admin/40227-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
40227-vm/docs/backlog.md
Dmitri caa7cf0d0f roles and permissions implementation
2026-06-12 06:55:35 +02:00

5.2 KiB
Raw Blame History

Backlog — Open Gaps and Remaining Work

Persistent list of deferred work and known gaps so they are not forgotten. This is the single source for open/remaining work — the sequenced integration plan is retired now that its phases are done or folded here; its history remains in git.

Remaining work at a glance

  • Design-gated (need a customer design decision): the generic-CRUD management UIs (users/roles/permissions + the other groups), the roles/permissions admin UI, applying <PermissionGate> to specific create/edit/delete affordances, the MANAGE_* permissions that depend on it, and the director-creates-classrooms UI (needs a first-class classrooms entity, which the backend can build independently).
  • Unblocked, backend-only: the self-editable-vs-privileged profile-field split; the classrooms entity backend; the manager acknowledgment-status report (pending an audience decision); the binary file audio-upload path (needs the file-download ownership fix); AI sound generation (swap the generateSoundRecipe stub).
  • Dev-machine runs / verification: npm install (sync the OAuth dependency change), npm run db:reset (apply the Phase 4 migrations), npm test, npm run test:e2e:content (incl. the accessibility suite — zero WCAG 2/2.1 A/AA violations across 19 pages), npm run lint.
  • Last: delete ref-frontend/ once the generic-CRUD UIs (it is their reference) are built.

Endpoint wiring

The backend exposes the full generated CRUD surface; the frontend consumes a subset. The SIS prune is complete (owner-approved): students, guardians, fee_plans, invoices, payments, and documents were removed (students/guardians live as roles, not SIS entities; the finance cluster is unused; the handbook migrated to policy_documents). Kept for future wiring: academic_years, assessments, assessment_results, attendance_records, attendance_sessions, classes, class_enrollments, class_subjects, subjects, grades, timetables, timetable_periods (plus messages/message_recipients, already used by communications).

To wire during frontend implementation (generic CRUD)

Each exposes the identical 9-endpoint shape (POST /, /bulk-import, PUT /:id, DELETE /:id, deleteByIds, GET /, /count, /autocomplete, /:id). Build the management UI + typed shared/api module + business hooks for each:

academic_years, assessments, assessment_results, attendance_records, attendance_sessions, campuses (authenticated /api/campuses), classes, class_enrollments, class_subjects, grades, message_recipients, messages, organizations, permissions, roles, staff, subjects, timetable_periods, timetables, users.

Wiring roles / permissions / users unblocks the roles/permissions admin UI and lets <PermissionGate> gate real create/edit/delete affordances.

Decision-gated extras (keep only if the workflow lands)

  • auth extras (signup, profile, password-reset, verify-email, email-configured) — keep only if onboarding/recovery is in scope; otherwise prune.
  • file (GET /api/file/download, POST /api/file/upload/:table/:field) — both JWT-authenticated; keep if document/avatar/audio upload is on the roadmap, otherwise prune. Upload still needs per-file tenant/ownership before exposing an upload UI.
  • search (GET /api/search) — prune unless a search UI is planned.

Cross-cutting open gaps

Authorization / RBAC:

  • Dedicated MANAGE_* permissions for the manager-only writes (FRAME / walkthrough / communications / content-catalog editing, staff/attendance reports) — currently role-gated in their services; add when the admin UI needs them.
  • Blocked on customer design decision: apply <PermissionGate> to specific create/edit/delete affordances and build the roles/permissions admin UI + the generic-CRUD management pages. The backend endpoints are wired and enforced; the page/UX work is paused pending a design.
  • Optionally switch frontend module/route gating from role-based to permission-based (currently role-based, equivalent to the matrix).

Provisioning:

  • Director-creates-classrooms — needs a first-class classrooms entity (backend buildable independently); the classroom management UI is blocked on the same customer design decision.
  • Define the self-editable vs privileged profile-field split (backend contract; unblocked).

Files:

  • Upload-side per-file ownership + a typed frontend upload client — only after the file UI lands. (Download ownership is already enforced.)

Phase 4 product UIs:

  • Audio library — remaining: AI sound generation (swap the generateSoundRecipe stub for a real model call); the binary file upload UI — needs a typed upload client and the download-ownership fix (assertCanDownloadFile denies any privateUrl with no tracked file row, but the standalone /file/upload/:table/:field path doesn't create one; recipe/url rows are unaffected).
  • Manager acknowledgment-status report — backend addition pending the report-audience decision.

Phase 5 — operations & cleanup:

  • ref-frontend/ removal — last; after the generic-CRUD UIs are built (it is their reference).