Skip to content

feat: implement role-based access control (RBAC)#348

Open
lakshiii08 wants to merge 1 commit into
Nsanjayboruds:mainfrom
lakshiii08:feat/implement-rbac
Open

feat: implement role-based access control (RBAC)#348
lakshiii08 wants to merge 1 commit into
Nsanjayboruds:mainfrom
lakshiii08:feat/implement-rbac

Conversation

@lakshiii08

Copy link
Copy Markdown
Contributor

Summary

Implemented Role-Based Access Control (RBAC) support across the application while preserving the existing admin authentication flow.

Changes Made

  • Added role field to the User model with support for user, admin, and super_admin.
  • Updated JWT generation to include user roles.
  • Enhanced authentication middleware to expose role information.
  • Introduced reusable authorizeRoles() middleware.
  • Protected privileged backend routes and enforced proper 401/403 responses.
  • Secured notification ownership actions.
  • Restricted frontend admin dashboard access using protected routes.
  • Preserved backward compatibility with the existing adminToken-based admin system.

Result

Users can only access resources permitted by their roles, unauthorized API access is blocked appropriately, and the admin dashboard remains protected without disrupting existing functionality.

@lakshiii08
lakshiii08 force-pushed the feat/implement-rbac branch from f20d374 to 8c451b9 Compare June 22, 2026 19:56
@Nsanjayboruds

Copy link
Copy Markdown
Owner

@lakshiii08 please provide screensrecording

1 similar comment
@Nsanjayboruds

Copy link
Copy Markdown
Owner

@lakshiii08 please provide screensrecording

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants