Skip to content

feat(admin-rbac): implement role-based admin permissions, limits, and owner setup flow #507

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
M03ED merged 76 commits into from
May 20, 2026
Merged

feat(admin-rbac): implement role-based admin permissions, limits, and owner setup flow #507

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
76 commits
Select commit Hold shift + click to select a range
393f6f8
feat(admin-roles): implement admin role management with CRUD operatio…
M03ED May 17, 2026
410a3a0
feat(admin-roles): implement admin role management with CRUD operatio…
M03ED May 17, 2026
d405189
Update 66c38b8a687a_admin_rbac_roles.py
M03ED May 17, 2026
2f4482b
fix: migration for postgresql
M03ED May 17, 2026
cc4576e
feat(setup): implement owner initialization and temp key system
M03ED May 17, 2026
a102e51
test(record-usages): seed default admin roles in test fixture
M03ED May 17, 2026
5383151
remove tui wrapper
M03ED May 17, 2026
6d2003d
feat(permissions): implement permission and scope enforcement system
M03ED May 17, 2026
450a1fc
fix
M03ED May 17, 2026
3841b33
refactor(admin-roles): rename is_locked to is_owner for clarity
M03ED May 17, 2026
23b03ef
refactor(admin): remove operator type checks and simplify admin opera…
M03ED May 17, 2026
90dc864
fix
M03ED May 17, 2026
fe9a5f9
Update test_admin.py
M03ED May 17, 2026
3b73d3e
fix
M03ED May 17, 2026
1bfb948
feat(permissions): enforce admin scope isolation across all operations
M03ED May 17, 2026
9565bd9
feat(admin-role): admin role operations
M03ED May 17, 2026
371b56c
fix
M03ED May 17, 2026
53edc73
feat: Enhance user management with role-based limits and permissions
M03ED May 17, 2026
66c3ca5
fix
M03ED May 17, 2026
fd06650
refactor(admin): replace get_current with permission-based dependency…
M03ED May 17, 2026
116b2d8
style(users): improve data table responsive layout and skeleton styling
x0sina May 17, 2026
261233b
Refactor: admin permission handling in Telegram bot
M03ED May 17, 2026
42db70f
fix: format
M03ED May 17, 2026
886000a
refactor(admin): remove is_sudo field and update related logic to use…
M03ED May 17, 2026
89ac5b6
fix
M03ED May 17, 2026
229bf16
refactor: replace sudo terminology with role-based authorization lang…
M03ED May 17, 2026
4735e62
refactor(admin): add role-admin relationship and builtin role detection
M03ED May 17, 2026
f07cb48
feat(admin-roles): implement role-based access control system with UI
x0sina May 18, 2026
ca47699
refactor(user): optimize batch user retrieval with scope filtering
M03ED May 18, 2026
918d70d
refactor(admin): update bulk operations to use IDs instead of usernames
M03ED May 18, 2026
08d26c5
fix
M03ED May 18, 2026
a5afdbc
feat(admin-roles): enhance role permissions and add tests for role ac…
M03ED May 18, 2026
5eb0768
refactor(admin-roles): update permissions structure and enhance role …
M03ED May 18, 2026
56efa75
refactor: improve permission checks and optimize user operations
M03ED May 18, 2026
1b0ce81
fix: format
M03ED May 18, 2026
11cca93
feat: admin role assign test
M03ED May 18, 2026
c64d2e1
fix
M03ED May 18, 2026
896abcc
feat: add role management to admin CRUD operations and update tests
M03ED May 18, 2026
5c27e65
fix
M03ED May 18, 2026
1748fca
refactor(admin-roles): improve form type safety and error handling
x0sina May 18, 2026
1c6c022
feat(admin-modal): add permission overrides for granular admin limits
x0sina May 18, 2026
7fa33e2
feat(admin-roles): add read_simple permission action for granular lis…
x0sina May 18, 2026
7248223
feat: Refactor admin status handling and introduce data limit functio…
M03ED May 18, 2026
3783d62
fix: import
M03ED May 18, 2026
a3c9608
feat(admin-role): add disabled_when_limited flags and update permissi…
M03ED May 18, 2026
117acd7
fix
M03ED May 18, 2026
cfc1b89
refactor: simplify sync_users function calls by removing unnecessary …
M03ED May 18, 2026
0bd396f
feat(admin-role): add limited behavior flags and restrict limited sta…
x0sina May 18, 2026
0e43f40
feat(admin-roles): add limited behavior flags and data limit validation
x0sina May 18, 2026
afc47fa
feat(nav-user): add data and user limit progress indicators
x0sina May 18, 2026
d8db73c
fix(user-operation): support Unix timestamp for user expiration date
x0sina May 18, 2026
d61a442
fix(user-operation): display data limit constraints in human-readable…
x0sina May 18, 2026
20a0638
feat(user-operation): display expiration duration constraints in huma…
x0sina May 18, 2026
ddfd0ab
feat(system-operation): refactor admin stats visibility logic to supp…
x0sina May 18, 2026
fb22202
feat(admin-rbac): refactor expiration limits to use seconds instead o…
x0sina May 18, 2026
05055ff
fix(node-sync): inline user serialization in batch removal
x0sina May 19, 2026
74440ef
feat(user-operation): add on-hold expiration duration validation
x0sina May 19, 2026
5704941
feat(admin-notifications): implement admin usage limit reminders and …
ImMohammad20000 May 19, 2026
53d27eb
feat(admin-data-limits): enhance admin data limit checks with thresho…
ImMohammad20000 May 19, 2026
a853b76
feat(admin-notifications): rename and update admin usage reminder fun…
ImMohammad20000 May 19, 2026
c269c99
fix(admin-data-limits): correct threshold calculation for active admi…
ImMohammad20000 May 19, 2026
1788850
refactor(admin): remove unused function and clean up admin role model
ImMohammad20000 May 19, 2026
b400c1d
fix
ImMohammad20000 May 19, 2026
856b2a8
feat(admin-ui): add notification toggle and data limit labels with co…
x0sina May 19, 2026
008afbb
feat(admin-rbac): restrict non-owner admins from accessing owner acco…
x0sina May 19, 2026
1b5898f
feat(admin-roles): add permission actions for user, admin, and node m…
x0sina May 19, 2026
938db2c
feat(admin-roles): add limited behavior localization strings and fix …
x0sina May 19, 2026
055cdf4
fix(admin-data-limits): set disable_users_when_limited for built-in r…
x0sina May 19, 2026
6ad4e07
feat(admin-notifications): add usage limit warning thresholds and loc…
x0sina May 19, 2026
dfcae63
feat(admin-ui): add limited admins localization and update admin role…
x0sina May 19, 2026
42a8a3f
feat(admin-roles): change disable_users_when_limited default to true
x0sina May 19, 2026
03f228c
fix: Enforce TTL and single-use when consuming the key.
ImMohammad20000 May 19, 2026
5aaabef
fix: Deny explicit false permissions here.
ImMohammad20000 May 19, 2026
8e5ac97
fix: scope=own enforcement for /sub/ lookups (unowned users currently…
ImMohammad20000 May 19, 2026
f92372d
fix
ImMohammad20000 May 19, 2026
32ab0a8
fix: update return type of get_admins to include limited count
ImMohammad20000 May 19, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 0 additions & 3 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,9 +36,6 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
COPY cli_wrapper.sh /usr/bin/pasarguard-cli
RUN chmod +x /usr/bin/pasarguard-cli

