Skip to content

Add user scope model for console authorization#50

Open
CerealesMC wants to merge 1 commit intoopen-uem:mainfrom
CerealesMC:main
Open

Add user scope model for console authorization#50
CerealesMC wants to merge 1 commit intoopen-uem:mainfrom
CerealesMC:main

Conversation

@CerealesMC
Copy link
Copy Markdown

@CerealesMC CerealesMC commented Apr 29, 2026

Summary

  • Add authorization data model support for console user scoping.
  • Introduce role-based behavior (admin vs custom) and resource assignments.
  • Enable downstream services to resolve allowed tenants/sites/agents from user relations.

Changes

  • Added console_role enum field on User (admin, custom).
  • Added user-to-resource permission edges:
    • allowed_tenants
    • allowed_sites
    • allowed_agents
  • Added reverse edges on Tenant, Site, and Agent to support efficient scoped queries.

Why

This schema update provides the persistence layer required for least-privilege access in the console while preserving full-access admin behavior.

Validation

  • Generate ent code successfully.
  • Apply migrations successfully.
  • Verify user-role and edge assignments are readable/writable from ent client.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@CerealesMC