feat: RBAC multi-user role-based access control
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 1m14s

- Add rbac.py with User model, LDAP group-to-role mapping, page/write dependencies
- Proxy auth reads Remote-Groups header to resolve role from LDAP groups
- JWT tokens carry role claim, /me returns role + allowed pages
- Per-router page access control and viewer write protection
- Terminal WebSocket RBAC check
- Frontend filters sidebar links and routes by allowed pages
- Admin-only Settings page and RBAC override endpoints
- Mount rbac.json in docker-compose for page config persistence
This commit is contained in:
Gan, Jimmy
2026-03-01 14:13:43 +08:00
parent 15ad628425
commit 9992105b49
10 changed files with 342 additions and 65 deletions
+7
View File
@@ -1,6 +1,13 @@
const BASE = "/api";
let token = localStorage.getItem("token") || "";
// Current user info populated after auth
export let currentUser = { username: "", role: "", pages: [] };
export function setCurrentUser(u) {
currentUser = u;
}
export function setToken(t) {
token = t;
if (t) localStorage.setItem("token", t);