mirror of
https://github.com/marcogll/AnchorOS.git
synced 2026-03-15 11:24:26 +00:00
51dc8f607e
TASK 4.2: Document granular permissions system - COMPLETED - Add Section 7: Granular Permissions System to APERTURE_SPECS.md - Defines flexible permission system allowing granular permission assignment to ANY user - Only users with admin role can assign permissions - Permissions are independent of user roles (not inherited) Key Features: - User-based permissions (not role-based) - Admin-only permission assignment - Audit logging of permission changes - Reusable UI components for permission checking Permissions Categories Documented: 1. Dashboard & Stats (8 permissions) 2. Calendar & Bookings (6 permissions) 3. Staff Management (10 permissions) 4. Client Management (11 permissions) 5. POS & Sales (8 permissions) 6. Finance (6 permissions) 7. Marketing (9 permissions) 8. Configuration (4 permissions) Database Schema Added: - user_permissions table - Supports user_id, permission_key, granted, granted_by, granted_at - Unique constraint on (user_id, permission_key) - Check constraint to verify user exists in auth.users API Endpoints: - GET /api/aperture/permissions/check - Check single permission - GET /api/aperture/permissions/user - Get user permissions - POST /api/aperture/permissions/assign - Assign permissions (admin only) - GET /api/aperture/permissions/list - Get all available permissions Helper Functions Documented: - hasPermission(user_id, permission_key) - Check single permission - hasPermissions(user_id, permission_keys) - Check multiple permissions - isAdmin(user_id) - Check if user is admin role UI Components Documented: - PermissionChecker - Single permission check with fallback - MultiPermissionChecker - Multiple permissions check (all/any mode) - Usage examples for Staff, POS, Dashboard pages Security Considerations: - Row Level Security (RLS) for all sensitive tables - Only admin can assign permissions - All financial actions must be audited - Validation before allowing actions Files Modified: - docs/APERTURE_SPECS.md Next: Task 4 - Update APERTURE_SQUARE_UI.md with Radix UI