feat: implement complete RBAC access control with tests
Add 4-layer access control stack (subscription → module → menu → permissions): - P1: Wire requires_permission into menu sidebar filtering - P2: Expose window.USER_PERMISSIONS for Alpine.js client-side gating - P3: Add page-level permission guards on store routes - P4: Role CRUD API endpoints and role editor UI - P5: Audit trail for all role/permission changes Includes unit tests (menu permission filtering, role CRUD service) and integration tests (role API endpoints). All 404 core+tenancy tests pass. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -147,6 +147,7 @@ messaging_module = ModuleDefinition(
|
||||
icon="chat-bubble-left-right",
|
||||
route="/store/{store_code}/messages",
|
||||
order=20,
|
||||
requires_permission="messaging.view_messages",
|
||||
),
|
||||
MenuItemDefinition(
|
||||
id="notifications",
|
||||
@@ -154,6 +155,7 @@ messaging_module = ModuleDefinition(
|
||||
icon="bell",
|
||||
route="/store/{store_code}/notifications",
|
||||
order=30,
|
||||
requires_permission="messaging.view_messages",
|
||||
),
|
||||
],
|
||||
),
|
||||
@@ -169,6 +171,7 @@ messaging_module = ModuleDefinition(
|
||||
icon="mail",
|
||||
route="/store/{store_code}/email-templates",
|
||||
order=40,
|
||||
requires_permission="messaging.manage_templates",
|
||||
),
|
||||
],
|
||||
),
|
||||
|
||||
Reference in New Issue
Block a user