JoeBot/HOA_Financial_Platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add flexible capability-based RBAC with per-tenant customization #14

Merged
JoeBot merged 2 commits from feature-rbac into main 2026-04-06 16:13:27 -04:00
Conversation 0 Commits 2 Files Changed 55 +1351 -86
JoeBot commented 2026-04-06 16:13:12 -04:00
Owner
Copy Link

Introduces a capability layer on top of existing roles that controls
feature visibility and access. Capabilities follow an area.feature.action
taxonomy (~35 capabilities) with sensible defaults per role. Tenant admins
can customize via grant/revoke overrides stored in org settings JSONB.

Key changes:

  • Add vice_president role to DB schema
  • Backend: capability constants, resolution logic, CapabilityGuard (global),
    @RequireCapability decorator on all 16 tenant controllers
  • Frontend: permission hooks (useCanEdit, useHasCapability), CapabilityGate
    component, sidebar filtering by capability, all 17 pages migrated from
    useIsReadOnly to capability-based checks
  • New admin UI: /settings/permissions matrix page for per-tenant role
    customization with grant/revoke delta model
  • GET /organizations/my-capabilities endpoint for capability refresh
  • Validation of permissionOverrides in settings updates

Co-Authored-By: Claude Opus 4.6 noreply@anthropic.com

Introduces a capability layer on top of existing roles that controls feature visibility and access. Capabilities follow an area.feature.action taxonomy (~35 capabilities) with sensible defaults per role. Tenant admins can customize via grant/revoke overrides stored in org settings JSONB. Key changes: - Add vice_president role to DB schema - Backend: capability constants, resolution logic, CapabilityGuard (global), @RequireCapability decorator on all 16 tenant controllers - Frontend: permission hooks (useCanEdit, useHasCapability), CapabilityGate component, sidebar filtering by capability, all 17 pages migrated from useIsReadOnly to capability-based checks - New admin UI: /settings/permissions matrix page for per-tenant role customization with grant/revoke delta model - GET /organizations/my-capabilities endpoint for capability refresh - Validation of permissionOverrides in settings updates Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
JoeBot added 1 commit 2026-04-06 16:13:12 -04:00
feat: add flexible capability-based RBAC with per-tenant customization 43b10869f0 
Introduces a capability layer on top of existing roles that controls
feature visibility and access. Capabilities follow an area.feature.action
taxonomy (~35 capabilities) with sensible defaults per role. Tenant admins
can customize via grant/revoke overrides stored in org settings JSONB.

Key changes:
- Add vice_president role to DB schema
- Backend: capability constants, resolution logic, CapabilityGuard (global),
  @RequireCapability decorator on all 16 tenant controllers
- Frontend: permission hooks (useCanEdit, useHasCapability), CapabilityGate
  component, sidebar filtering by capability, all 17 pages migrated from
  useIsReadOnly to capability-based checks
- New admin UI: /settings/permissions matrix page for per-tenant role
  customization with grant/revoke delta model
- GET /organizations/my-capabilities endpoint for capability refresh
- Validation of permissionOverrides in settings updates

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
JoeBot added 1 commit 2026-04-06 16:13:20 -04:00
Merge branch 'main' into feature-rbac c57dd3e155
JoeBot merged commit 83115c9b5c into main 2026-04-06 16:13:27 -04:00
JoeBot deleted branch feature-rbac 2026-04-06 16:13:27 -04:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
JoeBot
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: JoeBot/HOA_Financial_Platform#14
No description provided.
Delete Branch "feature-rbac"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?