feat: beta version of role management for single user

fix: no avatar handling
feat: check role assignment
2025-07-20 17:59:54 +02:00 · 2025-06-30 00:08:25 +02:00 · 2025-06-30 00:08:14 +02:00 · 2025-06-29 23:20:59 +02:00 · 2025-06-29 23:20:50 +02:00 · 2025-06-29 23:19:05 +02:00
32 changed files with 2017 additions and 90 deletions
--- a/cmd/hspguard/main.go
+++ b/cmd/hspguard/main.go
@ -45,6 +45,7 @@ func main() {
 	cache := cache.NewClient(&cfg)
 	user.EnsureAdminUser(ctx, &cfg, repo)
 	user.EnsureSystemPermissions(ctx, repo)
 	server := api.NewAPIServer(fmt.Sprintf("%s:%s", cfg.Host, cfg.Port), repo, fStorage, cache, &cfg)
 	if err := server.Run(); err != nil {
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -6,6 +6,8 @@ services:
    environment:
      POSTGRES_USER: guard
      POSTGRES_PASSWORD: guard
    volumes:
      - postgres-data:/var/lib/postgresql/data
    ports:
      - "5432:5432"
@ -23,3 +25,5 @@ services:
 volumes:
  redis-data:
    driver: local
  postgres-data:
    driver: local
--- a/internal/admin/permissions.go
+++ b/internal/admin/permissions.go
@ -0,0 +1,82 @@
 package admin
 import (
 	"encoding/json"
 	"log"
 	"net/http"
 	"gitea.local/admin/hspguard/internal/repository"
 	"gitea.local/admin/hspguard/internal/web"
 	"github.com/go-chi/chi/v5"
 	"github.com/google/uuid"
 )
 func (h *AdminHandler) GetAllPermissions(w http.ResponseWriter, r *http.Request) {
 	rows, err := h.repo.GetGroupedPermissions(r.Context())
 	if err != nil {
 		log.Println("ERR: Failed to list permissions from db:", err)
 		web.Error(w, "failed to get all permissions", http.StatusInternalServerError)
 		return
 	}
 	type RowDTO struct {
 		Scope       string                  `json:"scope"`
 		Permissions []repository.Permission `json:"permissions"`
 	}
 	if len(rows) == 0 {
 		rows = make([]repository.GetGroupedPermissionsRow, 0)
 	}
 	var mapped []RowDTO
 	for _, row := range rows {
 		var permissions []repository.Permission
 		if err := json.Unmarshal(row.Permissions, &permissions); err != nil {
 			log.Println("ERR: Failed to extract permissions from byte array:", err)
 			web.Error(w, "failed to get permissions", http.StatusInternalServerError)
 			return
 		}
 		mapped = append(mapped, RowDTO{
 			Scope:       row.Scope,
 			Permissions: permissions,
 		})
 	}
 	if len(mapped) == 0 {
 		mapped = make([]RowDTO, 0)
 	}
 	encoder := json.NewEncoder(w)
 	w.Header().Set("Content-Type", "application/json")
 	if err := encoder.Encode(mapped); err != nil {
 		web.Error(w, "failed to encode response", http.StatusInternalServerError)
 	}
 }
 func (h *AdminHandler) GetUserPermissions(w http.ResponseWriter, r *http.Request) {
 	userId := chi.URLParam(r, "user_id")
 	permissions, err := h.repo.GetUserPermissions(r.Context(), uuid.MustParse(userId))
 	if err != nil {
 		log.Println("ERR: Failed to list permissions from db:", err)
 		web.Error(w, "failed to get user permissions", http.StatusInternalServerError)
 		return
 	}
 	if len(permissions) == 0 {
 		permissions = make([]repository.Permission, 0)
 	}
 	encoder := json.NewEncoder(w)
 	w.Header().Set("Content-Type", "application/json")
 	if err := encoder.Encode(permissions); err != nil {
 		web.Error(w, "failed to encode response", http.StatusInternalServerError)
 	}
 }
--- a/internal/admin/roles.go
+++ b/internal/admin/roles.go
@ -0,0 +1,156 @@
 package admin
 import (
 	"encoding/json"
 	"log"
 	"net/http"
 	"gitea.local/admin/hspguard/internal/repository"
 	"gitea.local/admin/hspguard/internal/web"
 	"github.com/go-chi/chi/v5"
 	"github.com/google/uuid"
 )
 func (h *AdminHandler) GetAllRoles(w http.ResponseWriter, r *http.Request) {
 	rows, err := h.repo.GetRolesGroupedWithPermissions(r.Context())
 	if err != nil {
 		log.Println("ERR: Failed to list roles from db:", err)
 		web.Error(w, "failed to get all roles", http.StatusInternalServerError)
 		return
 	}
 	type RolePermissions struct {
 		Permissions []repository.Permission `json:"permissions"`
 		repository.Role
 	}
 	type RowDTO struct {
 		Scope string            `json:"scope"`
 		Roles []RolePermissions `json:"roles"`
 	}
 	if len(rows) == 0 {
 		rows = make([]repository.GetRolesGroupedWithPermissionsRow, 0)
 	}
 	var mapped []RowDTO
 	for _, row := range rows {
 		var mappedRow RowDTO
 		mappedRow.Scope = row.Scope
 		if err := json.Unmarshal(row.Roles, &mappedRow.Roles); err != nil {
 			log.Println("ERR: Failed to extract roles from byte array:", err)
 			web.Error(w, "failed to get roles", http.StatusInternalServerError)
 			return
 		}
 		mapped = append(mapped, mappedRow)
 	}
 	if len(mapped) == 0 {
 		mapped = make([]RowDTO, 0)
 	}
 	encoder := json.NewEncoder(w)
 	w.Header().Set("Content-Type", "application/json")
 	if err := encoder.Encode(mapped); err != nil {
 		web.Error(w, "failed to encode response", http.StatusInternalServerError)
 	}
 }
 func (h *AdminHandler) GetUserRoles(w http.ResponseWriter, r *http.Request) {
 	userId := chi.URLParam(r, "user_id")
 	parsed, err := uuid.Parse(userId)
 	if err != nil {
 		log.Printf("ERR: Received invalid UUID on get user roles '%s': %v\n", userId, err)
 		web.Error(w, "invalid user id", http.StatusBadRequest)
 		return
 	}
 	rows, err := h.repo.GetUserRoles(r.Context(), parsed)
 	if err != nil {
 		log.Println("ERR: Failed to list roles from db:", err)
 		web.Error(w, "failed to get user roles", http.StatusInternalServerError)
 		return
 	}
 	if len(rows) == 0 {
 		rows = make([]repository.Role, 0)
 	}
 	encoder := json.NewEncoder(w)
 	w.Header().Set("Content-Type", "application/json")
 	if err := encoder.Encode(rows); err != nil {
 		web.Error(w, "failed to encode response", http.StatusInternalServerError)
 	}
 }
 type AssignRoleRequest struct {
 	RoleKey string `json:"role_key"`
 }
 func (h *AdminHandler) AssignUserRole(w http.ResponseWriter, r *http.Request) {
 	userId := chi.URLParam(r, "user_id")
 	var req AssignRoleRequest
 	decoder := json.NewDecoder(r.Body)
 	if err := decoder.Decode(&req); err != nil {
 		web.Error(w, "failed to parse request body", http.StatusBadRequest)
 		return
 	}
 	if req.RoleKey == "" {
 		web.Error(w, "role key is required for assign", http.StatusBadRequest)
 		return
 	}
 	parsed, err := uuid.Parse(userId)
 	if err != nil {
 		log.Printf("ERR: Failed to parse provided user ID '%s': %v\n", userId, err)
 		web.Error(w, "invalid user id provided", http.StatusBadRequest)
 		return
 	}
 	user, err := h.repo.FindUserId(r.Context(), parsed)
 	if err != nil {
 		web.Error(w, "no user found under provided id", http.StatusBadRequest)
 		return
 	}
 	if _, err := h.repo.FindUserRole(r.Context(), repository.FindUserRoleParams{
 		UserID: user.ID,
 		Key:    req.RoleKey,
 	}); err == nil {
 		log.Printf("INFO: Unassigning role '%s' for user with '%s' id", req.RoleKey, user.ID.String())
 		// Unassign Role
 		if err := h.repo.UnassignUserRole(r.Context(), repository.UnassignUserRoleParams{
 			UserID: user.ID,
 			Key:    req.RoleKey,
 		}); err != nil {
 			log.Printf("ERR: Failed to unassign role '%s' from user with '%s' id: %v\n", req.RoleKey, user.ID.String(), err)
 			web.Error(w, "failed to unassign role to user", http.StatusInternalServerError)
 			return
 		}
 	} else {
 		log.Printf("INFO: Assigning role '%s' for user with '%s' id", req.RoleKey, user.ID.String())
 		if err := h.repo.AssignUserRole(r.Context(), repository.AssignUserRoleParams{
 			UserID: user.ID,
 			Key:    req.RoleKey,
 		}); err != nil {
 			log.Printf("ERR: Failed to assign role '%s' to user with '%s' id: %v\n", req.RoleKey, user.ID.String(), err)
 			web.Error(w, "failed to assign role to user", http.StatusInternalServerError)
 			return
 		}
 	}
 	w.WriteHeader(http.StatusOK)
 }
--- a/internal/admin/routes.go
+++ b/internal/admin/routes.go
@ -41,6 +41,13 @@ func (h *AdminHandler) RegisterRoutes(router chi.Router) {
 		r.Get("/service-sessions", h.GetServiceSessions)
 		r.Patch("/service-sessions/revoke/{id}", h.RevokeUserSession)
 		r.Get("/permissions", h.GetAllPermissions)
 		r.Get("/permissions/{user_id}", h.GetUserPermissions)
 		r.Get("/roles", h.GetAllRoles)
 		r.Get("/roles/{user_id}", h.GetUserRoles)
 		r.Patch("/roles/{user_id}", h.AssignUserRole)
 	})
 	router.Get("/api-services/client/{client_id}", h.GetApiServiceCID)
--- a/internal/repository/models.go
+++ b/internal/repository/models.go
@ -25,6 +25,25 @@ type ApiService struct {
 	IconUrl      *string   `json:"icon_url"`
 }
 type Permission struct {
 	ID          uuid.UUID `json:"id"`
 	Name        string    `json:"name"`
 	Scope       string    `json:"scope"`
 	Description *string   `json:"description"`
 }
 type Role struct {
 	ID          uuid.UUID `json:"id"`
 	Name        string    `json:"name"`
 	Scope       string    `json:"scope"`
 	Description *string   `json:"description"`
 }
 type RolePermission struct {
 	RoleID       uuid.UUID `json:"role_id"`
 	PermissionID uuid.UUID `json:"permission_id"`
 }
 type ServiceSession struct {
 	ID             uuid.UUID  `json:"id"`
 	ServiceID      uuid.UUID  `json:"service_id"`
@ -60,6 +79,16 @@ type User struct {
 	Verified       bool       `json:"verified"`
 }
 type UserPermission struct {
 	UserID       uuid.UUID `json:"user_id"`
 	PermissionID uuid.UUID `json:"permission_id"`
 }
 type UserRole struct {
 	UserID uuid.UUID `json:"user_id"`
 	RoleID uuid.UUID `json:"role_id"`
 }
 type UserSession struct {
 	ID             uuid.UUID  `json:"id"`
 	UserID         uuid.UUID  `json:"user_id"`
--- a/internal/repository/permissions.sql.go
+++ b/internal/repository/permissions.sql.go
@ -0,0 +1,156 @@
 // Code generated by sqlc. DO NOT EDIT.
 // versions:
 //   sqlc v1.29.0
 // source: permissions.sql
 package repository
 import (
 	"context"
 	"github.com/google/uuid"
 )
 const createPermission = `-- name: CreatePermission :one
 INSERT into permissions (
    name, scope, description
 ) VALUES (
    $1, $2, $3
 ) RETURNING id, name, scope, description
 `
 type CreatePermissionParams struct {
 	Name        string  `json:"name"`
 	Scope       string  `json:"scope"`
 	Description *string `json:"description"`
 }
 func (q *Queries) CreatePermission(ctx context.Context, arg CreatePermissionParams) (Permission, error) {
 	row := q.db.QueryRow(ctx, createPermission, arg.Name, arg.Scope, arg.Description)
 	var i Permission
 	err := row.Scan(
 		&i.ID,
 		&i.Name,
 		&i.Scope,
 		&i.Description,
 	)
 	return i, err
 }
 const findPermission = `-- name: FindPermission :one
 SELECT id, name, scope, description FROM permissions
 WHERE name = $1 AND scope = $2
 `
 type FindPermissionParams struct {
 	Name  string `json:"name"`
 	Scope string `json:"scope"`
 }
 func (q *Queries) FindPermission(ctx context.Context, arg FindPermissionParams) (Permission, error) {
 	row := q.db.QueryRow(ctx, findPermission, arg.Name, arg.Scope)
 	var i Permission
 	err := row.Scan(
 		&i.ID,
 		&i.Name,
 		&i.Scope,
 		&i.Description,
 	)
 	return i, err
 }
 const getAllPermissions = `-- name: GetAllPermissions :many
 SELECT id, name, scope, description
 FROM permissions p
 ORDER BY p.scope
 `
 func (q *Queries) GetAllPermissions(ctx context.Context) ([]Permission, error) {
 	rows, err := q.db.Query(ctx, getAllPermissions)
 	if err != nil {
 		return nil, err
 	}
 	defer rows.Close()
 	var items []Permission
 	for rows.Next() {
 		var i Permission
 		if err := rows.Scan(
 			&i.ID,
 			&i.Name,
 			&i.Scope,
 			&i.Description,
 		); err != nil {
 			return nil, err
 		}
 		items = append(items, i)
 	}
 	if err := rows.Err(); err != nil {
 		return nil, err
 	}
 	return items, nil
 }
 const getGroupedPermissions = `-- name: GetGroupedPermissions :many
 SELECT scope, json_agg(to_jsonb(permissions.*) ORDER BY name) as permissions
 FROM permissions
 GROUP BY scope
 `
 type GetGroupedPermissionsRow struct {
 	Scope       string `json:"scope"`
 	Permissions []byte `json:"permissions"`
 }
 func (q *Queries) GetGroupedPermissions(ctx context.Context) ([]GetGroupedPermissionsRow, error) {
 	rows, err := q.db.Query(ctx, getGroupedPermissions)
 	if err != nil {
 		return nil, err
 	}
 	defer rows.Close()
 	var items []GetGroupedPermissionsRow
 	for rows.Next() {
 		var i GetGroupedPermissionsRow
 		if err := rows.Scan(&i.Scope, &i.Permissions); err != nil {
 			return nil, err
 		}
 		items = append(items, i)
 	}
 	if err := rows.Err(); err != nil {
 		return nil, err
 	}
 	return items, nil
 }
 const getUserPermissions = `-- name: GetUserPermissions :many
 SELECT DISTINCT p.id,p.name,p.scope,p.description
 FROM user_roles ur
 JOIN role_permissions rp ON ur.role_id = rp.role_id
 JOIN permissions p ON rp.permission_id = p.id
 WHERE ur.user_id = $1
 ORDER BY p.scope
 `
 func (q *Queries) GetUserPermissions(ctx context.Context, userID uuid.UUID) ([]Permission, error) {
 	rows, err := q.db.Query(ctx, getUserPermissions, userID)
 	if err != nil {
 		return nil, err
 	}
 	defer rows.Close()
 	var items []Permission
 	for rows.Next() {
 		var i Permission
 		if err := rows.Scan(
 			&i.ID,
 			&i.Name,
 			&i.Scope,
 			&i.Description,
 		); err != nil {
 			return nil, err
 		}
 		items = append(items, i)
 	}
 	if err := rows.Err(); err != nil {
 		return nil, err
 	}
 	return items, nil
 }
--- a/internal/repository/roles.sql.go
+++ b/internal/repository/roles.sql.go
@ -0,0 +1,282 @@
 // Code generated by sqlc. DO NOT EDIT.
 // versions:
 //   sqlc v1.29.0
 // source: roles.sql
 package repository
 import (
 	"context"
 	"github.com/google/uuid"
 )
 const addPermissionsToRoleByKey = `-- name: AddPermissionsToRoleByKey :exec
 INSERT INTO role_permissions (role_id, permission_id)
 SELECT
  $1,
  p.id
 FROM
  permissions p
 JOIN
  unnest($2::text[]) AS key_str
    ON key_str = p.scope || '_' || p.name
 `
 type AddPermissionsToRoleByKeyParams struct {
 	RoleID         uuid.UUID `json:"role_id"`
 	PermissionKeys []string  `json:"permission_keys"`
 }
 func (q *Queries) AddPermissionsToRoleByKey(ctx context.Context, arg AddPermissionsToRoleByKeyParams) error {
 	_, err := q.db.Exec(ctx, addPermissionsToRoleByKey, arg.RoleID, arg.PermissionKeys)
 	return err
 }
 const assignRolePermission = `-- name: AssignRolePermission :exec
 INSERT INTO role_permissions (role_id, permission_id)
 VALUES (
  $1,
  (
    SELECT id
    FROM permissions p
    WHERE p.scope = split_part($2, '_', 1)
      AND p.name = right($2, length($2) - position('_' IN $2))
  )
 )
 `
 type AssignRolePermissionParams struct {
 	RoleID uuid.UUID `json:"role_id"`
 	Key    string    `json:"key"`
 }
 func (q *Queries) AssignRolePermission(ctx context.Context, arg AssignRolePermissionParams) error {
 	_, err := q.db.Exec(ctx, assignRolePermission, arg.RoleID, arg.Key)
 	return err
 }
 const assignUserRole = `-- name: AssignUserRole :exec
 INSERT INTO user_roles (user_id, role_id)
 VALUES ($1, (
    SELECT id FROM roles r
    WHERE r.scope = split_part($2, '_', 1)
          AND r.name = right($2, length($2) - position('_' IN $2))
 ))
 `
 type AssignUserRoleParams struct {
 	UserID uuid.UUID `json:"user_id"`
 	Key    string    `json:"key"`
 }
 func (q *Queries) AssignUserRole(ctx context.Context, arg AssignUserRoleParams) error {
 	_, err := q.db.Exec(ctx, assignUserRole, arg.UserID, arg.Key)
 	return err
 }
 const createRole = `-- name: CreateRole :one
 INSERT INTO roles (name, scope, description)
 VALUES ($1, $2, $3)
 RETURNING id, name, scope, description
 `
 type CreateRoleParams struct {
 	Name        string  `json:"name"`
 	Scope       string  `json:"scope"`
 	Description *string `json:"description"`
 }
 func (q *Queries) CreateRole(ctx context.Context, arg CreateRoleParams) (Role, error) {
 	row := q.db.QueryRow(ctx, createRole, arg.Name, arg.Scope, arg.Description)
 	var i Role
 	err := row.Scan(
 		&i.ID,
 		&i.Name,
 		&i.Scope,
 		&i.Description,
 	)
 	return i, err
 }
 const findRole = `-- name: FindRole :one
 SELECT id, name, scope, description
 FROM roles
 WHERE scope = $1 AND name = $2
 `
 type FindRoleParams struct {
 	Scope string `json:"scope"`
 	Name  string `json:"name"`
 }
 func (q *Queries) FindRole(ctx context.Context, arg FindRoleParams) (Role, error) {
 	row := q.db.QueryRow(ctx, findRole, arg.Scope, arg.Name)
 	var i Role
 	err := row.Scan(
 		&i.ID,
 		&i.Name,
 		&i.Scope,
 		&i.Description,
 	)
 	return i, err
 }
 const findUserRole = `-- name: FindUserRole :one
 SELECT user_id, role_id FROM user_roles
 WHERE user_id = $1 AND role_id = (SELECT id FROM roles r WHERE r.scope = split_part($2, '_', 1) AND r.name = right($2, length($2) - position('_' IN $2)))
 LIMIT 1
 `
 type FindUserRoleParams struct {
 	UserID uuid.UUID `json:"user_id"`
 	Key    string    `json:"key"`
 }
 func (q *Queries) FindUserRole(ctx context.Context, arg FindUserRoleParams) (UserRole, error) {
 	row := q.db.QueryRow(ctx, findUserRole, arg.UserID, arg.Key)
 	var i UserRole
 	err := row.Scan(&i.UserID, &i.RoleID)
 	return i, err
 }
 const getRoleAssignment = `-- name: GetRoleAssignment :one
 SELECT role_id, permission_id FROM role_permissions
 WHERE role_id = $1 AND permission_id = (SELECT id FROM permissions p WHERE p.scope = split_part($2, '_', 1) AND p.name = right($2, length($2) - position('_' IN $2)))
 LIMIT 1
 `
 type GetRoleAssignmentParams struct {
 	RoleID uuid.UUID `json:"role_id"`
 	Key    string    `json:"key"`
 }
 func (q *Queries) GetRoleAssignment(ctx context.Context, arg GetRoleAssignmentParams) (RolePermission, error) {
 	row := q.db.QueryRow(ctx, getRoleAssignment, arg.RoleID, arg.Key)
 	var i RolePermission
 	err := row.Scan(&i.RoleID, &i.PermissionID)
 	return i, err
 }
 const getRolesGroupedWithPermissions = `-- name: GetRolesGroupedWithPermissions :many
 SELECT
    r.scope,
    json_agg (
        json_build_object (
            'id',
            r.id,
            'name',
            r.name,
            'scope',
            r.scope,
            'description',
            r.description,
            'permissions',
            COALESCE(p_list.permissions, '[]')
        )
        ORDER BY
            r.name
    ) AS roles
 FROM
    roles r
    LEFT JOIN (
        SELECT
            rp.role_id,
            json_agg (
                json_build_object (
                    'id',
                    p.id,
                    'name',
                    p.name,
                    'scope',
                    p.scope,
                    'description',
                    p.description
                )
                ORDER BY
                    p.name
            ) AS permissions
        FROM
            role_permissions rp
            JOIN permissions p ON p.id = rp.permission_id
        GROUP BY
            rp.role_id
    ) p_list ON p_list.role_id = r.id
 GROUP BY
    r.scope
 `
 type GetRolesGroupedWithPermissionsRow struct {
 	Scope string `json:"scope"`
 	Roles []byte `json:"roles"`
 }
 func (q *Queries) GetRolesGroupedWithPermissions(ctx context.Context) ([]GetRolesGroupedWithPermissionsRow, error) {
 	rows, err := q.db.Query(ctx, getRolesGroupedWithPermissions)
 	if err != nil {
 		return nil, err
 	}
 	defer rows.Close()
 	var items []GetRolesGroupedWithPermissionsRow
 	for rows.Next() {
 		var i GetRolesGroupedWithPermissionsRow
 		if err := rows.Scan(&i.Scope, &i.Roles); err != nil {
 			return nil, err
 		}
 		items = append(items, i)
 	}
 	if err := rows.Err(); err != nil {
 		return nil, err
 	}
 	return items, nil
 }
 const getUserRoles = `-- name: GetUserRoles :many
 SELECT r.id, r.name, r.scope, r.description FROM roles r
 JOIN user_roles ur ON r.id = ur.role_id
 WHERE ur.user_id = $1
 `
 func (q *Queries) GetUserRoles(ctx context.Context, userID uuid.UUID) ([]Role, error) {
 	rows, err := q.db.Query(ctx, getUserRoles, userID)
 	if err != nil {
 		return nil, err
 	}
 	defer rows.Close()
 	var items []Role
 	for rows.Next() {
 		var i Role
 		if err := rows.Scan(
 			&i.ID,
 			&i.Name,
 			&i.Scope,
 			&i.Description,
 		); err != nil {
 			return nil, err
 		}
 		items = append(items, i)
 	}
 	if err := rows.Err(); err != nil {
 		return nil, err
 	}
 	return items, nil
 }
 const unassignUserRole = `-- name: UnassignUserRole :exec
 DELETE FROM user_roles
 WHERE user_id = $1 AND role_id = (
    SELECT id FROM roles r
    WHERE r.scope = split_part($2, '_', 1)
          AND r.name = right($2, length($2) - position('_' IN $2))
 )
 `
 type UnassignUserRoleParams struct {
 	UserID uuid.UUID `json:"user_id"`
 	Key    string    `json:"key"`
 }
 func (q *Queries) UnassignUserRole(ctx context.Context, arg UnassignUserRoleParams) error {
 	_, err := q.db.Exec(ctx, unassignUserRole, arg.UserID, arg.Key)
 	return err
 }
--- a/internal/user/permissions.go
+++ b/internal/user/permissions.go
@ -0,0 +1,215 @@
 package user
 import (
 	"context"
 	"log"
 	"gitea.local/admin/hspguard/internal/repository"
 )
 func String(s string) *string {
 	return &s
 }
 type RolePermissions struct {
 	Permissions []string `json:"permissions"`
 	repository.Role
 }
 var (
 	SYSTEM_SCOPE       string                  = "system"
 	SYSTEM_PERMISSIONS []repository.Permission = []repository.Permission{
 		{
 			Name:        "log_into_guard",
 			Description: String("Allow users to log into their accounts"),
 		},
 		{
 			Name:        "register",
 			Description: String("Allow users to register new accounts"),
 		},
 		{
 			Name:        "edit_profile",
 			Description: String("Allow users to edit their profiles"),
 		},
 		{
 			Name:        "recover_credentials",
 			Description: String("Allow users to recover their password/email"),
 		},
 		{
 			Name:        "verify_profile",
 			Description: String("Allow users to verify their accounts"),
 		},
 		{
 			Name:        "access_home_services",
 			Description: String("Allow users to access home services and tools"),
 		},
 		{
 			Name:        "view_sessions",
 			Description: String("Allow users to view their active sessions"),
 		},
 		{
 			Name:        "revoke_sessions",
 			Description: String("Allow users to revoke their active sessions"),
 		},
 		{
 			Name:        "view_api_services",
 			Description: String("Allow users to view API Services (for admin)"),
 		},
 		{
 			Name:        "add_api_services",
 			Description: String("Allow users to register new API Services (for admin)"),
 		},
 		{
 			Name:        "edit_api_services",
 			Description: String("Allow users to edit API Services (for admin)"),
 		},
 		{
 			Name:        "remove_api_services",
 			Description: String("Allow users to remove API Services (for admin)"),
 		},
 		{
 			Name:        "view_users",
 			Description: String("Allow users to view other users (for admin)"),
 		},
 		{
 			Name:        "add_users",
 			Description: String("Allow users to create new users (for admin)"),
 		},
 		// TODO: block, delete users
 		{
 			Name:        "view_user_sessions",
 			Description: String("Allow users to view user sessions (for admin)"),
 		},
 		{
 			Name:        "revoke_user_sessions",
 			Description: String("Allow users to revoke user sessions (for admin)"),
 		},
 		{
 			Name:        "view_service_sessions",
 			Description: String("Allow users to view service sessions (for admin)"),
 		},
 		{
 			Name:        "revoke_service_sessions",
 			Description: String("Allow users to revoke service sessions (for admin)"),
 		},
 		{
 			Name:        "view_permissions",
 			Description: String("Allow users to view all permissions (for admin)"),
 		},
 		{
 			Name:        "view_roles_groups",
 			Description: String("Allow users to view roles & groups (for admin)"),
 		},
 	}
 	SYSTEM_ROLES []RolePermissions = []RolePermissions{
 		{
 			Permissions: []string{
 				"system_log_into_guard",
 				"system_register",
 				"system_edit_profile",
 				"system_recover_credentials",
 				"system_verify_profile",
 				"system_access_home_services",
 				"system_view_sessions",
 				"system_revoke_sessions",
 				"system_view_api_services",
 				"system_add_api_services",
 				"system_edit_api_services",
 				"system_remove_api_services",
 				"system_view_users",
 				"system_add_users",
 				"system_view_user_sessions",
 				"system_revoke_user_sessions",
 				"system_view_service_sessions",
 				"system_revoke_service_sessions",
 				"system_view_permissions",
 				"system_view_roles_groups",
 			},
 			Role: repository.Role{
 				Name:        "admin",
 				Description: String("User with full power"),
 			},
 		},
 		{
 			Permissions: []string{
 				"system_log_into_guard",
 				"system_register",
 				"system_edit_profile",
 				"system_recover_credentials",
 				"system_verify_profile",
 				"system_access_home_services",
 				"system_view_sessions",
 				"system_revoke_sessions",
 			},
 			Role: repository.Role{
 				Name:        "member",
 				Description: String("User that is able to use home services"),
 			},
 		},
 		{
 			Permissions: []string{
 				"system_log_into_guard",
 				"system_register",
 			},
 			Role: repository.Role{
 				Name:        "guest",
 				Description: String("New user that needs approve for everything from admin"),
 			},
 		},
 	}
 )
 func EnsureSystemPermissions(ctx context.Context, repo *repository.Queries) {
 	for _, permission := range SYSTEM_PERMISSIONS {
 		_, err := repo.FindPermission(ctx, repository.FindPermissionParams{
 			Name:  permission.Name,
 			Scope: SYSTEM_SCOPE,
 		})
 		if err != nil {
 			log.Printf("INFO: Creating SYSTEM permission: '%s'\n", permission.Name)
 			_, err = repo.CreatePermission(ctx, repository.CreatePermissionParams{
 				Name:        permission.Name,
 				Scope:       SYSTEM_SCOPE,
 				Description: permission.Description,
 			})
 			if err != nil {
 				log.Fatalf("ERR: Failed to create SYSTEM permission: '%s'\n", permission.Name)
 			}
 		}
 	}
 	for _, role := range SYSTEM_ROLES {
 		var found repository.Role
 		var err error
 		found, err = repo.FindRole(ctx, repository.FindRoleParams{
 			Scope: SYSTEM_SCOPE,
 			Name:  role.Name,
 		})
 		if err != nil {
 			log.Printf("INFO: Create new SYSTEM role '%s'\n", role.Name)
 			found, err = repo.CreateRole(ctx, repository.CreateRoleParams{
 				Name:        role.Name,
 				Scope:       SYSTEM_SCOPE,
 				Description: role.Description,
 			})
 			if err != nil {
 				log.Fatalf("ERR: Failed to create SYSTEM role '%s': %v\n", role.Name, err)
 			}
 		}
 		for _, perm := range role.Permissions {
 			if _, exists := repo.GetRoleAssignment(ctx, repository.GetRoleAssignmentParams{
 				RoleID: found.ID,
 				Key:    perm,
 			}); exists != nil {
 				if err := repo.AssignRolePermission(ctx, repository.AssignRolePermissionParams{
 					RoleID: found.ID,
 					Key:    perm,
 				}); err != nil {
 					log.Fatalf("ERR: Failed to assign permission '%s' to SYSTEM role %s: %v\n", perm, found.Name, err)
 				}
 			}
 		}
 	}
 }
--- a/migrations/00013_add_group_role_permission.sql
+++ b/migrations/00013_add_group_role_permission.sql
@ -0,0 +1,55 @@
 -- +goose Up
 -- +goose StatementBegin
 -- ROLES
 CREATE TABLE roles (
    id UUID PRIMARY KEY DEFAULT gen_random_uuid (),
    name TEXT NOT NULL,
    scope TEXT NOT NULL,
    description TEXT,
    UNIQUE (name, scope)
 );
 -- PERMISSIONS
 CREATE TABLE permissions (
    id UUID PRIMARY KEY DEFAULT gen_random_uuid (),
    name TEXT NOT NULL,
    scope TEXT NOT NULL,
    description TEXT,
    UNIQUE (name, scope)
 );
 -- ROLE-PERMISSIONS (many-to-many)
 CREATE TABLE role_permissions (
    role_id UUID REFERENCES roles (id) ON DELETE CASCADE,
    permission_id UUID REFERENCES permissions (id) ON DELETE CASCADE,
    PRIMARY KEY (role_id, permission_id)
 );
 -- USER-ROLES (direct assignment, optional)
 CREATE TABLE user_roles (
    user_id UUID REFERENCES users (id) ON DELETE CASCADE,
    role_id UUID REFERENCES roles (id) ON DELETE CASCADE,
    PRIMARY KEY (user_id, role_id)
 );
 -- USER-PERMISSIONS (direct assignment, optional)
 CREATE TABLE user_permissions (
    user_id UUID REFERENCES users (id) ON DELETE CASCADE,
    permission_id UUID REFERENCES permissions (id) ON DELETE CASCADE,
    PRIMARY KEY (user_id, permission_id)
 );
 -- +goose StatementEnd
 -- +goose Down
 -- +goose StatementBegin
 DROP TABLE IF EXISTS user_permissions;
 DROP TABLE IF EXISTS user_roles;
 DROP TABLE IF EXISTS role_permissions;
 DROP TABLE IF EXISTS permissions;
 DROP TABLE IF EXISTS roles;
 -- +goose StatementEnd
--- a/queries/permissions.sql
+++ b/queries/permissions.sql
@ -0,0 +1,29 @@
 -- name: GetAllPermissions :many
 SELECT *
 FROM permissions p
 ORDER BY p.scope;
 -- name: GetGroupedPermissions :many
 SELECT scope, json_agg(to_jsonb(permissions.*) ORDER BY name) as permissions
 FROM permissions
 GROUP BY scope;
 -- name: CreatePermission :one
 INSERT into permissions (
    name, scope, description
 ) VALUES (
    $1, $2, $3
 ) RETURNING *;
 -- name: FindPermission :one
 SELECT * FROM permissions
 WHERE name = $1 AND scope = $2;
 -- name: GetUserPermissions :many
 SELECT DISTINCT p.id,p.name,p.scope,p.description
 FROM user_roles ur
 JOIN role_permissions rp ON ur.role_id = rp.role_id
 JOIN permissions p ON rp.permission_id = p.id
 WHERE ur.user_id = $1
 ORDER BY p.scope;
--- a/queries/roles.sql
+++ b/queries/roles.sql
@ -0,0 +1,109 @@
 -- name: FindRole :one
 SELECT *
 FROM roles
 WHERE scope = $1 AND name = $2;
 -- name: GetRolesGroupedWithPermissions :many
 SELECT
    r.scope,
    json_agg (
        json_build_object (
            'id',
            r.id,
            'name',
            r.name,
            'scope',
            r.scope,
            'description',
            r.description,
            'permissions',
            COALESCE(p_list.permissions, '[]')
        )
        ORDER BY
            r.name
    ) AS roles
 FROM
    roles r
    LEFT JOIN (
        SELECT
            rp.role_id,
            json_agg (
                json_build_object (
                    'id',
                    p.id,
                    'name',
                    p.name,
                    'scope',
                    p.scope,
                    'description',
                    p.description
                )
                ORDER BY
                    p.name
            ) AS permissions
        FROM
            role_permissions rp
            JOIN permissions p ON p.id = rp.permission_id
        GROUP BY
            rp.role_id
    ) p_list ON p_list.role_id = r.id
 GROUP BY
    r.scope;
 -- name: CreateRole :one
 INSERT INTO roles (name, scope, description)
 VALUES ($1, $2, $3)
 RETURNING *;
 -- name: GetRoleAssignment :one
 SELECT * FROM role_permissions
 WHERE role_id = $1 AND permission_id = (SELECT id FROM permissions p WHERE p.scope = split_part(sqlc.arg('key'), '_', 1) AND p.name = right(sqlc.arg('key'), length(sqlc.arg('key')) - position('_' IN sqlc.arg('key'))))
 LIMIT 1;
 -- name: AssignRolePermission :exec
 INSERT INTO role_permissions (role_id, permission_id)
 VALUES (
  $1,
  (
    SELECT id
    FROM permissions p
    WHERE p.scope = split_part(sqlc.arg('key'), '_', 1)
      AND p.name = right(sqlc.arg('key'), length(sqlc.arg('key')) - position('_' IN sqlc.arg('key')))
  )
 );
 -- name: AddPermissionsToRoleByKey :exec
 INSERT INTO role_permissions (role_id, permission_id)
 SELECT
  sqlc.arg(role_id),
  p.id
 FROM
  permissions p
 JOIN
  unnest(sqlc.arg(permission_keys)::text[]) AS key_str
    ON key_str = p.scope || '_' || p.name;
 -- name: GetUserRoles :many
 SELECT r.* FROM roles r
 JOIN user_roles ur ON r.id = ur.role_id
 WHERE ur.user_id = $1;
 -- name: AssignUserRole :exec
 INSERT INTO user_roles (user_id, role_id)
 VALUES ($1, (
    SELECT id FROM roles r
    WHERE r.scope = split_part(sqlc.arg('key'), '_', 1)
          AND r.name = right(sqlc.arg('key'), length(sqlc.arg('key')) - position('_' IN sqlc.arg('key')))
 ));
 -- name: UnassignUserRole :exec
 DELETE FROM user_roles
 WHERE user_id = $1 AND role_id = (
    SELECT id FROM roles r
    WHERE r.scope = split_part(sqlc.arg('key'), '_', 1)
          AND r.name = right(sqlc.arg('key'), length(sqlc.arg('key')) - position('_' IN sqlc.arg('key')))
 );
 -- name: FindUserRole :one
 SELECT * FROM user_roles
 WHERE user_id = $1 AND role_id = (SELECT id FROM roles r WHERE r.scope = split_part(sqlc.arg('key'), '_', 1) AND r.name = right(sqlc.arg('key'), length(sqlc.arg('key')) - position('_' IN sqlc.arg('key'))))
 LIMIT 1;
--- a/web/src/App.tsx
+++ b/web/src/App.tsx
@ -27,6 +27,8 @@ import VerifyAvatarPage from "./pages/Verify/Avatar";
 import VerifyReviewPage from "./pages/Verify/Review";
 import AdminUserSessionsPage from "./pages/Admin/UserSessions";
 import AdminServiceSessionsPage from "./pages/Admin/ServiceSessions";
 import AdminAppPermissionsPage from "./pages/Admin/AppPermissions";
 import AdminRolesGroupsPage from "./pages/Admin/RolesGroups";
 const router = createBrowserRouter([
  {
@ -93,6 +95,16 @@ const router = createBrowserRouter([
                  { index: true, element: <AdminServiceSessionsPage /> },
                ],
              },
              {
                path: "app-permissions",
                children: [
                  { index: true, element: <AdminAppPermissionsPage /> },
                ],
              },
              {
                path: "roles-groups",
                children: [{ index: true, element: <AdminRolesGroupsPage /> }],
              },
            ],
          },
        ],
--- a/web/src/api/admin/permissions.ts
+++ b/web/src/api/admin/permissions.ts
@ -0,0 +1,34 @@
 import type { AppPermission } from "@/types";
 import { axios, handleApiError } from "..";
 export type FetchPermissionsResponse = AppPermission[];
 export const getUserPermissionsApi = async (
  userId: string,
 ): Promise<FetchPermissionsResponse> => {
  const response = await axios.get<FetchPermissionsResponse>(
    `/api/v1/admin/permissions/${userId}`,
  );
  if (response.status !== 200 && response.status !== 201)
    throw await handleApiError(response);
  return response.data;
 };
 export type FetchGroupedPermissionsResponse = {
  scope: string;
  permissions: AppPermission[];
 }[];
 export const getPermissionsApi =
  async (): Promise<FetchGroupedPermissionsResponse> => {
    const response = await axios.get<FetchGroupedPermissionsResponse>(
      "/api/v1/admin/permissions",
    );
    if (response.status !== 200 && response.status !== 201)
      throw await handleApiError(response);
    return response.data;
  };
--- a/web/src/api/admin/roles.ts
+++ b/web/src/api/admin/roles.ts
@ -0,0 +1,51 @@
 import type { AppPermission, AppRole } from "@/types";
 import { axios, handleApiError } from "..";
 export type FetchGroupedRolesResponse = {
  scope: string;
  roles: (AppRole & {
    permissions: AppPermission[];
  })[];
 }[];
 export const getRolesApi = async (): Promise<FetchGroupedRolesResponse> => {
  const response = await axios.get<FetchGroupedRolesResponse>(
    "/api/v1/admin/roles",
  );
  if (response.status !== 200 && response.status !== 201)
    throw await handleApiError(response);
  return response.data;
 };
 export type FetchUserRolesResponse = AppRole[];
 export const getUserRolesApi = async (
  userId: string,
 ): Promise<FetchUserRolesResponse> => {
  const response = await axios.get<FetchUserRolesResponse>(
    `/api/v1/admin/roles/${userId}`,
  );
  if (response.status !== 200 && response.status !== 201)
    throw await handleApiError(response);
  return response.data;
 };
 export interface AssignUserRoleRequest {
  role_key: string;
 }
 export const assignUserRoleApi = async (
  userId: string,
  params: AssignUserRoleRequest,
 ) => {
  const response = await axios.patch(`/api/v1/admin/roles/${userId}`, params);
  if (response.status !== 200 && response.status !== 201)
    throw await handleApiError(response);
  return response.data;
 };
--- a/web/src/feature/Avatar/index.tsx
+++ b/web/src/feature/Avatar/index.tsx
@ -5,7 +5,7 @@ import { useMemo, type FC } from "react";
 export interface AvatarProps {
  iconSize?: number;
  className?: string;
-  avatarId?: string;
+  avatarId?: string | null;
 }
 const Avatar: FC<AvatarProps> = ({ iconSize = 32, className, avatarId }) => {
--- a/web/src/feature/FoldableRolesTable/index.tsx
+++ b/web/src/feature/FoldableRolesTable/index.tsx
@ -0,0 +1,115 @@
 import { Button } from "@/components/ui/button";
 import { useRoles } from "@/store/admin/rolesGroups";
 import { useUsers } from "@/store/admin/users";
 import type { AppRole } from "@/types";
 import { ChevronDown, LoaderCircle, Plus } from "lucide-react";
 import React, { useCallback, useEffect, useState } from "react";
 type Props = {
  userRoles: AppRole[];
  onToggleRole?: (scope: string, role: string, isAssigned: boolean) => void;
 };
 const FoldableRolesTable: React.FC<Props> = ({ userRoles, onToggleRole }) => {
  const [openScopes, setOpenScopes] = useState<Record<string, boolean>>({});
  const roleMap = useRoles((s) => s.roles);
  const loadRoles = useRoles((s) => s.fetch);
  const loadUserRoles = useUsers((state) => state.fetchUserRoles);
  const user = useUsers((s) => s.current);
  const togglingRole = useRoles((s) => s.toggling);
  const toggleRole = useRoles((s) => s.assign);
  const toggleUserRole = useCallback(
    async (role: AppRole) => {
      if (togglingRole === role.id) return;
      if (user) {
        await toggleRole(user.id, role);
        loadRoles();
        loadUserRoles();
      }
    },
    [loadRoles, loadUserRoles, toggleRole, togglingRole, user],
  );
  const toggleScope = (scope: string) => {
    setOpenScopes((prev) => ({
      ...prev,
      [scope]: !prev[scope],
    }));
  };
  useEffect(() => {
    loadRoles();
  }, [loadRoles]);
  return (
    <div className="w-full mx-auto shadow-md overflow-hidden">
      <div className="divide-y divide-gray-200 dark:divide-gray-700">
        {Object.entries(roleMap).map(([scope, roles]) => (
          <div key={`${scope}`}>
            <div
              className="w-full text-left px-4 py-3 flex items-center justify-between cursor-pointer"
              onClick={() => toggleScope(scope)}
            >
              <div className="flex items-center">
                <span className="font-semibold text-gray-800 dark:text-gray-200">
                  {scope.toUpperCase()}{" "}
                  <span className="text-sm opacity-50 font-light">
                    (
                    {
                      roles.filter((r) =>
                        userRoles.some((ur) => ur.id === r.id),
                      ).length
                    }
                    /{roles.length})
                  </span>
                </span>
              </div>
              <span className="text-sm text-gray-500">
                <ChevronDown
                  className={`${openScopes[scope] ? "rotate-180" : ""} transition`}
                />
              </span>
            </div>
            <ul
              className={`px-5 py-1 pb-4 transition-height ${openScopes[scope] ? "h-auto" : "h-0 py-0!"} overflow-hidden flex items-center flex-wrap gap-2`}
            >
              {roles.length === 0 ? (
                <li className="text-gray-500 italic">No roles found</li>
              ) : (
                roles.map((role) => (
                  <li
                    key={role.id}
                    className="flex items-center justify-between"
                    onClick={() => toggleUserRole(role)}
                  >
                    <span
                      className={`px-2 py-1 flex items-center gap-1 cursor-pointer select-none rounded text-xs ${
                        userRoles.some((ur) => ur.id === role.id)
                          ? "bg-green-200 text-green-800 dark:bg-green-700/20 dark:text-green-300"
                          : "bg-red-200 text-red-800 dark:bg-red-700/20 dark:text-red-300"
                      } ${togglingRole === role.id ? "opacity-50" : ""}`}
                    >
                      {togglingRole === role.id && (
                        <LoaderCircle className="animate-spin" size={12} />
                      )}
                      {role.name.toUpperCase()}
                    </span>
                  </li>
                ))
              )}
            </ul>
          </div>
        ))}
      </div>
    </div>
  );
 };
 export default FoldableRolesTable;
--- a/web/src/feature/RoleMatrix/index.tsx
+++ b/web/src/feature/RoleMatrix/index.tsx
@ -0,0 +1,67 @@
 import React from "react";
 type RoleMatrixProps = {
  scopes: string[];
  roles: string[];
  userRoles: Record<string, string[]>; // e.g. { "Project Alpha": ["admin", "viewer"] }
  onToggle?: (scope: string, role: string, isAssigned: boolean) => void;
 };
 const RoleMatrix: React.FC<RoleMatrixProps> = ({
  scopes,
  roles,
  userRoles,
  onToggle,
 }) => {
  const isChecked = (scope: string, role: string) =>
    userRoles[scope]?.includes(role) ?? false;
  return (
    <div className="overflow-x-auto">
      <table className="min-w-full table-auto border border-gray-300">
        <thead className="bg-gray-100">
          <tr>
            <th className="border border-gray-300 px-4 py-2 text-left">
              Scope / Role
            </th>
            {roles.map((role) => (
              <th
                key={role}
                className="border border-gray-300 px-4 py-2 text-center capitalize"
              >
                {role}
              </th>
            ))}
          </tr>
        </thead>
        <tbody>
          {scopes.map((scope) => (
            <tr key={scope} className="hover:bg-gray-50">
              <td className="border border-gray-300 px-4 py-2 font-medium">
                {scope}
              </td>
              {roles.map((role) => {
                const checked = isChecked(scope, role);
                return (
                  <td
                    key={`${scope}-${role}`}
                    className="border border-gray-300 px-4 py-2 text-center"
                  >
                    <input
                      type="checkbox"
                      className="form-checkbox h-4 w-4 text-indigo-600 transition duration-150"
                      checked={checked}
                      onChange={() => onToggle?.(scope, role, !checked)}
                    />
                  </td>
                );
              })}
            </tr>
          ))}
        </tbody>
      </table>
    </div>
  );
 };
 export default RoleMatrix;
--- a/web/src/hooks/barItems.tsx
+++ b/web/src/hooks/barItems.tsx
@ -1,5 +1,14 @@
 import { useAuth } from "@/store/auth";
-import { Blocks, EarthLock, Home, User, UserLock, Users } from "lucide-react";
+import {
  Blocks,
  ContactRound,
  EarthLock,
  Home,
  KeyRound,
  User,
  UserLock,
  Users,
 } from "lucide-react";
 import { useCallback, type ReactNode } from "react";
 import { useLocation } from "react-router";
@ -93,6 +102,18 @@ export const useBarItems = (): [Item[], (item: Item) => boolean] => {
              tab: "admin.service-sessions",
              pathname: "/admin/service-sessions",
            },
            {
              icon: <KeyRound />,
              title: "App Permissions",
              tab: "admin.app-permissions",
              pathname: "/admin/app-permissions",
            },
            {
              icon: <ContactRound />,
              title: "Roles & Groups",
              tab: "admin.roles-groups",
              pathname: "/admin/roles-groups",
            },
          ]
        : []),
    ],
--- a/web/src/index.css
+++ b/web/src/index.css
@ -9,6 +9,11 @@
    -ms-overflow-style: none;
    scrollbar-width: none;
  }
  .transition-height {
    transition-property: height;
    transition-duration: 300ms;
    transition-timing-function: ease;
  }
 }
 html,
--- a/web/src/pages/Admin/AppPermissions/index.tsx
+++ b/web/src/pages/Admin/AppPermissions/index.tsx
@ -0,0 +1,130 @@
 import { useEffect, type FC } from "react";
 import Breadcrumbs from "@/components/ui/breadcrumbs";
 import { usePermissions } from "@/store/admin/permissions";
 interface DisplayPermission {
  name: string;
  description: string;
 }
 interface IPermissionGroupProps {
  scope: string;
  permissions?: DisplayPermission[] | null | undefined;
  generatedPermissions?: DisplayPermission[] | null | undefined;
 }
 const PermissionGroup: FC<IPermissionGroupProps> = ({
  scope,
  permissions,
  generatedPermissions,
 }) => {
  return (
    <div className="border dark:border-gray-800 border-gray-300 p-4 rounded mb-4">
      <h2 className="dark:text-gray-300 text-gray-800 text-lg font-semibold">
        {scope}
      </h2>
      {(generatedPermissions?.length ?? 0) > 0 && (
        <>
          <p className="text-gray-500 text-sm mt-2 mb-4">Generated by Guard</p>
          <ol
            className={`grid gap-4 gap-y-3 grid-cols-1 md:grid-cols-2 lg:grid-cols-3 xl:grid-cols-4 text-gray-800 dark:text-gray-300 font-medium mb-${permissions && permissions.length > 0 ? "6" : "2"}`}
          >
            {generatedPermissions!.map(({ name, description }) => (
              <li className="before:w-2 before:h-2 before:block before:translate-y-2 before:bg-gray-400 dark:before:bg-gray-700 before:rounded-xs flex flex-row items-start gap-2">
                <div className="flex flex-col gap-1">
                  <label>{name}</label>
                  <p className="text-xs text-gray-400 dark:text-gray-500">
                    {description}
                  </p>
                </div>
              </li>
            ))}
          </ol>
        </>
      )}
      {(permissions?.length ?? 0) > 0 && (
        <>
          <p className="text-gray-500 text-sm mt-2 mb-4">Manually Created</p>
          <ol className="grid gap-4 gap-y-3 grid-cols-1 md:grid-cols-2 lg:grid-cols-3 xl:grid-cols-4 text-gray-800 dark:text-gray-300 font-medium">
            {permissions!.map(({ name, description }) => (
              <li className="before:w-2 before:h-2 before:block before:translate-y-2 before:bg-gray-400 dark:before:bg-gray-700 before:rounded-xs flex flex-row items-start gap-2">
                <div className="flex flex-col gap-1">
                  <label>{name}</label>
                  <p className="text-xs text-gray-400 dark:text-gray-500">
                    {description}
                  </p>
                </div>
              </li>
            ))}
          </ol>
        </>
      )}
    </div>
  );
 };
 const AdminAppPermissionsPage: FC = () => {
  const permissions = usePermissions((s) => s.permissions);
  const fetch = usePermissions((s) => s.fetch);
  useEffect(() => {
    fetch();
  }, [fetch]);
  return (
    <div className="relative flex flex-col items-stretch w-full">
      <div className="p-4">
        <Breadcrumbs
          className="pb-2"
          items={[
            {
              href: "/admin",
              label: "Admin",
            },
            {
              label: "App Permissions",
            },
          ]}
        />
      </div>
      <div className="px-7">
        {Object.keys(permissions).map((scope) => (
          <PermissionGroup
            scope={scope.toUpperCase()}
            generatedPermissions={permissions[scope].map((p) => ({
              name: p.name
                .split("_")
                .map((s) => s[0].toUpperCase() + s.slice(1))
                .join(" "),
              description: p.description,
            }))}
          />
        ))}
        {/* <PermissionGroup
          scope="Open Chat"
          generatedPermissions={["Access Open Chat"].map((name) => ({
            name,
            description: `You can ${name.toLowerCase()}`,
          }))}
          permissions={[
            "Receive Messages",
            "Send Messages",
            "View Status",
            "Post Status",
            "Use Ghost Mode",
            "Send Large Media",
          ].map((name) => ({
            name,
            description: `You can ${name.toLowerCase()}`,
          }))}
        /> */}
      </div>
    </div>
  );
 };
 export default AdminAppPermissionsPage;
--- a/web/src/pages/Admin/RolesGroups/index.tsx
+++ b/web/src/pages/Admin/RolesGroups/index.tsx
@ -0,0 +1,91 @@
 import { useEffect, type FC } from "react";
 import Breadcrumbs from "@/components/ui/breadcrumbs";
 import { useRoles } from "@/store/admin/rolesGroups";
 import type { AppPermission } from "@/types";
 interface DisplayRole {
  name: string;
  description: string;
  permissions: AppPermission[];
 }
 interface IPermissionGroupProps {
  scope: string;
  roles?: DisplayRole[] | null | undefined;
 }
 const RolesGroup: FC<IPermissionGroupProps> = ({ scope, roles }) => {
  return (
    <div className="border dark:border-gray-800 border-gray-300 p-4 rounded mb-4">
      <h2 className="dark:text-gray-300 text-gray-800 text-lg font-semibold mb-4">
        {scope.toUpperCase()} <span className="opacity-45">(scope)</span>
      </h2>
      {roles?.map((role, index) => (
        <div>
          <h2 className="dark:text-gray-300 text-gray-800 text-md font-semibold">
            {role.name.toUpperCase()} <span className="opacity-45">(role)</span>
          </h2>
          <p className="text-sm text-gray-400 dark:text-gray-500">
            {role.description}
          </p>
          <ol className="grid gap-4 gap-y-3 grid-cols-1 my-4 md:grid-cols-2 lg:grid-cols-3 xl:grid-cols-4 text-gray-800 dark:text-gray-300 font-medium">
            {role.permissions.map(({ name, description }) => (
              <li className="before:w-2 before:h-2 before:block before:translate-y-2 before:bg-gray-400 dark:before:bg-gray-700 before:rounded-xs flex flex-row items-start gap-2">
                <div className="flex flex-col gap-1">
                  <label>{name}</label>
                  <p className="text-xs text-gray-400 dark:text-gray-500">
                    {description}
                  </p>
                </div>
              </li>
            ))}
          </ol>
          {index + 1 < roles.length && (
            <div className="h-[1px] bg-gray-700 w-full rounded my-6"></div>
          )}
        </div>
      ))}
    </div>
  );
 };
 const AdminRolesGroupsPage: FC = () => {
  const roles = useRoles((s) => s.roles);
  const fetch = useRoles((s) => s.fetch);
  useEffect(() => {
    fetch();
  }, [fetch]);
  console.log("roles:", roles);
  return (
    <div className="relative flex flex-col items-stretch w-full">
      <div className="p-4">
        <Breadcrumbs
          className="pb-2"
          items={[
            {
              href: "/admin",
              label: "Admin",
            },
            {
              label: "Roles & Groups",
            },
          ]}
        />
      </div>
      <div className="px-7">
        {Object.keys(roles).map((scope) => (
          <RolesGroup scope={scope} roles={roles[scope]} />
        ))}
      </div>
    </div>
  );
 };
 export default AdminRolesGroupsPage;
--- a/web/src/pages/Admin/ServiceSessions/index.tsx
+++ b/web/src/pages/Admin/ServiceSessions/index.tsx
@ -113,7 +113,7 @@ const AdminServiceSessionsPage: FC = () => {
                    {/* <SessionSource deviceInfo={session.} /> */}
                    {typeof session.api_service?.icon_url === "string" && (
                      <Avatar
-                        avatarId={session.api_service.icon_url}
+                        avatarId={session.api_service.icon_url ?? null}
                        className="w-7 h-7 min-w-7"
                      />
                    )}
@ -129,7 +129,7 @@ const AdminServiceSessionsPage: FC = () => {
                      <div className="flex flex-row items-center gap-2 justify-start">
                        {typeof session.user?.profile_picture === "string" && (
                          <Avatar
-                            avatarId={session.user.profile_picture}
+                            avatarId={session.user.profile_picture ?? null}
                            className="w-7 h-7 min-w-7"
                          />
                        )}
--- a/web/src/pages/Admin/UserSessions/index.tsx
+++ b/web/src/pages/Admin/UserSessions/index.tsx
@ -127,7 +127,7 @@ const AdminUserSessionsPage: FC = () => {
                    <div className="flex flex-row items-center gap-2 justify-start">
                      {typeof session.user?.profile_picture === "string" && (
                        <Avatar
-                          avatarId={session.user.profile_picture}
+                          avatarId={session.user.profile_picture ?? null}
                          className="w-7 h-7 min-w-7"
                        />
                      )}
--- a/web/src/pages/Admin/Users/View/index.tsx
+++ b/web/src/pages/Admin/Users/View/index.tsx
@ -1,38 +1,65 @@
 import Breadcrumbs from "@/components/ui/breadcrumbs";
 import { Button } from "@/components/ui/button";
 import Avatar from "@/feature/Avatar";
 import FoldableRolesTable from "@/feature/FoldableRolesTable";
 import RoleMatrix from "@/feature/RoleMatrix";
 import { useRoles } from "@/store/admin/rolesGroups";
 import { useUsers } from "@/store/admin/users";
-import { useEffect, type FC } from "react";
+import type { UserProfile } from "@/types";
 import { Check, Mail, Phone } from "lucide-react";
 import moment from "moment";
 import { useEffect, type FC, type HTMLAttributes } from "react";
 import { Link, useParams } from "react-router";
-const InfoCard = ({
+interface InfoCardProps extends HTMLAttributes<HTMLDivElement> {
  title,
  children,
 }: {
  title: string;
  children: React.ReactNode;
-}) => (
+  hasSpacing?: boolean | undefined;
-  <div className="border dark:border-gray-800 border-gray-300 rounded mb-4">
+}
-    <div className="p-4 border-b dark:border-gray-800 border-gray-300">
+
-      <h2 className="text-gray-800 dark:text-gray-200 font-semibold text-lg">
+const InfoCard = ({
-        {title}
+  children,
-      </h2>
+  hasSpacing = true,
  title,
  ...props
 }: InfoCardProps) => (
  <div className="mb-6">
    <h2 className="mb-4 text-xl">{title}</h2>
    <div
      {...props}
      className={`border dark:border-gray-800 border-gray-300 rounded mb-4 ${props.className}`}
    >
      {/* <div className="p-4 border-b dark:border-gray-800 border-gray-300">
          <h2 className="text-gray-800 dark:text-gray-200 font-semibold text-lg">
            {title}
          </h2>
        </div> */}
      <div className={hasSpacing ? "p-4" : ""}>{children}</div>
    </div>
    <div className="p-4">{children}</div>
  </div>
 );
 const AdminViewUserPage: FC = () => {
  const { userId } = useParams();
  const user = useUsers((state) => state.current);
  const userRoles = useUsers((s) => s.userRoles);
  // const loading = useApiServices((state) => state.fetchingApiService);
  const loadUser = useUsers((state) => state.fetchUser);
  const loadUserRoles = useUsers((state) => state.fetchUserRoles);
  useEffect(() => {
    if (typeof userId === "string") loadUser(userId);
  }, [loadUser, userId]);
  useEffect(() => {
    if (user) loadUserRoles();
  }, [loadUserRoles, user]);
  console.log({ userRoles });
  if (!user) {
    return (
      <div className="p-4 flex items-center justify-center h-[60vh]">
@ -55,70 +82,138 @@ const AdminViewUserPage: FC = () => {
      />
      <div className="sm:p-4 pt-4">
-        {/* 📋 Main Details */}
+        <InfoCard title="Profile" hasSpacing={false}>
        <InfoCard title="Personal Info">
          <div className="flex flex-col gap-4 text-sm">
-            <div className="flex flex-col gap-4">
+            <div className="bg-black/15 shadow/20">
-              <span className="font-medium text-gray-900 dark:text-white">
+              {/* Header */}
-                Avatar:
+              <div className="flex flex-row gap-4 items-center p-4">
-              </span>
+                <Avatar
-              <Avatar
+                  avatarId={user.profile_picture ?? null}
-                avatarId={user.profile_picture ?? undefined}
+                  className="w-28 h-28"
-                className="w-16 h-16"
+                  iconSize={48}
-                iconSize={28}
+                />
-              />
+                <div className="flex flex-col gap-1">
                  <h2 className="text-lg font-medium">{user.full_name}</h2>
                  <div className="flex flex-row items-center gap-2">
                    <h3 className="text-base opacity-50 flex flex-row items-center gap-2">
                      <span>
                        <Mail size={18} />
                      </span>
                      {user.email}
                    </h3>
                    <div className="w-1 h-1 rounded-full bg-gray-600" />
                    <h3 className="text-base opacity-50 flex flex-row items-center gap-2">
                      <span>
                        <Phone size={18} />
                      </span>
                      {user.phone_number || "No Phone Number"}
                    </h3>
                  </div>
                </div>
              </div>
              {/* TODO: */}
              {/* Top Bars */}
              {/* <div className="w-full border-b border-b-gray-600 p-4">
                somethign
              </div> */}
            </div>
-            <div>
+            <div className="grid grid-cols-2 gap-2 gap-y-4 p-4">
-              <span className="font-medium text-gray-900 dark:text-white">
+              <div className="flex flex-col gap-2 items-start">
-                Full Name:
+                <span className="font-medium text-gray-400 dark:text-gray-500">
-              </span>{" "}
+                  Verification
-              {user.full_name}
+                </span>{" "}
-            </div>
+                <div className="flex items-center gap-2">
-            <div>
+                  {[
-              <span className="font-medium text-gray-900 dark:text-white">
+                    ["avatar_verified", "Avatar"],
-                Email:
+                    ["email_verified", "Email"],
-              </span>{" "}
+                  ].map(([key, label]) => (
-              {user.email}
+                    <span
-            </div>
+                      key={key}
-            <div>
+                      className={`px-2 py-1 rounded ${
-              <span className="font-medium text-gray-900 dark:text-white">
+                        user[key as keyof UserProfile] === true
-                Phone Number:
+                          ? "bg-green-200 text-green-800 dark:bg-green-700/20 dark:text-green-300"
-              </span>{" "}
+                          : "bg-red-200 text-red-800 dark:bg-red-700/20 dark:text-red-300"
-              {user.phone_number || "-"}{" "}
+                      }`}
-            </div>
+                    >
-            <div>
+                      {label}
-              <span className="font-medium text-gray-900 dark:text-white">
+                    </span>
-                Is Admin:
+                  ))}
-              </span>{" "}
+                </div>
-              <span
+              </div>
-                className={`font-semibold px-2 py-1 rounded ${
+              <div className="flex flex-col gap-2 items-start">
-                  user.is_admin
+                <span className="font-medium text-gray-400 dark:text-gray-500">
-                    ? "bg-green-200 text-green-800 dark:bg-green-700/20 dark:text-green-300"
+                  Roles
-                    : "bg-red-200 text-red-800 dark:bg-red-700/20 dark:text-red-300"
+                </span>{" "}
-                }`}
+                <span className={`font-semibold py-1 rounded`}>
-              >
+                  {userRoles.length === 0 && <p>No Roles</p>}
-                {user.is_admin ? "Yes" : "No"}
+                  {userRoles.map((role) => (
-              </span>
+                    <span
-            </div>
+                      key={role.id}
-            <div>
+                      className="px-2 py-1 rounded bg-blue-200 text-blue-800 dark:bg-blue-700/20 dark:text-blue-300"
-              <span className="font-medium text-gray-900 dark:text-white">
+                    >
-                Created At:
+                      {role.name}
-              </span>{" "}
+                    </span>
-              {new Date(user.created_at).toLocaleString()}
+                  ))}
-            </div>
+                </span>
-            <div>
+              </div>
-              <span className="font-medium text-gray-900 dark:text-white">
+              <div className="flex flex-col gap-2 items-start">
-                Last Login At:
+                <span className="font-medium text-gray-400 dark:text-gray-500">
-              </span>{" "}
+                  Created At
-              {user.last_login
+                </span>{" "}
-                ? new Date(user.last_login).toLocaleString()
+                <span className={`font-semibold py-1 rounded`}>
-                : "never"}
+                  {moment(user.created_at).format("LLLL")}
                </span>
              </div>
              <div className="flex flex-col gap-2 items-start">
                <span className="font-medium text-gray-400 dark:text-gray-500">
                  Last Login
                </span>{" "}
                <span className={`font-semibold py-1 rounded`}>
                  {user.last_login
                    ? moment(user.last_login).format("LLLL")
                    : "never"}
                </span>
              </div>
            </div>
          </div>
        </InfoCard>
        <InfoCard title="Roles Management" hasSpacing={false}>
          <FoldableRolesTable userRoles={userRoles} />
        </InfoCard>
        {/* <InfoCard title="Roles" hasSpacing={false}>
          {Object.entries(roles).map(([scope, roles]) => (
            <div className="w-full">
              <h4 className="bg-black/40 p-3 text-xs opacity-50">
                {scope.toUpperCase()}
              </h4>
              <ul className="bg-black/20">
                {roles.map((r, index) => (
                  <div key={r.id}>
                    <li
                      key={r.id}
                      className="p-2 px-4 flex flex-row items-center gap-2"
                    >
                      <span
                        className={`opacity-${userRoles.some((ur) => ur.id === r.id) ? "100" : "0"}`}
                      >
                        <Check size={16} />
                      </span>
                      {r.name.toUpperCase()}
                    </li>
                    {index + 1 < roles.length && (
                      <div className="h-[1px] bg-gray-800 w-[95%] mx-auto"></div>
                    )}
                  </div>
                ))}
              </ul>
            </div>
          ))}
        </InfoCard> */}
        {/* 🚀 Actions */}
-        <div className="flex flex-wrap gap-4 mt-6 justify-between items-center">
+        <div className="flex flex-wrap gap-4 mt-6 justify-between items-center col-span-3">
          <Link to="/admin/users">
            <Button variant="outlined">Back</Button>
          </Link>
--- a/web/src/pages/Admin/Users/index.tsx
+++ b/web/src/pages/Admin/Users/index.tsx
@ -94,7 +94,7 @@ const AdminUsersPage: FC = () => {
                        <Avatar
                          iconSize={21}
                          className="w-8 h-8"
-                          avatarId={user.profile_picture ?? undefined}
+                          avatarId={user.profile_picture ?? null}
                        />
                        <p>{user.full_name}</p>
                      </div>
--- a/web/src/pages/Authorize/index.tsx
+++ b/web/src/pages/Authorize/index.tsx
@ -76,21 +76,21 @@ const AuthorizePage: FC = () => {
                <div className="text-gray-400 dark:text-gray-600">
                  <ArrowLeftRight />
                </div>
-                <div className="w-12 h-12 rounded-full flex items-center justify-center overflow-hidden bg-gray-900 ring ring-gray-400 dark:ring dark:ring-gray-500">
+                {/* <div className="w-12 h-12 rounded-full flex items-center justify-center overflow-hidden bg-gray-900 ring ring-gray-400 dark:ring dark:ring-gray-500"> */}
-                  {/* <img
+                {/* <img
                    src="https://lucide.dev/logo.dark.svg"
                    className="w-8 h-8"
                  /> */}
-                  {apiService?.icon_url ? (
+                {apiService?.icon_url ? (
-                    <img
+                  <img
-                      src={apiService.icon_url}
+                    src={apiService.icon_url}
-                      className="w-full h-full"
+                    className="w-12 h-12"
-                      alt="service_icon"
+                    alt="service_icon"
-                    />
+                  />
-                  ) : (
+                ) : (
-                    <LayoutDashboard size={32} color="#fefefe" />
+                  <LayoutDashboard size={32} color="#fefefe" />
-                  )}
+                )}
-                </div>
+                {/* </div> */}
              </div>
              <div className="px-4 sm:mt-4 mt-8">
--- a/web/src/pages/Verify/Review/index.tsx
+++ b/web/src/pages/Verify/Review/index.tsx
@ -21,7 +21,7 @@ const VerifyReviewPage: FC = () => {
      </p>
      <Avatar
-        avatarId={profile?.profile_picture ?? undefined}
+        avatarId={profile?.profile_picture ?? null}
        iconSize={64}
        className="w-48 h-48 min-w-48 mx-auto mt-4"
      />
--- a/web/src/store/admin/permissions.ts
+++ b/web/src/store/admin/permissions.ts
@ -0,0 +1,32 @@
 import { getPermissionsApi } from "@/api/admin/permissions";
 import type { AppPermission } from "@/types";
 import { create } from "zustand";
 export interface IAdminPermissionsState {
  permissions: Record<string, AppPermission[]>;
  fetching: boolean;
  fetch: () => Promise<void>;
 }
 export const usePermissions = create<IAdminPermissionsState>((set) => ({
  permissions: {},
  fetching: false,
  fetch: async () => {
    set({ fetching: true });
    try {
      const response = await getPermissionsApi();
      set({
        permissions: Object.fromEntries(
          response.map(({ scope, permissions }) => [scope, permissions]),
        ),
      });
    } catch (err) {
      console.log("ERR: Failed to fetch admin permissions:", err);
    } finally {
      set({ fetching: false });
    }
  },
 }));
--- a/web/src/store/admin/rolesGroups.ts
+++ b/web/src/store/admin/rolesGroups.ts
@ -0,0 +1,57 @@
 import {
  assignUserRoleApi,
  getRolesApi,
  type AssignUserRoleRequest,
 } from "@/api/admin/roles";
 import type { AppPermission, AppRole } from "@/types";
 import { create } from "zustand";
 export type RolesMap = Record<
  string,
  (AppRole & { permissions: AppPermission[] })[]
 >;
 export interface IRolesGroups {
  roles: RolesMap;
  fetching: boolean;
  toggling: string | null;
  fetch: () => Promise<void>;
  assign: (userId: string, role: AppRole) => Promise<void>;
 }
 export const useRoles = create<IRolesGroups>((set) => ({
  roles: {},
  fetching: false,
  toggling: null,
  fetch: async () => {
    set({ fetching: true });
    try {
      const response = await getRolesApi();
      set({
        roles: Object.fromEntries(response.map((r) => [r.scope, r.roles])),
      });
    } catch (err) {
      console.log("ERR: Failed to fetch admin roles:", err);
    } finally {
      set({ fetching: false });
    }
  },
  assign: async (userId, role) => {
    set({ toggling: role.id });
    try {
      await assignUserRoleApi(userId, {
        role_key: `${role.scope}_${role.name}`,
      });
    } catch (err) {
      console.log("ERR: Failed to assign user role:", err);
    } finally {
      set({ toggling: null });
    }
  },
 }));
--- a/web/src/store/admin/users.ts
+++ b/web/src/store/admin/users.ts
@ -1,10 +1,12 @@
 import { getUserPermissionsApi } from "@/api/admin/permissions";
 import { assignUserRoleApi, getUserRolesApi } from "@/api/admin/roles";
 import {
  adminGetUserApi,
  adminGetUsersApi,
  postUser,
  type CreateUserRequest,
 } from "@/api/admin/users";
-import type { UserProfile } from "@/types";
+import type { AppPermission, AppRole, UserProfile } from "@/types";
 import { create } from "zustand";
 export interface IUsersState {
@ -14,14 +16,26 @@ export interface IUsersState {
  current: UserProfile | null;
  fetchingCurrent: boolean;
  userPermissions: AppPermission[];
  fetchingPermissions: boolean;
  userRoles: AppRole[];
  fetchingRoles: boolean;
  creating: boolean;
  createUser: (req: CreateUserRequest) => Promise<boolean>;
  assigningRole: boolean;
  fetchUsers: () => Promise<void>;
  fetchUser: (id: string) => Promise<void>;
  fetchUserPermissions: () => Promise<void>;
  fetchUserRoles: () => Promise<void>;
  assignUserRole: (roleKey: string) => Promise<void>;
 }
-export const useUsers = create<IUsersState>((set) => ({
+export const useUsers = create<IUsersState>((set, get) => ({
  users: [],
  fetching: false,
@ -30,6 +44,14 @@ export const useUsers = create<IUsersState>((set) => ({
  current: null,
  fetchingCurrent: false,
  userRoles: [],
  fetchingRoles: false,
  userPermissions: [],
  fetchingPermissions: false,
  assigningRole: false,
  createUser: async (req: CreateUserRequest) => {
    set({ creating: true });
@ -70,4 +92,60 @@ export const useUsers = create<IUsersState>((set) => ({
      set({ fetchingCurrent: false });
    }
  },
  fetchUserPermissions: async () => {
    const user = get().current;
    if (!user) {
      console.warn("Trying to fetch user permissions without selected user");
      return;
    }
    set({ fetchingPermissions: true });
    try {
      const response = await getUserPermissionsApi(user.id);
      set({ userPermissions: response });
    } catch (err) {
      console.log("ERR: Failed to fetch single user for admin:", err);
    } finally {
      set({ fetchingPermissions: false });
    }
  },
  fetchUserRoles: async () => {
    const user = get().current;
    if (!user) {
      console.warn("Trying to fetch user permissions without selected user");
      return;
    }
    set({ fetchingRoles: true });
    try {
      const response = await getUserRolesApi(user.id);
      set({ userRoles: response ?? [] });
    } catch (err) {
      console.log("ERR: Failed to fetch single user for admin:", err);
    } finally {
      set({ fetchingRoles: false });
    }
  },
  assignUserRole: async (roleKey: string) => {
    const user = get().current;
    if (!user) {
      console.warn("Trying to fetch user permissions without selected user");
      return;
    }
    set({ assigningRole: true });
    try {
      await assignUserRoleApi(user.id, { roleKey });
    } catch (err) {
      console.log("ERR: Failed to assign user role:", err);
    } finally {
      set({ assigningRole: false });
    }
  },
 }));
--- a/web/src/types/index.ts
+++ b/web/src/types/index.ts
@ -78,3 +78,17 @@ export interface DeviceInfo {
  browser: string;
  browser_version: string;
 }
 export interface AppPermission {
  id: string;
  name: string;
  scope: string;
  description: string;
 }
 export interface AppRole {
  id: string;
  name: string;
  scope: string;
  description: string;
 }
Author	SHA1	Message	Date
LandaMm	d35e5813b5	feat: beta version of role management for single user	2025-07-20 17:59:54 +02:00
LandaMm	533e6ea6af	fix: no avatar handling	2025-06-30 00:08:25 +02:00
LandaMm	0c24ed9382	feat: check role assignment	2025-06-30 00:08:14 +02:00
LandaMm	f5c61bb6a0	feat: show roles	2025-06-29 23:20:59 +02:00
LandaMm	eb05f830fe	feat: roles & group state	2025-06-29 23:20:50 +02:00
LandaMm	d86a9de388	feat: assign system roles	2025-06-29 23:19:05 +02:00
LandaMm	d80caac81b	feat: roles API + type def	2025-06-25 11:56:06 +02:00
LandaMm	5d49a661ed	feat: add roles & groups page	2025-06-25 11:55:52 +02:00
LandaMm	635a2d6058	feat: roles & groups page	2025-06-25 11:55:41 +02:00
LandaMm	1eb96e906d	feat: create system roles	2025-06-25 11:55:27 +02:00
LandaMm	58974d9789	feat: add scope to the role	2025-06-25 11:55:04 +02:00
LandaMm	329fac415f	feat: get all roles endpoint	2025-06-25 11:54:45 +02:00
LandaMm	a83ec61fae	fix: avoid null value	2025-06-25 11:54:19 +02:00
LandaMm	d5e86acacf	fix: import of user permissions API	2025-06-24 19:05:21 +02:00
LandaMm	221ef192bc	feat: permissions store	2025-06-24 19:05:07 +02:00
LandaMm	18664dbd8b	feat: remove image borders for service	2025-06-24 19:04:59 +02:00
LandaMm	d097735965	fix: remove unnecessary test fethcing	2025-06-24 19:04:48 +02:00
LandaMm	992776b8a6	feat: new nav item for app permissions	2025-06-24 19:04:26 +02:00
LandaMm	3f260b9029	feat: add API for fetching ALL permissions	2025-06-24 19:04:15 +02:00
LandaMm	65f40d0897	feat: app permissions admin page	2025-06-24 19:04:01 +02:00
LandaMm	6d482c784f	feat: admin fetch all permissions	2025-06-24 19:03:45 +02:00
LandaMm	dc07868d15	feat: call permissions ensure	2025-06-24 19:01:26 +02:00
LandaMm	09a2f05ee5	feat: fetch permissions + grouped fetching	2025-06-24 19:01:16 +02:00
LandaMm	5cec1cf561	feat: ensure system permissions	2025-06-24 19:00:36 +02:00
LandaMm	3281764eff	feat: display user's raw permissions	2025-06-24 14:37:25 +02:00
LandaMm	868337134d	feat: get permissions call	2025-06-24 12:59:10 +02:00
LandaMm	9372673bf1	test: get user permissions endpoint	2025-06-24 12:58:29 +02:00
LandaMm	0eea81b42f	feat: update repo with group, roles and permissions	2025-06-24 12:58:14 +02:00
LandaMm	7468303e41	feat: make name + scope combi unique	2025-06-24 12:18:54 +02:00
LandaMm	8745e7d8bc	feat: group role permission	2025-06-17 12:21:02 +02:00