feat: document user management system and RBAC implementation
- Update copilot-instructions.md with user model, API routes, and frontend patterns - Update README.md with RBAC details, user management API, and security sections - Add user management technical documentation to TECH-CHANGELOG.md - Bump version to 2025.1.0-alpha.13 with user management changelog entries
This commit is contained in:
RobbStarkAustria
@@ -5,6 +5,57 @@
|
||||
|
||||
This changelog documents technical and developer-relevant changes included in public releases. For development workspace changes, see DEV-CHANGELOG.md. Not all changes here are reflected in the user-facing changelog (`program-info.json`), and not all UI/feature changes are repeated here. Some changes (e.g., backend refactoring, API adjustments, infrastructure, developer tooling, or internal logic) may only appear in TECH-CHANGELOG.md. For UI/feature changes, see `dashboard/public/program-info.json`.
|
||||
|
||||
## 2025.1.0-beta.1 (TBD)
|
||||
- 🔐 **User Management & Role-Based Access Control**:
|
||||
- Backend: Implemented comprehensive user management API (`server/routes/users.py`) with 6 endpoints (GET, POST, PUT, DELETE users + password reset).
|
||||
- Data model: Extended `User` with 7 audit/security fields via Alembic migration (`4f0b8a3e5c20_add_user_audit_fields.py`):
|
||||
- `last_login_at`, `last_password_change_at`: TIMESTAMP (UTC) for auth event tracking
|
||||
- `failed_login_attempts`, `last_failed_login_at`: Security monitoring for brute-force detection
|
||||
- `locked_until`: TIMESTAMP placeholder for account lockout (infrastructure in place, not yet enforced)
|
||||
- `deactivated_at`, `deactivated_by`: Soft-delete audit trail (FK self-reference)
|
||||
- Role hierarchy: 4-tier privilege escalation (user → editor → admin → superadmin) enforced at API and UI levels:
|
||||
- Admin cannot see, create, or manage superadmin accounts
|
||||
- Admin can manage user/editor/admin roles only
|
||||
- Superadmin can manage all roles including other superadmins
|
||||
- Auth routes enhanced (`server/routes/auth.py`):
|
||||
- Login: Sets `last_login_at`, resets `failed_login_attempts` on success; increments `failed_login_attempts` and `last_failed_login_at` on failure
|
||||
- Password change: Sets `last_password_change_at` on both self-service and admin reset
|
||||
- New endpoint: `PUT /api/auth/change-password` for self-service password change (all authenticated users; requires current password verification)
|
||||
- User API security:
|
||||
- Admin cannot reset superadmin passwords
|
||||
- Self-account protections: cannot change own role/status, cannot delete self
|
||||
- Admin cannot use password reset endpoint for their own account (backend check enforces self-service requirement)
|
||||
- All user responses include audit fields in camelCase (lastLoginAt, lastPasswordChangeAt, failedLoginAttempts, deactivatedAt, deactivatedBy)
|
||||
- Soft-delete pattern: Deactivation by default (sets `deactivated_at` and `deactivated_by`); hard-delete superadmin-only
|
||||
- 🖥️ **Frontend User Management**:
|
||||
- New page: `dashboard/src/users.tsx` – Full CRUD interface (820 lines) with Syncfusion components
|
||||
- GridComponent: 20 per page (configurable), sortable columns (ID, username, role), custom action button template with role-based visibility
|
||||
- Statistics cards: Total users, active (non-deactivated), inactive (deactivated) counts
|
||||
- Dialogs: Create (username/password/role/status), Edit (with self-edit protections), Password Reset (admin only, no current password required), Delete (superadmin only, self-check), Details (read-only audit info with formatted timestamps)
|
||||
- Role badges: Color-coded display (user: gray, editor: blue, admin: green, superadmin: red)
|
||||
- Audit information display: last login, password change, last failed login, deactivation timestamps and deactivating user
|
||||
- Self-protection: Delete button hidden for current user (prevents accidental self-deletion)
|
||||
- Menu visibility: "Benutzer" sidebar item only visible to admin+ (role-gated in App.tsx)
|
||||
- 💬 **Header User Menu**:
|
||||
- Enhanced top-right dropdown with "Passwort ändern" (lock icon), "Profil", and "Abmelden"
|
||||
- Self-service password change dialog: Available to all authenticated users; requires current password verification, new password min 6 chars, must match confirm field
|
||||
- Implemented with Syncfusion DropDownButton (`@syncfusion/ej2-react-splitbuttons`)
|
||||
- 🔌 **API Client**:
|
||||
- New file: `dashboard/src/apiUsers.ts` – Type-safe TypeScript client (143 lines) for user operations
|
||||
- Functions: listUsers(), getUser(), createUser(), updateUser(), resetUserPassword(), deleteUser()
|
||||
- All functions include proper error handling and camelCase JSON mapping
|
||||
- 📖 **Documentation**:
|
||||
- Updated `.github/copilot-instructions.md`: Added comprehensive sections on user model audit fields, user management API routes, auth routes, header menu, and user management page implementation
|
||||
- Updated `README.md`: Added user management to Key Features, API endpoints (User Management + Authentication sections), Pages Overview, and Security & Authentication sections with RBAC details
|
||||
- Updated `TECH-CHANGELOG.md`: Documented all technical changes and integration notes
|
||||
|
||||
Notes for integrators:
|
||||
- User CRUD endpoints accept/return all audit fields in camelCase
|
||||
- Admin password reset (`PUT /api/users/<id>/password`) cannot be used for admin's own account; users must use self-service endpoint
|
||||
- Frontend enforces role-gated menu visibility; backend validates all role transitions to prevent privilege escalation
|
||||
- Soft-delete is default; hard-delete (superadmin-only) requires explicit confirmation
|
||||
- Audit fields populated automatically on login/logout/password-change/deactivation events
|
||||
|
||||
|
||||
|
||||
Backend rework (post-release notes; no version bump):
|
||||
|
||||
Reference in New Issue
Block a user