Add Moderator role with user management permissions#70
Add Moderator role with user management permissions#70rom98759 merged 4 commits intocodastream:mainfrom
Conversation
rom98759
requested review from
Ilia1177,
codastream,
jmtth and
lisambet
as code owners
There was a problem hiding this comment.
Pull request overview
This pull request introduces a new MODERATOR role to the application's role-based access control (RBAC) system, sitting between USER and ADMIN in the hierarchy. The moderator role provides limited administrative capabilities: viewing the users list and disabling 2FA for users, without the ability to modify or delete user accounts.
Changes:
- Adds MODERATOR role to the role hierarchy with appropriate permissions (view users, disable 2FA)
- Updates frontend UI to display moderator badges and conditional access to admin panel
- Implements separate routing for moderator-accessible endpoints vs admin-only endpoints
- Adds permission helper functions in the admin UI for role-based feature visibility
Reviewed changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated 9 comments.
Show a summary per file
| File | Description |
|---|---|
| srcs/shared/core/src/schemas/base.schema.ts | Adds 'MODERATOR' to roleShema enum (with typo and case inconsistency) |
| srcs/shared/core/src/logging/logging.ts | Adds ROLE_MODERATOR_REQUIRED logging constant (unused) |
| srcs/nginx/src/types/react-types.ts | Adds MODERATOR to React Roles enum (case mismatch with backend) |
| srcs/nginx/src/html/dashboard.html | Adds moderator badge styling and admin panel access for moderators |
| srcs/nginx/src/html/admin.html | Implements permission-based UI for moderator vs admin actions, adds moderator stats card, quick 2FA disable button |
| srcs/auth/src/utils/constants.ts | Adds MODERATOR to UserRole enum, updates role hierarchy to 3 levels, updates error message |
| srcs/auth/src/services/auth.service.ts | Updates role hierarchy map to include moderator level |
| srcs/auth/src/routes/admin.routes.ts | Splits routes into adminRoutes (admin-only) and moderatorRoutes (moderator+) with separate authorization hooks |
| srcs/auth/src/index.ts | Registers both admin and moderator route plugins |
| srcs/auth/src/controllers/admin.controller.ts | Updates role validation to use Object.values(UserRole) for dynamic validation |
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
codastream
left a comment
codastream
left a comment
There was a problem hiding this comment.
- fait-on la localisation dans le panneau admin ? peut-etre trop de complications
- il y a peut-être un moyen de profiter des modifs dans auth pour limiter les erreurs ESLint (no explicit any)
Sinon, c'est bon !
NB : j'ai simplement revu le code, sans faire tourner l'app
There was a problem hiding this comment.
pour éviter les as any, peut-on définir une interface
AuthenticatedRequest extends FastifyRequest {
authUser: {
id: number;
username: string;
role: string;
};
}que l'on utiliserait à la place de FastifyRequest pour les requêtes de authService nécessitant une authentification (hors login, register)
There was a problem hiding this comment.
auth service a acces au package core. Si il y a besoin de traduire les messages d'erreur, on pourrait reutiliser les errorCodes de core, pour que le frontend dispose des mémes clés
| .regex(/^(?=.*[!@#$%^&*])/, 'Password must contain at least one special character (!@#$%^&*)'); | ||
|
|
||
| export const roleShema = z.enum(['GUEST', 'USER', 'ADMIN']); | ||
| export const roleSchema = z.enum(['user', 'moderator', 'admin']); |
There was a problem hiding this comment.
pour l'instant le roleSchema n'est pas utilisé (il y a avait un usage temporaire dans DevLogin)
3 participants
New Moderator role with specific permissions:
View users list
Delete / reset user 2FA