|
|
7dfb0eab66
|
feat: RBAC Admin UI + internal permissions API + auth session enhancements
- admin-ui/: React + Tailwind SPA at /app/ (Dashboard, Users, Roles, Services, Audit)
- rbac-routes.js: POST /api/internal/permissions/user (service-to-service, no auth)
- server.js: /api/whoami endpoint for admin SPA auth via nginx X-Email
- server.js: /auth/session now checks X-Email fallback for Google SSO users
- server.js: SPA catch-all for /app/* routes
- server.js: Trusted IP auth now sets X-Auth-Request-Email response header
- public/index.html: Added Admin Panel link
- 3 ecosystem users registered (Rolf, Victoria, Zaid)
|
2026-04-17 00:59:31 +00:00 |
|
|
|
0b0871ffea
|
feat: Access Manager v3 — RBAC engine, SQLite, permission system
- SQLite database with full schema: users, roles, permissions,
role_permissions, user_roles, services, audit_log
- RBAC engine with wildcard permission resolution (*.*.*)
- Automatic v2→v3 migration from JSON files
- 5 default roles: super_admin, admin, editor, user, viewer
- Feature registration for APP, GGL, FDX (119 permissions)
- 8 services seeded
- Full API: roles CRUD, permission check, user-role assignment,
feature registration, audit log, stats
- Backward compatible with existing auth flows
|
2026-04-16 00:57:27 +00:00 |
|
