Citali/cms.fellies.org
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(auth): bootstrap protected support and first owner users

Browse Source
This commit is contained in:
Citali
2026-02-10 17:50:16 +01:00
parent df1280af4a
commit 411861419f
8 changed files with 231 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
packages/content/src/rbac.test.ts
View File

@ -4,12 +4,16 @@ import { hasPermission, normalizeRole, permissionMatrix } from "./rbac"
describe("rbac model", () => {
it("normalizes valid roles", () => {
expect(normalizeRole("OWNER")).toBe("owner")
expect(normalizeRole("support")).toBe("support")
expect(normalizeRole("ADMIN")).toBe("admin")
expect(normalizeRole("manager")).toBe("manager")
expect(normalizeRole("unknown")).toBeNull()
})
it("grants admin full access", () => {
expect(hasPermission("owner", "users:manage_roles", "global")).toBe(true)
expect(hasPermission("support", "news:publish", "global")).toBe(true)
expect(hasPermission("admin", "users:manage_roles", "global")).toBe(true)
expect(hasPermission("admin", "news:publish", "global")).toBe(true)
})

4
packages/content/src/rbac.ts
View File

@ -1,6 +1,6 @@
import { z } from "zod"
export const roleSchema = z.enum(["admin", "editor", "manager"])
export const roleSchema = z.enum(["owner", "support", "admin", "editor", "manager"])
export const permissionScopeSchema = z.enum(["own", "team", "global"])
export const permissionSchema = z.enum([
@ -44,6 +44,8 @@ const allGlobalGrants: PermissionGrant[] = allPermissions.map((permission) => ({
}))
export const permissionMatrix: Record<Role, PermissionGrant[]> = {
owner: allGlobalGrants,
support: allGlobalGrants,
admin: allGlobalGrants,
manager: [
{ permission: "dashboard:read", scopes: ["global"] },

8
packages/db/prisma/migrations/20260210190000_system_user_guards/migration.sql Normal file
View File

@ -0,0 +1,8 @@
-- AlterTable
ALTER TABLE "user"
ADD COLUMN "isSystem" BOOLEAN NOT NULL DEFAULT false,
ADD COLUMN "isHidden" BOOLEAN NOT NULL DEFAULT false,
ADD COLUMN "isProtected" BOOLEAN NOT NULL DEFAULT false;
-- CreateIndex
CREATE INDEX "user_role_idx" ON "user"("role");

4
packages/db/prisma/schema.prisma
View File

@ -28,10 +28,14 @@ model User {
updatedAt DateTime @updatedAt
role String @default("editor")
isBanned Boolean @default(false)
isSystem Boolean @default(false)
isHidden Boolean @default(false)
isProtected Boolean @default(false)
sessions Session[]
accounts Account[]
@@unique([email])
@@index([role])
@@map("user")
}