feat: RBAC multi-user role-based access control
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 1m14s

- Add rbac.py with User model, LDAP group-to-role mapping, page/write dependencies
- Proxy auth reads Remote-Groups header to resolve role from LDAP groups
- JWT tokens carry role claim, /me returns role + allowed pages
- Per-router page access control and viewer write protection
- Terminal WebSocket RBAC check
- Frontend filters sidebar links and routes by allowed pages
- Admin-only Settings page and RBAC override endpoints
- Mount rbac.json in docker-compose for page config persistence
This commit is contained in:
Gan, Jimmy
2026-03-01 14:13:43 +08:00
parent 15ad628425
commit 9992105b49
10 changed files with 342 additions and 65 deletions
+1
View File
@@ -49,6 +49,7 @@ services:
- /volume1/docker/nas-dashboard/ssh/vps_terminal:/app/ssh/vps_id_ed25519:ro
- /volume1/docker/nas-dashboard/ssh/known_hosts:/app/ssh/known_hosts:ro
- /volume1/docker/chat-summarizer/data:/app/data/chat-summarizer:ro
- /volume1/docker/nas-dashboard/rbac.json:/volume1/docker/nas-dashboard/rbac.json
healthcheck:
test: ["CMD", "python", "-c", "import urllib.request; urllib.request.urlopen('http://localhost:4000/api/health')"]
interval: 30s