feat: implement RBAC permissions system

Add role-based access control with hierarchy: super_admin > team_admin > engineer > viewer. Adds is_super_admin boolean to User model (migration 010), centralized backend permissions module, frontend usePermissions hook, and UI enforcement (conditional Create/Edit buttons, editor redirect for viewers, role badge in header). All endpoint admin checks updated from role=="admin" to is_super_admin. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-05 02:42:44 -05:00
parent d7c5c8c9ce
commit 34daa26a67
20 changed files with 428 additions and 65 deletions
--- a/frontend/src/types/tree.ts
+++ b/frontend/src/types/tree.ts
@@ -86,6 +86,7 @@ export interface TreeListItem {
  category_info: CategoryInfo | null
  tags: string[]
  author_id: string | null
+  team_id: string | null
  is_active: boolean
  is_public: boolean
  is_default: boolean
--- a/frontend/src/types/user.ts
+++ b/frontend/src/types/user.ts
@@ -1,10 +1,11 @@
-export type UserRole = 'admin' | 'engineer' | 'viewer'
+export type UserRole = 'engineer' | 'viewer'

 export interface User {
  id: string
  email: string
  name: string
  role: UserRole
+  is_super_admin: boolean
  is_team_admin: boolean
  team_id: string | null
  created_at: string