Commit f2849ca

committed

refactor(rbac): Remove user create/delete permissions from admin role

Removed `Permissions.userCreate` and `Permissions.userDelete` from the `_dashboardAdminPermissions` set. This change enforces the rule that administrators can only update users through the generic data API, while creation and deletion are handled exclusively by the authentication service.

1 parent b9e957b commit f2849caCopy full SHA for f2849ca

File tree

1 file changed

-4

lines changed

lib/src/rbac
- role_permissions.dart

1 file changed

-4

lines changed

`‎lib/src/rbac/role_permissions.dart‎`

Lines changed: 5 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -68,11 +68,12 @@ final Set<String> _dashboardAdminPermissions = {`
`68`	`68`	`Permissions.languageCreate,`
`69`	`69`	`Permissions.languageUpdate,`
`70`	`70`	`Permissions.languageDelete,`
`71`		`- Permissions.userRead, // Allows reading any user's profile.`
`72`		`- // Allow full user account management for admins.`
`73`		`- Permissions.userCreate,`
	`71`	`+ // Allows reading any user's profile.`
	`72`	`+ Permissions.userRead,`
	`73`	`+ // Allows updating any user's profile (e.g., changing their roles).`
	`74`	`+ // User creation and deletion are handled by the auth service, not the`
	`75`	`+ // generic data API.`
`74`	`76`	`Permissions.userUpdate,`
`75`		`- Permissions.userDelete,`
`76`	`77`	`Permissions.remoteConfigCreate,`
`77`	`78`	`Permissions.remoteConfigUpdate,`
`78`	`79`	`Permissions.remoteConfigDelete,`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit f2849ca

File tree

1 file changed

1 file changed

`‎lib/src/rbac/role_permissions.dart‎`

0 commit comments