Problem
The backend currently lacks a production GET /Permissions endpoint, so the frontend cannot reliably render role-aware behavior from backend truth.
Goal
Add authenticated GET /Permissions with a stable capability schema aligned with RBAC proposal requirements.
Scope
- Add endpoint and router wiring
- Return stable permission schema
- Derive non-admin permissions from backend policy truth (policy-based capability contract)
- Add tests
Technical Requirements
- Enforce contract with a formal Pydantic
response_model (extra=forbid)
- Map policy command
ALL to full CRUD (read/create/update/delete = true)
- Return
401 for invalid/malformed/missing authenticated user identity
- Include role membership in policy lookup (username + role +
public)
Acceptance Criteria
Proposal Alignment
This directly implements the proposal requirement for a stable GET /Permissions capability contract used by role-aware frontend rendering.
Problem
The backend currently lacks a production
GET /Permissionsendpoint, so the frontend cannot reliably render role-aware behavior from backend truth.Goal
Add authenticated
GET /Permissionswith a stable capability schema aligned with RBAC proposal requirements.Scope
Technical Requirements
response_model(extra=forbid)ALLto full CRUD (read/create/update/delete = true)401for invalid/malformed/missing authenticated user identitypublic)Acceptance Criteria
GET /Permissionsimplemented and securedALLpolicy command maps to full CRUD booleans401Proposal Alignment
This directly implements the proposal requirement for a stable
GET /Permissionscapability contract used by role-aware frontend rendering.