feat(permissions): implement role-based access control and refactor user permissions

- Introduced a new Permissions component to manage role-based access across various components.
- Updated user role checks to utilize the new permissions structure, replacing direct role comparisons with permission checks.
- Refactored multiple components to enhance permission handling, ensuring only authorized users can access specific features.
- Removed deprecated add-permissions component and streamlined user permission management.
- Enhanced role management in the backend to support the new permissions schema, improving overall security and maintainability.
This commit is contained in:
Mauricio Siu
2025-07-13 01:52:08 -06:00
parent db221e5cc4
commit 30d45bf2e5
35 changed files with 435 additions and 728 deletions

View File

@@ -5,111 +5,6 @@ import { organization, member } from "./account";
import { createInsertSchema } from "drizzle-zod";
import { z } from "zod";
export const PERMISSIONS = {
PROJECT: {
VIEW: {
name: "project:view",
description: "View projects",
},
CREATE: {
name: "project:create",
description: "Create projects",
},
DELETE: {
name: "project:delete",
description: "Delete projects",
},
},
SERVICE: {
VIEW: {
name: "service:view",
description: "View services",
},
CREATE: {
name: "service:create",
description: "Create services",
},
DELETE: {
name: "service:delete",
description: "Delete services",
},
},
TRAEFIK: {
ACCESS: {
name: "traefik_files:access",
description: "Access traefik files",
},
},
DOCKER: {
VIEW: {
name: "docker:view",
description: "View docker",
},
},
API: {
ACCESS: {
name: "api:access",
description: "Access API",
},
},
SCHEDULES: {
ACCESS: {
name: "schedules:access",
description: "Access schedules",
},
},
} as const;
export const ownerPermissions = [
PERMISSIONS.PROJECT.VIEW,
PERMISSIONS.PROJECT.CREATE,
PERMISSIONS.PROJECT.DELETE,
PERMISSIONS.SERVICE.VIEW,
PERMISSIONS.SERVICE.CREATE,
PERMISSIONS.SERVICE.DELETE,
PERMISSIONS.TRAEFIK.ACCESS,
PERMISSIONS.SCHEDULES.ACCESS,
] as const;
export const adminPermissions = [
PERMISSIONS.PROJECT.VIEW,
PERMISSIONS.PROJECT.CREATE,
PERMISSIONS.PROJECT.DELETE,
PERMISSIONS.SERVICE.VIEW,
PERMISSIONS.SERVICE.CREATE,
PERMISSIONS.SERVICE.DELETE,
PERMISSIONS.TRAEFIK.ACCESS,
PERMISSIONS.DOCKER.VIEW,
PERMISSIONS.API.ACCESS,
PERMISSIONS.SCHEDULES.ACCESS,
] as const;
export const memberPermissions = [
PERMISSIONS.PROJECT.CREATE,
PERMISSIONS.SERVICE.CREATE,
PERMISSIONS.TRAEFIK.ACCESS,
] as const;
export const defaultPermissions = [
{
name: "owner",
description: "Owner of the organization with full access to all features",
permissions: ownerPermissions,
},
{
name: "admin",
description:
"Administrator with access to manage projects, services and configurations",
permissions: adminPermissions,
},
{
name: "member",
description:
"Regular member with access to create projects and manage services",
permissions: memberPermissions,
},
] as const;
export const role = pgTable(
"member_role",
{