COPY tui_wrapper.sh /usr/bin/pasarguard-tui
RUN chmod +x /usr/bin/pasarguard-tui

# Copy healthcheck script
COPY healthcheck.sh /code/healthcheck.sh
RUN chmod +x /code/healthcheck.sh
Expand Down
6 changes: 0 additions & 6 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,12 +102,6 @@ run:
run-cli:
@uv run pasarguard-cli.py

# run pasarguard-tui
.PHONY: run-tui
run-tui:
@uv run pasarguard-tui.py


# Run tests
.PHONY: test
test:
Expand Down
16 changes: 16 additions & 0 deletions app/app_factory.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -131,4 +131,20 @@ def validation_exception_handler(request: Request, exc: RequestValidationError):
content=jsonable_encoder({"detail": details}),
)

from app.operation.permissions import LimitExceeded, PermissionDenied # noqa: F401

@app.exception_handler(PermissionDenied)
async def permission_denied_handler(request: Request, exc: PermissionDenied):
return JSONResponse(
status_code=status.HTTP_403_FORBIDDEN,
content={"detail": exc.detail},
)

@app.exception_handler(LimitExceeded)
async def limit_exceeded_handler(request: Request, exc: LimitExceeded):
return JSONResponse(
status_code=status.HTTP_400_BAD_REQUEST,
content={"detail": exc.detail},
)

return app
Loading