feat: rbac system

## Description

Create RBAC system with FastAPI and Cloudflare Workers - decide where to use D1 Database and KV storage (faster read from KV).

Users should have permissions based on RESOURCE:PERMISSION - the most important route is access-check, that would be requested from Marketing API to verify if user has permission to resource e.g. COMPANIES:CREATE or LISTS:READ

## Database Schema

Refer to file [migrations/0001_seed.sql]()

## API Schema

### GET /roles

**Response:**

```json
[
  {
    "id": 1,
    "name": "admin",
    "description": "System administrator",
    "permissions": ["user:create", "user:delete"]
  }
]
```

### POST /roles

**Request:**

```json
{
  "name": "editor",
  "description": "Can edit and publish content"
}
```

**Response:**

```json
{
  "id": 2,
  "name": "editor",
  "description": "Can edit and publish content"
}
```

### PUT /roles/{id}

**Request:**

```json
{
  "description": "Editor with limited access"
}
```

**Response:**

```json
{
  "id": 2,
  "name": "editor",
  "description": "Editor with limited access"
}
```

### DELETE /roles/{id}

**Response:**

```json
{ "message": "Role deleted successfully" }
```


### GET /permissions

**Response:**

```json
[
  {
    "id": 1,
    "name": "user:create",
    "description": "Create a new user"
  }
]
```

### POST /permissions

**Request:**

```json
{
  "name": "article:publish",
  "description": "Publish an article"
}
```

**Response:**

```json
{
  "id": 5,
  "name": "article:publish",
  "description": "Publish an article"
}
```

### PUT /permissions/{id}

**Request:**

```json
{ "description": "Publish articles to public feed" }
```

**Response:**

```json
{
  "id": 5,
  "name": "article:publish",
  "description": "Publish articles to public feed"
}
```

### DELETE /permissions/{id}

**Response:**

```json
{ "message": "Permission deleted successfully" }
```


### POST /roles/{role_id}/permissions

**Request:**

```json
{
  "permission_ids": [1, 2, 3]
}
```

**Response:**

```json
{
  "role_id": 1,
  "assigned_permissions": [1, 2, 3]
}
```

### GET /roles/{role_id}/permissions

**Response:**

```json
{
  "role_id": 1,
  "permissions": [
    { "id": 1, "name": "user:create" },
    { "id": 2, "name": "user:delete" }
  ]
}
```


### POST /users/{user_id}/roles

**Request:**

```json
{
  "role_ids": [1, 2]
}
```

**Response:**

```json
{
  "user_id": 10,
  "assigned_roles": [1, 2]
}
```

### GET /users/{user_id}/roles

**Response:**

```json
{
  "user_id": 10,
  "roles": [
    { "id": 1, "name": "admin" },
    { "id": 2, "name": "editor" }
  ]
}
```

### GET /users/{user_id}/permissions

**Response:**

```json
{
  "user_id": 10,
  "permissions": [
    "user:create",
    "user:delete",
    "article:publish"
  ]
}
```

### POST /access/check

**Request:**

```json
{
  "user_id": 10,
  "permission": "article:publish"
}
```

**Response:**

```json
{ "allowed": true }
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: rbac system #1

Description

Database Schema

API Schema

GET /roles

POST /roles

PUT /roles/{id}

DELETE /roles/{id}

GET /permissions

POST /permissions

PUT /permissions/{id}

DELETE /permissions/{id}

POST /roles/{role_id}/permissions

GET /roles/{role_id}/permissions

POST /users/{user_id}/roles

GET /users/{user_id}/roles

GET /users/{user_id}/permissions

POST /access/check

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

feat: rbac system #1

Description

Description

Database Schema

API Schema

GET /roles

POST /roles

PUT /roles/{id}

DELETE /roles/{id}

GET /permissions

POST /permissions

PUT /permissions/{id}

DELETE /permissions/{id}

POST /roles/{role_id}/permissions

GET /roles/{role_id}/permissions

POST /users/{user_id}/roles

GET /users/{user_id}/roles

GET /users/{user_id}/permissions

POST /access/check

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions