snipe-auth-rbac 0.3.0 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +1 -1
  2. package/sql/0002_seed_defaults.sql +29 -19
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "snipe-auth-rbac",
3
- "version": "0.3.0",
3
+ "version": "0.3.1",
4
4
  "description": "Two-layer RBAC (system + company) for React, Next.js, and any modern TS app — paired with the Python sibling.",
5
5
  "license": "MIT",
6
6
  "type": "module",
package/sql/0002_seed_defaults.sql CHANGED
@@ -1,32 +1,42 @@
1
1
  -- snipe-auth-rbac — optional default seed
2
2
  --
3
3
  -- Companion to 0001_initial.sql that seeds:
4
- -- * Two system roles (System Admin with is_super=true, System Support).
5
- -- * Four generic company-role templates (Owner / Manager / Member /
6
- -- Viewer) with sensible default_permissions patterns.
4
+ -- * Two system roles (System-Administrator with is_super=true,
5
+ -- System-Support).
6
+ -- * Four generic company-role templates (Inhaber / Verwalter /
7
+ -- Mitarbeiter / Leser) with sensible default_permissions
8
+ -- patterns.
7
9
  --
8
- -- The four templates use only the `default` action set — they don't
9
- -- reference specific resources or groups, since those are defined by
10
- -- the host. After registering host resources, run
11
- -- ``rbac.apply_template_defaults(role_id)`` to materialise the matrix.
10
+ -- Names are in German that's the package's primary target
11
+ -- audience (German property-management / SaaS). Adopters who
12
+ -- prefer English names skip this file and seed their own.
12
13
  --
13
- -- Domain-specific templates (Property Manager, Tenant Manager,
14
- -- Sales, …) belong in the host's own seed migration where their
15
- -- group/resource defaults can reference real registered resources.
14
+ -- The four templates use only the `default` action set — they
15
+ -- don't reference specific resources or groups, since those are
16
+ -- defined by the host. After registering host resources, run
17
+ -- ``rbac.apply_template_defaults(role_id)`` to materialise the
18
+ -- matrix.
19
+ --
20
+ -- Domain-specific templates (Liegenschaftsverwalter,
21
+ -- Mieterverwalter, Vertrieb, Gutachter, Anwalt, Mieter) belong in
22
+ -- the host's own seed migration where their group/resource
23
+ -- defaults can reference real registered resources.
16
24
  --
17
25
  -- Idempotent: every INSERT uses ON CONFLICT DO NOTHING. Re-running
18
- -- the file leaves an existing deployment untouched.
26
+ -- the file leaves an existing deployment untouched. Note: this
27
+ -- means upgrading from v0.3.0 (English names) does NOT auto-rename
28
+ -- — see CHANGELOG for the rename snippet.
19
29
 
20
30
  BEGIN;
21
31
 
22
32
  -- System roles
23
33
  INSERT INTO rbac.roles (id, scope, company_id, name, description, is_system, is_super, default_permissions)
24
34
  VALUES
25
- (gen_random_uuid(), 'system', NULL, 'System Admin',
35
+ (gen_random_uuid(), 'system', NULL, 'System-Administrator',
26
36
  'Plattform-Vollzugriff. Setzt jede Berechtigungsprüfung außer Kraft.',
27
37
  true, true,
28
38
  '{"default": ["read", "write", "update", "delete"]}'::jsonb),
29
- (gen_random_uuid(), 'system', NULL, 'System Support',
39
+ (gen_random_uuid(), 'system', NULL, 'System-Support',
30
40
  'Lesezugriff auf systemweite Ressourcen für Support-Aufgaben.',
31
41
  true, false,
32
42
  '{"default": ["read"]}'::jsonb)
@@ -36,19 +46,19 @@ ON CONFLICT DO NOTHING;
36
46
  -- Generic shapes only; domain-specific defaults are the host's job.
37
47
  INSERT INTO rbac.roles (id, scope, company_id, name, description, is_system, is_super, default_permissions)
38
48
  VALUES
39
- (gen_random_uuid(), 'company', NULL, 'Owner',
40
- 'Vollzugriff innerhalb der eigenen Company.',
49
+ (gen_random_uuid(), 'company', NULL, 'Inhaber',
50
+ 'Vollzugriff innerhalb des eigenen Mandanten.',
41
51
  true, false,
42
52
  '{"default": ["read", "write", "update", "delete"]}'::jsonb),
43
- (gen_random_uuid(), 'company', NULL, 'Manager',
44
- 'Verwaltet Daten der Company, kann Rollen ändern. Kein Löschen.',
53
+ (gen_random_uuid(), 'company', NULL, 'Verwalter',
54
+ 'Verwaltet Daten des Mandanten, kann Rollen ändern. Kein Löschen.',
45
55
  true, false,
46
56
  '{"default": ["read", "write", "update"]}'::jsonb),
47
- (gen_random_uuid(), 'company', NULL, 'Member',
57
+ (gen_random_uuid(), 'company', NULL, 'Mitarbeiter',
48
58
  'Standard-Mitarbeiter mit Lese- und Schreibzugriff.',
49
59
  true, false,
50
60
  '{"default": ["read", "write"]}'::jsonb),
51
- (gen_random_uuid(), 'company', NULL, 'Viewer',
61
+ (gen_random_uuid(), 'company', NULL, 'Leser',
52
62
  'Nur Lesezugriff.',
53
63
  true, false,
54
64
  '{"default": ["read"]}'::jsonb)