Skip to content

Compose vike-rbac for roles/permissions instead of hand-rolling authz #194

Description

@suleimansh

The last authz gap in the composed stack. #191's crud composer teaches ad-hoc role checks (canEdit: (user) => user?.role === 'admin'), which is fine for signed-in-vs-not. But the moment an app has named permissions or more than one role, the vike-data way is can(user, permission) / hasRole(user, role) from vike-rbac — and without a persona the agent hand-rolls a roles/permissions schema + checker, which is exactly the security-sensitive churn we compose to avoid. vike-rbac is also the guard subject vike-admin ("vike-auth resolves the user, vike-rbac enriches roles/permissions, the guard runs") and vike-actions (guard: (ctx) => can(ctx.user, 'posts.publish')) are built around.

Mechanism

Same lever as #187/#189/#192: a persona, no runtime change, the agent stays a black box. Add a vike-rbac-composer persona to vikeExtensionPersonas in ai-autopilot (between auth and crud, since crud/actions guards delegate to it).

What the persona teaches

  • When: only for real roles/permissions. Signed-in-vs-not stays a plain pageContext.user + canView check; reach for rbac when there are named permissions or multiple roles.
  • Declare + extend: definePermissions([{ name: 'widgets.edit', roles: ['admin'] }]), extends: ['import:vike-rbac/config:default'] (self-installs vike-auth), defaultRoles: ['member']. Do NOT model roles/permissions/role_user/permission_role yourself — vike-rbac owns them.
  • One check everywhere: can(user, permission) / hasRole(user, role) from vike-rbac. Resolution rides vike-auth (sync on pageContext.user), so the crud canView/canEdit, page guards, session scope, and vike-actions guards all delegate to the same can() instead of ad-hoc user.role === checks.
  • Seed from the registry: seedRbac() / assignRoles() from vike-rbac/seed (idempotent, derived from the composed permissions registry, no hand-written seed list).
  • One line for guarded RPCs: requirePermission('users.view') from vike-rbac/telefunc.

Scope

  • ai-autopilot: new vike-rbac-composer persona + wire into vikeExtensionPersonas; unit test asserts definePermissions / can( / seedRbac / no hand-rolled roles tables.
  • API verified in the vike-data repo before writing snippets (done).

Acceptance

For a role-based app the agent composes vike-rbac (declared permissions, can() guards, seeded from the registry) instead of writing its own roles/permissions schema and checker.

Note: like the rest of the composed stack, vike-rbac is not published to npm yet, so this is in-workspace-only until the extensions ship (tracked separately). Part of #186.

Metadata

Metadata

Assignees

Labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions