ChrisChen/ROLAC
1
0
Fork 0
Code Issues 66 Pull Requests Actions Packages Projects Releases Wiki Activity

[P0] RBAC framework + Ministry Scope middleware #6

New Issue
Open
opened 2026-05-26 01:32:39 +00:00 by ChrisChen · 0 comments
ChrisChen commented 2026-05-26 01:32:39 +00:00
Owner
Copy Link
Copy Source

Overview

Role-Based Access Control with 13 predefined roles and Ministry Scope filtering so scoped roles only see their ministry's data.

Roles

super_admin, pastor, board_member, coworker_chair, ministry_leader, district_leader, cell_leader, coworker, finance, secretary, worship_leader, member, visitor

Tasks

  • Seed all 13 roles into DB via DbInitializer
  • Create UserMinistry join table (user -> ministry scope binding)
  • Build MinistryScope middleware that filters queries by caller's assigned ministries
  • Authorization policies per resource/action (see PLANNING.md Section 4 permission matrix)
  • Role assignment API (super_admin only)

Reference

PLANNING.md Section 3.2 RBAC, Section 4 Permission Matrix

## Overview Role-Based Access Control with 13 predefined roles and Ministry Scope filtering so scoped roles only see their ministry's data. ## Roles super_admin, pastor, board_member, coworker_chair, ministry_leader, district_leader, cell_leader, coworker, finance, secretary, worship_leader, member, visitor ## Tasks - [ ] Seed all 13 roles into DB via DbInitializer - [ ] Create UserMinistry join table (user -> ministry scope binding) - [ ] Build MinistryScope middleware that filters queries by caller's assigned ministries - [ ] Authorization policies per resource/action (see PLANNING.md Section 4 permission matrix) - [ ] Role assignment API (super_admin only) ## Reference PLANNING.md Section 3.2 RBAC, Section 4 Permission Matrix
ChrisChen added this to the Phase 0 - Tech Foundation and DevOps milestone 2026-05-26 01:32:39 +00:00
ChrisChen added the module: rbac label 2026-05-26 01:32:39 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
module: ai
AI integration (Claude API, Phase 5)
 module: attendance
Sunday attendance tracking
 module: audit-log
Immutable audit log
 module: auth
Authentication, JWT, ASP.NET Identity
 module: cell-groups
Cell groups, meetings, attendance
 module: cms
Public website CMS (rolac.org, bilingual)
 module: devops
Infrastructure, Docker, CI/CD, Jenkins
 module: expense
Expense tracking and reimbursements
 module: giving
Donations, tithing, annual receipts
 module: members
Member CRUD, family units, search
 module: prayer
Prayer requests and visibility scopes
 module: rbac
Roles, permissions, Ministry Scope
 module: reports
Reports and analytics
 module: roster
Service roster and scheduling
No Label module: rbac
Milestone
No items
No Milestone Phase 0 - Tech Foundation and DevOps
Projects
Clear projects
No project
Assignees
Clear assignees
ChrisChen
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: ChrisChen/ROLAC#6
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?