You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
- Introduced new tables for teams and team memberships in the SQLite schema.
- Implemented TeamService to handle team creation, retrieval, and management.
- Added logic to create a default team for users upon registration.
- Updated database migration files to reflect the new schema changes.
- Enhanced the schema definitions to include enums for team roles.
- Modified the registration process to include team creation.
Copy file name to clipboardExpand all lines: services/backend/ROLES.md
+185Lines changed: 185 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -24,13 +24,198 @@ The RBAC system provides fine-grained access control through roles and permissio
24
24
-`users.create` - Create new users
25
25
-`roles.manage` - Manage roles and permissions
26
26
-`system.admin` - Administrative system access
27
+
-`teams.create` - Create new teams
28
+
-`teams.view` - View team details
29
+
-`teams.edit` - Edit team settings
30
+
-`teams.delete` - Delete teams
31
+
-`teams.manage` - Full team management
32
+
-`team.members.view` - View team members
33
+
-`team.members.manage` - Manage team member roles
27
34
28
35
### Global User (`global_user`)
29
36
30
37
-**Description**: Standard user with basic profile access
31
38
-**Permissions**:
32
39
-`profile.view` - View own profile
33
40
-`profile.edit` - Edit own profile
41
+
-`teams.create` - Create new teams (up to 3)
42
+
-`teams.view` - View team details
43
+
-`teams.edit` - Edit own team settings
44
+
-`teams.delete` - Delete own teams
45
+
-`team.members.view` - View team members
46
+
47
+
### Team Administrator (`team_admin`)
48
+
49
+
-**Description**: Full management access within a specific team
50
+
-**Permissions**:
51
+
-`teams.view` - View team details
52
+
-`teams.edit` - Edit team settings
53
+
-`teams.delete` - Delete team (if owner)
54
+
-`teams.manage` - Full team management
55
+
-`team.members.view` - View team members
56
+
-`team.members.manage` - Manage team member roles
57
+
58
+
### Team User (`team_user`)
59
+
60
+
-**Description**: Basic team member with limited access
61
+
-**Permissions**:
62
+
-`teams.view` - View team details
63
+
-`team.members.view` - View team members
64
+
65
+
## Team System
66
+
67
+
DeployStack includes a comprehensive team management system that allows users to organize their work into teams. Each user automatically gets their own team upon registration and can create up to 3 teams total.
68
+
69
+
### Team Features
70
+
71
+
-**Automatic Team Creation**: Every new user gets a default team created with their username
72
+
-**Team Ownership**: Each team has an owner who has full administrative control
73
+
-**Single User Teams**: Currently, teams support only one user per team
74
+
-**Team Limits**: Users can create up to 3 teams maximum
75
+
-**Unique Slugs**: Teams have URL-friendly slugs with automatic conflict resolution
76
+
77
+
### Team Database Schema
78
+
79
+
#### Teams Table
80
+
81
+
```sql
82
+
CREATETABLEteams (
83
+
id TEXTPRIMARY KEY,
84
+
name TEXTNOT NULL,
85
+
slug TEXTNOT NULL UNIQUE,
86
+
description TEXT,
87
+
owner_id TEXTNOT NULLREFERENCES authUser(id) ON DELETE CASCADE,
88
+
created_at INTEGERNOT NULL,
89
+
updated_at INTEGERNOT NULL
90
+
);
91
+
```
92
+
93
+
#### Team Memberships Table
94
+
95
+
```sql
96
+
CREATETABLEteamMemberships (
97
+
id TEXTPRIMARY KEY,
98
+
team_id TEXTNOT NULLREFERENCES teams(id) ON DELETE CASCADE,
99
+
user_id TEXTNOT NULLREFERENCES authUser(id) ON DELETE CASCADE,
100
+
role TEXTNOT NULL, -- 'team_admin' or 'team_user'
101
+
joined_at INTEGERNOT NULL,
102
+
UNIQUE(team_id, user_id)
103
+
);
104
+
```
105
+
106
+
### Team Registration Flow
107
+
108
+
When a user registers:
109
+
110
+
1. User account is created with appropriate global role
111
+
2. A default team is automatically created using the user's username
112
+
3. The user is added as `team_admin` of their new team
113
+
4. If username conflicts exist, slug gets incremented (e.g., `john-doe-2`)
114
+
115
+
### Team Management
116
+
117
+
#### Team Creation
118
+
119
+
- Users can create up to 3 teams
120
+
- Team names are converted to URL-friendly slugs
121
+
- Automatic conflict resolution for duplicate slugs
122
+
- Team owner becomes `team_admin` automatically
123
+
124
+
#### Team Roles
125
+
126
+
-**Team Admin**: Full control over team settings and management
127
+
-**Team User**: Basic team member (for future expansion)
128
+
129
+
#### Team Permissions
130
+
131
+
| Permission | Description |
132
+
|------------|-------------|
133
+
|`teams.create`| Create new teams (up to limit) |
134
+
|`teams.view`| View team details |
135
+
|`teams.edit`| Edit team settings |
136
+
|`teams.delete`| Delete team |
137
+
|`teams.manage`| Full team management |
138
+
|`team.members.view`| View team members |
139
+
|`team.members.manage`| Manage team member roles |
0 commit comments