feat: implement RBAC permissions system

Add role-based access control with hierarchy: super_admin > team_admin > engineer > viewer. Adds is_super_admin boolean to User model (migration 010), centralized backend permissions module, frontend usePermissions hook, and UI enforcement (conditional Create/Edit buttons, editor redirect for viewers, role badge in header). All endpoint admin checks updated from role=="admin" to is_super_admin. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-05 02:42:44 -05:00
parent d7c5c8c9ce
commit 34daa26a67
20 changed files with 428 additions and 65 deletions
--- a/backend/app/schemas/tree.py
+++ b/backend/app/schemas/tree.py
@@ -69,6 +69,7 @@ class TreeListResponse(BaseModel):
    category_info: Optional[CategoryInfo] = None
    tags: list[str] = []  # List of tag names
    author_id: Optional[UUID] = None
+    team_id: Optional[UUID] = None
    is_active: bool
    is_public: bool
    is_default: bool