All files / src defaultRoles.ts

100% Statements 3/3
100% Branches 0/0
100% Functions 0/0
100% Lines 3/3

Press n or j to go to the next uncovered block, b, p or k for the previous block. 



1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92 
 
 
 
 
 
1x
 
 
 
 
 
 
 
 
 
 
 
 
1x
 
 
 
 
 
 
 
 
 
 
 
 
 
1x
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
import type { SystemRole } from './types'
 
/**
 * Essential system role - always created by the plugin
 * This is the only hardcoded role as it's required for the system to function
 */
export const SUPER_ADMIN_ROLE: SystemRole = {
  name: 'super_admin',
  label: 'Super Administrator',
  permissions: ['*'],
  protected: true,
  active: true,
  description: 'Full system access - automatically assigned to first user',
}
 
/**
 * Public role for non-authenticated users
 * This role is automatically applied when no user is logged in
 */
export const PUBLIC_ROLE: SystemRole = {
  name: 'public',
  label: 'Public Access',
  permissions: ['*.read'], // Default permissions, can be overridden
  protected: true,
  active: true,
  description: 'Default permissions for non-authenticated users',
  visibleFor: [], // Not visible in UI for assignment
}
 
/**
 * Example role configurations that can be used in the plugin config
 * These are NOT automatically created - they must be explicitly configured
 */
export const EXAMPLE_ROLES = {
  admin: {
    name: 'admin',
    label: 'Administrator',
    permissions: [
      // Backend users management (no role management)
      'backend-users.read',
      'backend-users.create',
      'backend-users.update',
      'backend-users.delete',
      // Frontend users management
      'users.read',
      'users.create',
      'users.update',
      'users.delete',
      // Media management
      'media.read',
      'media.create',
      'media.update',
      'media.delete',
    ],
    protected: false,
    active: true,
    description: 'Admin access without role management capabilities',
  },
  editor: {
    name: 'editor',
    label: 'Editor',
    permissions: [
      // Read-only for users
      'backend-users.read',
      'users.read',
      // Full media access
      'media.read',
      'media.create',
      'media.update',
      'media.delete',
    ],
    protected: false,
    active: true,
    description: 'Content editor with limited user access',
  },
  user: {
    name: 'user',
    label: 'Frontend User',
    permissions: [
      // Users can only manage their own profile (enforced at row level)
      'users.read',
      'users.update',
      // Media for profile pictures
      'media.create',
      'media.read',
    ],
    protected: false,
    active: true,
    description: 'Default role for frontend users - can manage own profile',
  },
}
 
Code coverage generated by istanbul at 2025-08-18T01:56:38.048Z