Skip to content

Instantly share code, notes, and snippets.

@pritamsharma45

pritamsharma45/RoleBasedAccessFeatures.md

Created June 7, 2025 10:04
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save pritamsharma45/42746b247d293b3fc0c19f8640f35ad8 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save pritamsharma45/42746b247d293b3fc0c19f8640f35ad8 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
RoleBasedAccessFeatures.md

Role-Based Access Features

This document outlines the role-based access control (RBAC) features implemented in the StageFlow-SufiArt application, as derived from the core mixins: authMixin, approvalMixin, and leadManagmentMixin.

Roles Overview

The application supports three primary user roles:

  • Owner
  • Admin
  • Standard (Regular User)

Each role has distinct permissions and access to features, data, and actions throughout the application.

Owner

Capabilities:

  • Full access to all features and data across the application.
  • Can manage users: add, delete, change roles, and assign job roles.
  • Can send invitations to onboard new users.
  • Can manage all invitations (view, delete).
  • Can view and edit all records, regardless of assignment or stage.
  • Can access all workflow stages and see all projects.
  • Can edit any field in any form (no field-level restrictions).
  • Can access all administrative UI sections (Manage Users, Manage Invitations, etc.).
  • Can log out and edit their own profile.

UI/Workflow Behaviors:

  • Navigation drawer shows all management options.
  • All action buttons (edit, delete, change role/job role) are enabled for all users except other owners.
  • No restrictions on data visibility or actions.

Admin

Capabilities:

  • Can view and manage most records, except those restricted to owners.
  • Can approve or reject requests and manage approval workflows.
  • Can assign tasks to users (except owners).
  • Can change job roles for users (except owners).
  • Can view and edit records within their scope.
  • Can see all workflow stages and filter data accordingly.
  • Can edit most fields, except those explicitly disabled for admins.
  • Can log out and edit their own profile.

UI/Workflow Behaviors:

  • Navigation drawer shows management options except for owner-only features.
  • In assignment fields, owners are excluded from selectable options.
  • Edit and delete actions are available for users except owners.
  • Data tables and forms are filtered to exclude owner-only data.

Standard (Regular User)

Capabilities:

  • Can view and manage only records assigned to them or created by them.
  • Can create new requests and participate in workflows.
  • Can only assign tasks to themselves (in assignment fields).
  • Can edit only allowed fields; some fields may be disabled based on workflow stage or role.
  • Can view only relevant workflow stages and data.
  • Can log out and edit their own profile.

UI/Workflow Behaviors:

  • Navigation drawer shows only basic options (no management features).
  • Data tables are filtered to show only records where the user is assigned or is the creator.
  • Assignment fields are restricted to the current user.
  • Some form fields may be disabled or hidden based on role and workflow context.
  • Edit and delete actions are limited to their own records and only when allowed by workflow status.

Data Filtering and Field-Level Security

  • Data Table Filtering:

    • Owners see all records.
    • Admins see all records except those restricted to owners.
    • Standard users see only records assigned to them or created by them.

  • Assignment Fields:

    • Owners can assign to anyone.
    • Admins can assign to anyone except owners.
    • Standard users can only assign to themselves.

  • Form Field Disabling:

    • Certain fields are disabled for standard and admin users based on workflow stage and role.
    • Owners have no field-level restrictions.

  • Action Buttons:

    • Edit, delete, and role/job role change actions are shown or hidden based on the current user's role and the target user's role.

Invitation and Signup

  • Only owners and admins can send invitations to new users.
  • Signup requires a valid invitation code, which determines the user's role and job roles.
  • Users cannot sign up without an invitation.

Approval Workflow

  • Standard users can create approval requests and see only those where they are the requestee or assignee.
  • Admins can approve or reject requests and see all approvals within their scope.
  • Owners have full access to all approvals and can override any status.
  • Field-level restrictions apply during approval based on role and workflow stage.

Example Scenarios

  • A standard user logs in and sees only their assigned projects. They can update the status or details of these projects but cannot assign them to others or access management features.
  • An admin logs in and can view all projects except those owned by the owner. They can approve requests, assign tasks to any user except owners, and manage job roles for users.
  • The owner logs in and has unrestricted access to all features, data, and user management capabilities.

This role-based access system ensures that users only see and interact with data and features appropriate to their responsibilities, maintaining security, privacy, and operational efficiency throughout the application.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment