Skip to content

feat(panel): permissions system for panel#266

Merged
Akinator31 merged 3 commits intomainfrom
263-permissions-system-for-panel
Dec 2, 2025
Merged

feat(panel): permissions system for panel#266
Akinator31 merged 3 commits intomainfrom
263-permissions-system-for-panel

Conversation

@Akinator31
Copy link
Copy Markdown
Member

This pull request introduces a comprehensive panel permission system for the Rustmail admin API, including new endpoints for managing members, roles, and permissions. It adds middleware to enforce fine-grained access control for various admin and bot actions, and updates the API routing to support these features. The changes significantly improve the ability to manage and audit admin actions via the API.

Panel Permission System and Admin Endpoints

  • Added new SQL migration to create the panel_permissions table, supporting permission grants, revokes, and auditing, along with relevant indexes for efficient queries.
  • Implemented admin API handlers for listing members, listing roles, and managing panel permissions (grant, revoke, list), with appropriate data structures and error handling.

Middleware and Access Control

  • Introduced require_panel_permission middleware to enforce permission checks on admin and bot API routes, ensuring only authorized users can perform sensitive actions.
  • Updated API routers (admin, apikeys, bot) to use the new permission middleware, applying fine-grained access control for actions such as managing API keys, bot operations, and configuration changes.

User and Routing Enhancements

  • Added user endpoint for retrieving a user's panel permissions, and updated the user router to expose this functionality.
  • Refactored API module and routing structure to support new admin endpoints and permission middleware, improving code organization and extensibility.

Configuration Updates

  • Extended the example config file to include panel_super_admin_users and panel_super_admin_roles for future support of super admin privileges.

@Akinator31 Akinator31 self-assigned this Dec 2, 2025
@Akinator31 Akinator31 linked an issue Dec 2, 2025 that may be closed by this pull request
@Akinator31 Akinator31 merged commit 8f30187 into main Dec 2, 2025
6 checks passed
@Akinator31 Akinator31 deleted the 263-permissions-system-for-panel branch December 2, 2025 13:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Permissions system for panel

1 participant