[PR #201] [MERGED] Add group-based permissions system with granular access control #961

New issue

Closed

opened 2026-05-07 00:15:12 +02:00 by BreizhHardware · 0 comments

BreizhHardware commented

2026-05-07 00:15:12 +02:00

Owner

📋 Pull Request Information

Original PR: https://github.com/maziggy/bambuddy/pull/201
Author: @maziggy
Created: 1/31/2026
Status: ✅ Merged
Merged: 1/31/2026
Merged by: @maziggy

Base: 0.1.6-final ← Head: feature/auth_details

📝 Commits (2)

89229a5 Add group-based permissions system with granular access control
391214b Merge branch '0.1.6-final' into feature/auth_details

📊 Changes

44 files changed (+13919 additions, -601 deletions)

View changed files

📝 CHANGELOG.md (+16 -0)
📝 README.md (+3 -2)
📝 backend/app/api/routes/auth.py (+45 -18)
➕ backend/app/api/routes/groups.py (+316 -0)
📝 backend/app/api/routes/printers.py (+91 -18)
📝 backend/app/api/routes/settings.py (+63 -0)
📝 backend/app/api/routes/users.py (+138 -55)
📝 backend/app/core/auth.py (+125 -2)
📝 backend/app/core/database.py (+106 -0)
➕ backend/app/core/permissions.py (+392 -0)
📝 backend/app/main.py (+2 -0)
📝 backend/app/models/__init__.py (+3 -0)
➕ backend/app/models/group.py (+54 -0)
📝 backend/app/models/user.py (+82 -3)
📝 backend/app/schemas/auth.py (+21 -1)
➕ backend/app/schemas/group.py (+89 -0)
📝 backend/tests/conftest.py (+6 -0)
📝 backend/tests/integration/test_auth_api.py (+330 -1)
📝 frontend/src/App.tsx (+4 -4)
➕ frontend/src/__tests__/contexts/AuthContext.test.tsx (+169 -0)

...and 24 more files

📄 Description

Implement a full permissions system replacing simple admin/user roles:

Backend:

Add Group model with many-to-many user relationship
Add 50+ granular permissions (resource:action pattern)
Create default groups: Administrators, Operators, Viewers
Add permission-checking dependencies for route protection
Add groups API endpoints (CRUD, user assignment)
Add change password endpoint for users
Update backup/restore to include groups
Migrate existing users to groups on startup

Frontend:

Add GroupsPage for managing groups and permissions
Add permission helpers to AuthContext (hasPermission, hasAnyPermission)
Add PermissionRoute component for protected routes
Disable buttons/features based on permissions (with tooltips)
Add change password modal in sidebar for all users
Add forgot password info modal on login page
Show user groups in UsersPage with group assignment

Testing:

Add integration tests for groups API
Add tests for user-group assignments
Add tests for change password endpoint
Seed default groups in test fixtures

Closes #28 #161

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/maziggy/bambuddy/pull/201 **Author:** [@maziggy](https://github.com/maziggy) **Created:** 1/31/2026 **Status:** ✅ Merged **Merged:** 1/31/2026 **Merged by:** [@maziggy](https://github.com/maziggy) **Base:** `0.1.6-final` ← **Head:** `feature/auth_details` --- ### 📝 Commits (2) - [`89229a5`](https://github.com/maziggy/bambuddy/commit/89229a5ecc073dcab5ff91336394f21fdf408966) Add group-based permissions system with granular access control - [`391214b`](https://github.com/maziggy/bambuddy/commit/391214be79e46520f89d5fb59ec300c98702b5e9) Merge branch '0.1.6-final' into feature/auth_details ### 📊 Changes **44 files changed** (+13919 additions, -601 deletions) <details> <summary>View changed files</summary> 📝 `CHANGELOG.md` (+16 -0) 📝 `README.md` (+3 -2) 📝 `backend/app/api/routes/auth.py` (+45 -18) ➕ `backend/app/api/routes/groups.py` (+316 -0) 📝 `backend/app/api/routes/printers.py` (+91 -18) 📝 `backend/app/api/routes/settings.py` (+63 -0) 📝 `backend/app/api/routes/users.py` (+138 -55) 📝 `backend/app/core/auth.py` (+125 -2) 📝 `backend/app/core/database.py` (+106 -0) ➕ `backend/app/core/permissions.py` (+392 -0) 📝 `backend/app/main.py` (+2 -0) 📝 `backend/app/models/__init__.py` (+3 -0) ➕ `backend/app/models/group.py` (+54 -0) 📝 `backend/app/models/user.py` (+82 -3) 📝 `backend/app/schemas/auth.py` (+21 -1) ➕ `backend/app/schemas/group.py` (+89 -0) 📝 `backend/tests/conftest.py` (+6 -0) 📝 `backend/tests/integration/test_auth_api.py` (+330 -1) 📝 `frontend/src/App.tsx` (+4 -4) ➕ `frontend/src/__tests__/contexts/AuthContext.test.tsx` (+169 -0) _...and 24 more files_ </details> ### 📄 Description Implement a full permissions system replacing simple admin/user roles: Backend: - Add Group model with many-to-many user relationship - Add 50+ granular permissions (resource:action pattern) - Create default groups: Administrators, Operators, Viewers - Add permission-checking dependencies for route protection - Add groups API endpoints (CRUD, user assignment) - Add change password endpoint for users - Update backup/restore to include groups - Migrate existing users to groups on startup Frontend: - Add GroupsPage for managing groups and permissions - Add permission helpers to AuthContext (hasPermission, hasAnyPermission) - Add PermissionRoute component for protected routes - Disable buttons/features based on permissions (with tooltips) - Add change password modal in sidebar for all users - Add forgot password info modal on login page - Show user groups in UsersPage with group assignment Testing: - Add integration tests for groups API - Add tests for user-group assignments - Add tests for change password endpoint - Seed default groups in test fixtures Closes #28 #161 --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>