxRates, Zones, Countries, System & GlobalSettings */
+    UpdateSettings = 'UpdateSettings',
+    /** Grants permission to delete PaymentMethods, ShippingMethods, TaxCategories, TaxRates, Zones, Countries, System & GlobalSettings */
+    DeleteSettings = 'DeleteSettings',
     /** Grants permission to create Administrator */
     CreateAdministrator = 'CreateAdministrator',
     /** Grants permission to read Administrator */
@@ -2510,6 +2512,62 @@ export enum Permission {
     UpdateAdministrator = 'UpdateAdministrator',
     /** Grants permission to delete Administrator */
     DeleteAdministrator = 'DeleteAdministrator',
+    /** Grants permission to create Asset */
+    CreateAsset = 'CreateAsset',
+    /** Grants permission to read Asset */
+    ReadAsset = 'ReadAsset',
+    /** Grants permission to update Asset */
+    UpdateAsset = 'UpdateAsset',
+    /** Grants permission to delete Asset */
+    DeleteAsset = 'DeleteAsset',
+    /** Grants permission to create Channel */
+    CreateChannel = 'CreateChannel',
+    /** Grants permission to read Channel */
+    ReadChannel = 'ReadChannel',
+    /** Grants permission to update Channel */
+    UpdateChannel = 'UpdateChannel',
+    /** Grants permission to delete Channel */
+    DeleteChannel = 'DeleteChannel',
+    /** Grants permission to create Collection */
+    CreateCollection = 'CreateCollection',
+    /** Grants permission to read Collection */
+    ReadCollection = 'ReadCollection',
+    /** Grants permission to update Collection */
+    UpdateCollection = 'UpdateCollection',
+    /** Grants permission to delete Collection */
+    DeleteCollection = 'DeleteCollection',
+    /** Grants permission to create Country */
+    CreateCountry = 'CreateCountry',
+    /** Grants permission to read Country */
+    ReadCountry = 'ReadCountry',
+    /** Grants permission to update Country */
+    UpdateCountry = 'UpdateCountry',
+    /** Grants permission to delete Country */
+    DeleteCountry = 'DeleteCountry',
+    /** Grants permission to create Customer */
+    CreateCustomer = 'CreateCustomer',
+    /** Grants permission to read Customer */
+    ReadCustomer = 'ReadCustomer',
+    /** Grants permission to update Customer */
+    UpdateCustomer = 'UpdateCustomer',
+    /** Grants permission to delete Customer */
+    DeleteCustomer = 'DeleteCustomer',
+    /** Grants permission to create CustomerGroup */
+    CreateCustomerGroup = 'CreateCustomerGroup',
+    /** Grants permission to read CustomerGroup */
+    ReadCustomerGroup = 'ReadCustomerGroup',
+    /** Grants permission to update CustomerGroup */
+    UpdateCustomerGroup = 'UpdateCustomerGroup',
+    /** Grants permission to delete CustomerGroup */
+    DeleteCustomerGroup = 'DeleteCustomerGroup',
+    /** Grants permission to create Facet */
+    CreateFacet = 'CreateFacet',
+    /** Grants permission to read Facet */
+    ReadFacet = 'ReadFacet',
+    /** Grants permission to update Facet */
+    UpdateFacet = 'UpdateFacet',
+    /** Grants permission to delete Facet */
+    DeleteFacet = 'DeleteFacet',
     /** Grants permission to create Order */
     CreateOrder = 'CreateOrder',
     /** Grants permission to read Order */
@@ -2518,6 +2576,22 @@ export enum Permission {
     UpdateOrder = 'UpdateOrder',
     /** Grants permission to delete Order */
     DeleteOrder = 'DeleteOrder',
+    /** Grants permission to create PaymentMethod */
+    CreatePaymentMethod = 'CreatePaymentMethod',
+    /** Grants permission to read PaymentMethod */
+    ReadPaymentMethod = 'ReadPaymentMethod',
+    /** Grants permission to update PaymentMethod */
+    UpdatePaymentMethod = 'UpdatePaymentMethod',
+    /** Grants permission to delete PaymentMethod */
+    DeletePaymentMethod = 'DeletePaymentMethod',
+    /** Grants permission to create Product */
+    CreateProduct = 'CreateProduct',
+    /** Grants permission to read Product */
+    ReadProduct = 'ReadProduct',
+    /** Grants permission to update Product */
+    UpdateProduct = 'UpdateProduct',
+    /** Grants permission to delete Product */
+    DeleteProduct = 'DeleteProduct',
     /** Grants permission to create Promotion */
     CreatePromotion = 'CreatePromotion',
     /** Grants permission to read Promotion */
@@ -2526,14 +2600,54 @@ export enum Permission {
     UpdatePromotion = 'UpdatePromotion',
     /** Grants permission to delete Promotion */
     DeletePromotion = 'DeletePromotion',
-    /** Grants permission to create Settings */
-    CreateSettings = 'CreateSettings',
-    /** Grants permission to read Settings */
-    ReadSettings = 'ReadSettings',
-    /** Grants permission to update Settings */
-    UpdateSettings = 'UpdateSettings',
-    /** Grants permission to delete Settings */
-    DeleteSettings = 'DeleteSettings',
+    /** Grants permission to create ShippingMethod */
+    CreateShippingMethod = 'CreateShippingMethod',
+    /** Grants permission to read ShippingMethod */
+    ReadShippingMethod = 'ReadShippingMethod',
+    /** Grants permission to update ShippingMethod */
+    UpdateShippingMethod = 'UpdateShippingMethod',
+    /** Grants permission to delete ShippingMethod */
+    DeleteShippingMethod = 'DeleteShippingMethod',
+    /** Grants permission to create Tag */
+    CreateTag = 'CreateTag',
+    /** Grants permission to read Tag */
+    ReadTag = 'ReadTag',
+    /** Grants permission to update Tag */
+    UpdateTag = 'UpdateTag',
+    /** Grants permission to delete Tag */
+    DeleteTag = 'DeleteTag',
+    /** Grants permission to create TaxCategory */
+    CreateTaxCategory = 'CreateTaxCategory',
+    /** Grants permission to read TaxCategory */
+    ReadTaxCategory = 'ReadTaxCategory',
+    /** Grants permission to update TaxCategory */
+    UpdateTaxCategory = 'UpdateTaxCategory',
+    /** Grants permission to delete TaxCategory */
+    DeleteTaxCategory = 'DeleteTaxCategory',
+    /** Grants permission to create TaxRate */
+    CreateTaxRate = 'CreateTaxRate',
+    /** Grants permission to read TaxRate */
+    ReadTaxRate = 'ReadTaxRate',
+    /** Grants permission to update TaxRate */
+    UpdateTaxRate = 'UpdateTaxRate',
+    /** Grants permission to delete TaxRate */
+    DeleteTaxRate = 'DeleteTaxRate',
+    /** Grants permission to create System */
+    CreateSystem = 'CreateSystem',
+    /** Grants permission to read System */
+    ReadSystem = 'ReadSystem',
+    /** Grants permission to update System */
+    UpdateSystem = 'UpdateSystem',
+    /** Grants permission to delete System */
+    DeleteSystem = 'DeleteSystem',
+    /** Grants permission to create Zone */
+    CreateZone = 'CreateZone',
+    /** Grants permission to read Zone */
+    ReadZone = 'ReadZone',
+    /** Grants permission to update Zone */
+    UpdateZone = 'UpdateZone',
+    /** Grants permission to delete Zone */
+    DeleteZone = 'DeleteZone',
 }
 
 export enum SortOrder {
@@ -3861,7 +3975,7 @@ export type OrderLine = Node & {
     discounts: Array<Discount>;
     taxLines: Array<TaxLine>;
     order: Order;
-    customFields?: Maybe<OrderLineCustomFields>;
+    customFields?: Maybe<Scalars['JSON']>;
 };
 
 export type Refund = Node & {
@@ -4563,14 +4677,6 @@ export type HistoryEntrySortParameter = {
     updatedAt?: Maybe<SortOrder>;
 };
 
-export type OrderLineCustomFields = {
-    giftCardValue?: Maybe<Scalars['Int']>;
-    giftCardRecipientName?: Maybe<Scalars['String']>;
-    giftCardRecipientEmailAddress?: Maybe<Scalars['String']>;
-    giftCardMessage?: Maybe<Scalars['String']>;
-    giftCardDeliveryDate?: Maybe<Scalars['DateTime']>;
-};
-
 export type AuthenticationInput = {
     native?: Maybe<NativeAuthInput>;
 };

packages/elasticsearch-plugin/src/elasticsearch-resolver.ts

@@ -41,7 +41,7 @@ export class AdminElasticSearchResolver implements Omit<SearchResolver, 'facetVa
     constructor(private elasticsearchService: ElasticsearchService) {}
 
     @Query()
-    @Allow(Permission.ReadCatalog)
+    @Allow(Permission.ReadCatalog, Permission.ReadProduct)
     async search(
         @Ctx() ctx: RequestContext,
         @Args() args: QuerySearchArgs,
@@ -53,7 +53,7 @@ export class AdminElasticSearchResolver implements Omit<SearchResolver, 'facetVa
     }
 
     @Mutation()
-    @Allow(Permission.UpdateCatalog)
+    @Allow(Permission.UpdateCatalog, Permission.UpdateProduct)
     async reindex(@Ctx() ctx: RequestContext): Promise<GraphQLJob> {
         return (this.elasticsearchService.reindex(ctx, false) as unknown) as GraphQLJob;
     }