erik/slugkit
1
0
Fork 0
Code Issues 6 Pull requests Projects Releases 6 Packages Wiki Activity Actions

Introduce site users and access roles #162

Merged
erik merged 1 commit from feat/task-4ea105da-site-users-roles into main 2026-06-20 07:46:25 -05:00
Conversation 1 Commits 1 Files changed 14 +670 -6
erik commented 2026-06-20 07:42:30 -05:00
Owner
Copy link

Summary

  • Add stored site_users and site_user_roles tables with admin and viewer roles.
  • Add site-user helpers for user upsert/listing, role checks, role assignment, and deactivation.
  • Treat ADMIN_EMAIL as bootstrap/recovery: successful bootstrap login persists an admin site user.
  • Allow existing active site users to request magic links without depending on ADMIN_EMAIL.
  • Gate admin routes on stored admin role capability.
  • Add minimal /admin/users UI to list users, add users, set admin/viewer, and deactivate users.
  • Document bootstrap owner, site users, roles, future protected-content access, sessions, API keys, and ActivityPub actor separation.
  • Add migration, site-user, auth, and admin-user route tests.

Verification

  • npm run build --workspace @slugkit/template-site
  • Targeted template-site tests for site users, admin users, auth, migrations, and existing admin routes
  • ./scripts/pre-pr.sh
## Summary - Add stored `site_users` and `site_user_roles` tables with `admin` and `viewer` roles. - Add site-user helpers for user upsert/listing, role checks, role assignment, and deactivation. - Treat `ADMIN_EMAIL` as bootstrap/recovery: successful bootstrap login persists an admin site user. - Allow existing active site users to request magic links without depending on `ADMIN_EMAIL`. - Gate admin routes on stored `admin` role capability. - Add minimal `/admin/users` UI to list users, add users, set `admin`/`viewer`, and deactivate users. - Document bootstrap owner, site users, roles, future protected-content access, sessions, API keys, and ActivityPub actor separation. - Add migration, site-user, auth, and admin-user route tests. ## Verification - `npm run build --workspace @slugkit/template-site` - Targeted template-site tests for site users, admin users, auth, migrations, and existing admin routes - `./scripts/pre-pr.sh`
feat: introduce site users and roles
All checks were successful
CI / build-lint-test (pull_request) Successful in 47s
Details
f456877f74 
Task: #task-4ea105da
erik commented 2026-06-20 07:43:53 -05:00
Author
Owner
Copy link

PR Review: Approved

Summary

The PR introduces a stored site-user model and role-based admin capability checks as a usable vertical slice. It adds site_users and site_user_roles, persists bootstrap/recovery logins as admin users, allows existing active site users to request magic links independent of ADMIN_EMAIL, gates admin routes on stored admin role, and adds minimal /admin/users management for listing, adding, role assignment, and deactivation. The docs now distinguish bootstrap/recovery access, site users, management roles, future viewer access, sessions/API keys, and ActivityPub actor identity.

Acceptance criteria

  • The codebase has a clear stored site user model — site_users, site_user_roles, and site-users.ts helpers.
  • Admin access is represented as a role/capability on a site user — admin middleware checks stored admin role.
  • The model includes a non-admin viewer role for protected-content viewing later.
  • ADMIN_EMAIL behavior is documented as bootstrap/recovery-oriented.
  • Existing admin login flows continue to work during the transition.
  • Successful bootstrap/recovery login creates or updates an admin site user.
  • Admin users can list, add, role-assign, and deactivate site users through /admin/users.
  • Non-admin users are represented but cannot access admin-only user management.
  • ActivityPub actor identity remains separate from site users.
  • Tests cover implemented user/role behavior and admin user-management access.
  • Relevant lint/test checks pass.

Blocking issues

None.

Warnings

None.

Verification

  • npm run build --workspace @slugkit/template-site
  • Targeted template-site tests for site users, admin users, auth, migrations, and existing admin routes.
  • ./scripts/pre-pr.sh
  • Forgejo Actions run #227 passed.

Verdict

Approved. Stop at the human merge gate.

PR Review Worker Result

  • pr: open
  • review: approved
  • pr_comment: posted
  • task_comment: posted
  • blocking_issues: 0
  • warnings: 0
  • criteria_total: 11
  • criteria_met: 11
  • criteria_missing: 0
## PR Review: Approved ### Summary The PR introduces a stored site-user model and role-based admin capability checks as a usable vertical slice. It adds `site_users` and `site_user_roles`, persists bootstrap/recovery logins as admin users, allows existing active site users to request magic links independent of `ADMIN_EMAIL`, gates admin routes on stored `admin` role, and adds minimal `/admin/users` management for listing, adding, role assignment, and deactivation. The docs now distinguish bootstrap/recovery access, site users, management roles, future viewer access, sessions/API keys, and ActivityPub actor identity. ### Acceptance criteria - [x] The codebase has a clear stored site user model — `site_users`, `site_user_roles`, and `site-users.ts` helpers. - [x] Admin access is represented as a role/capability on a site user — admin middleware checks stored `admin` role. - [x] The model includes a non-admin `viewer` role for protected-content viewing later. - [x] `ADMIN_EMAIL` behavior is documented as bootstrap/recovery-oriented. - [x] Existing admin login flows continue to work during the transition. - [x] Successful bootstrap/recovery login creates or updates an admin site user. - [x] Admin users can list, add, role-assign, and deactivate site users through `/admin/users`. - [x] Non-admin users are represented but cannot access admin-only user management. - [x] ActivityPub actor identity remains separate from site users. - [x] Tests cover implemented user/role behavior and admin user-management access. - [x] Relevant lint/test checks pass. ### Blocking issues None. ### Warnings None. ### Verification - `npm run build --workspace @slugkit/template-site` - Targeted template-site tests for site users, admin users, auth, migrations, and existing admin routes. - `./scripts/pre-pr.sh` - Forgejo Actions run #227 passed. ### Verdict Approved. Stop at the human merge gate. PR Review Worker Result - pr: open - review: approved - pr_comment: posted - task_comment: posted - blocking_issues: 0 - warnings: 0 - criteria_total: 11 - criteria_met: 11 - criteria_missing: 0
erik merged commit c67f1d39f2 into main 2026-06-20 07:46:25 -05:00
erik deleted branch feat/task-4ea105da-site-users-roles 2026-06-20 07:46:25 -05:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
activitypub

   
admin

   
api

   
articles

   
auth

   
bug

   
cleanup

   
cli

   
comments

   
compatibility

   
config

   
contacts

   
database

   
deployment

   
design

   
dev-env

   
docs

   
documentation

   
email

   
enhancement

   
feature

   
federation

   
feed

   
homepage

   
implementation

   
integration

   
media

   
openapi

   
priority:high

   
priority:low

   
priority:medium

   
proof

   
public-routes

   
public-ui

   
release

   
safety

   
social

   
sources

   
status:active

   
status:canceled

   
status:done

   
status:inprogress

   
status:waiting

   
syndication

   
tailwind

   
template

   
test

   
web
No labels
activitypub
admin
api
articles
auth
bug
cleanup
cli
comments
compatibility
config
contacts
database
deployment
design
dev-env
docs
documentation
email
enhancement
feature
federation
feed
homepage
implementation
integration
media
openapi
priority:high
priority:low
priority:medium
proof
public-routes
public-ui
release
safety
social
sources
status:active
status:canceled
status:done
status:inprogress
status:waiting
syndication
tailwind
template
test
web
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
erik/slugkit!162
No description provided.