63 lines
1.6 KiB
Markdown
63 lines
1.6 KiB
Markdown
# RBAC And Permission Model
|
|
|
|
This document defines the current role model, permission matrix, and scope semantics used by the admin app.
|
|
|
|
## Roles
|
|
|
|
- `admin`: full system access
|
|
- `manager`: broad operational access with selective limitations
|
|
- `editor`: content-focused access with reduced user-management privileges
|
|
|
|
## Permission Scopes
|
|
|
|
- `own`: applies to records the user owns
|
|
- `team`: applies to records within the user's team/org unit
|
|
- `global`: applies across all records
|
|
|
|
Scope hierarchy (higher includes lower):
|
|
|
|
- `global` -> `team` -> `own`
|
|
|
|
## Permission Matrix Summary
|
|
|
|
### Admin
|
|
|
|
- All permissions at `global` scope
|
|
|
|
### Manager
|
|
|
|
- Dashboard and roadmap read: `global`
|
|
- Pages, navigation, media, commissions, banner, news: `global`
|
|
- Users: `read` at `global`, `write` at `team`
|
|
|
|
### Editor
|
|
|
|
- Dashboard: `read` at `global`
|
|
- Pages/navigation/media/news: mostly `team`
|
|
- Publish and workflow transitions: mostly `own`
|
|
- Users and commissions: mostly `own`
|
|
- Banner: `read` at `global`
|
|
|
|
## Enforcement Layers
|
|
|
|
- Route-level: `apps/admin/src/proxy.ts`
|
|
- Action-level: server component checks in admin pages (`/` and `/todo`)
|
|
- Shared model + checks: `packages/content/src/rbac.ts`
|
|
|
|
## Dev Role Fallback
|
|
|
|
For local development only:
|
|
|
|
- If no role cookie/header is present and environment is not production,
|
|
role falls back to `CMS_DEV_ROLE` or `admin`.
|
|
|
|
Use this only as bootstrap behavior until full auth/session integration is finished.
|
|
|
|
## Related Tasks
|
|
|
|
See `TODO.md` MVP0 gate items:
|
|
|
|
- RBAC domain model finalized
|
|
- RBAC route/action enforcement
|
|
- Permission matrix documented and tested
|