Gan, Jimmy
1b07246d0d
fix: convert RBAC_FILE constant to getter function to fix CI test failures
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 6m45s
Run Tests / Backend Tests (push) Failing after 10m24s
Run Tests / Frontend Tests (push) Has started running
Run Tests / Test Summary (push) Has been cancelled
2026-04-05 01:20:27 +08:00
Gan, Jimmy
5cfb92cfc6
fix: revert to original _inject_user in main.py, ensure it runs before require_page
2026-04-02 00:34:25 +08:00
Gan, Jimmy
e46003711b
fix: make RBAC dependencies properly chain _inject_user for OPC authorization
2026-04-02 00:25:32 +08:00
Gan, Jimmy
213d0e897c
fix: add Authelia groups to RBAC role mapping for OPC access
Deploy Dashboard (Dev) / deploy-dev (push) Failing after 2m1s
Run Tests / Backend Tests (push) Failing after 1m41s
Run Tests / Frontend Tests (push) Failing after 16m23s
Run Tests / Test Summary (push) Failing after 4m8s
2026-04-02 00:02:26 +08:00
Gan, Jimmy
263c518b70
fix: correct _inject_user signature to avoid circular import
Deploy Dashboard (Dev) / deploy-dev (push) Failing after 1m50s
Run Tests / Backend Tests (push) Successful in 49s
Run Tests / Test Summary (push) Has been cancelled
Run Tests / Frontend Tests (push) Has been cancelled
2026-03-31 17:55:54 +08:00
Gan, Jimmy
e8f1373b41
fix: add _inject_user to rbac module for OPC routers
Deploy Dashboard (Dev) / deploy-dev (push) Failing after 2m14s
Run Tests / Backend Tests (push) Successful in 55s
Run Tests / Frontend Tests (push) Failing after 8m12s
Run Tests / Test Summary (push) Failing after 1m42s
2026-03-31 16:40:40 +08:00
Gan, Jimmy
1ca019fa48
feat: add OPC (One Person Company) management system with Kanban board
...
Deploy Dashboard (Dev) / deploy-dev (push) Has been cancelled
Run Tests / Backend Tests (push) Has been cancelled
Run Tests / Frontend Tests (push) Has been cancelled
Run Tests / Test Summary (push) Has been cancelled
Phase 1 MVP implementation:
- PostgreSQL database schema for tasks, agents, executions, time tracking
- Backend API: task CRUD, agent management, automatic time tracking
- Frontend: Kanban board with drag-and-drop (Parking Lot → In Progress → Done)
- Task modal for creating/editing tasks with tags, priority, assignee
- 3 core agents seeded: PM, CTO, COO
- Agent approval workflow: CxO level requires approval, others auto-execute
- Automatic time tracking: starts on in_progress, stops on done
- RBAC integration: OPC page accessible to admin/member roles
Features:
- Drag-and-drop tasks between columns
- Assign tasks to humans or AI agents
- Priority badges (low, medium, high, urgent)
- Tags and due dates
- Task history tracking
- Time entry tracking with automatic timer
- Agent execution records with approval workflow
Next steps:
- Initialize OPC database on NAS
- Implement agent executor service
- Add WebSocket for real-time updates
- Add email notifications
- Add PDF invoice generation
2026-03-31 14:31:31 +08:00
Gan, Jimmy
44f0ed5d04
fix: harden dashboard auth and terminal flows
...
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 3m29s
Tighten terminal websocket auth and proxy trust handling while making file-backed auth/RBAC writes atomic to reduce high-impact security and persistence risks.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-03-06 23:53:58 +08:00
Gan, Jimmy
7ab2ad41c4
feat: add role-based sidebar link visibility control
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 1m37s
2026-03-01 18:17:45 +08:00
Gan, Jimmy
a8debcfb4b
feat: access control UI in Settings + sidebar drag-and-drop reordering
...
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 1m13s
- Add Access Control card in Settings (admin-only): role defaults display, user overrides CRUD
- Add sidebar drag-and-drop reordering with per-user persistence in rbac.json
- Backend: GET/PUT /api/auth/preferences endpoints, sidebar order helpers in rbac.py
- Frontend: HTML5 drag API with grip handles, smart order merge, debounced save
- Preserve sidebar_order when updating page overrides
2026-03-01 14:48:35 +08:00
Gan, Jimmy
9992105b49
feat: RBAC multi-user role-based access control
...
Deploy Dashboard (Dev) / deploy-dev (push) Successful in 1m14s
- Add rbac.py with User model, LDAP group-to-role mapping, page/write dependencies
- Proxy auth reads Remote-Groups header to resolve role from LDAP groups
- JWT tokens carry role claim, /me returns role + allowed pages
- Per-router page access control and viewer write protection
- Terminal WebSocket RBAC check
- Frontend filters sidebar links and routes by allowed pages
- Admin-only Settings page and RBAC override endpoints
- Mount rbac.json in docker-compose for page config persistence
2026-03-01 14:13:43 +08:00