docs(rbac): document unified RoleCode usage across Analysis, Dashboard & ETL (#536)#654
Merged
cct08311github merged 1 commit intodotnet8from Mar 18, 2026
Merged
Conversation
…d & ETL (#536) - wtm-developer-manual.md §10.4: add explicit note that AllowedRoles in [EnableAnalysis] / [Dimension] / [Measure] uses RoleCode, not RoleName; add code examples showing correct vs incorrect usage - wtm-developer-manual.md §10.5 (new): cross-module RBAC comparison table covering Analysis (attribute + IAnalysisFieldPolicy), Dashboard (Sharing.Roles), and ETL (standard PrivilegeFilter); explains Admin fast-path for each module; warns against mixing RoleCode with RoleName - analysis-mode.md §8: expand security table entry for unauthorised access; add new "角色型存取控制" subsection documenting VM-level and field-level AllowedRoles, IAnalysisFieldPolicy customisation, and the RoleCode rule - dashboard-dev-guide.md: update sharing-mode JSON examples to use "mode: roles" and RoleCodes; add explicit RoleCode vs RoleName warning; document AdminRoles configuration option No code changes — all three modules were already consistently using RoleCode (confirmed in _AnalysisController.CheckAccess, AnalysisWidgetDataSource, BuildClaimsPrincipal, and _DashboardController.GetUserInfo). Closes #536 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Documents the unified RBAC convention (all three modules use
RoleCode) with no code changes — code was already correct.wtm-developer-manual.md§10.4: add explicit note thatAllowedRolesin[EnableAnalysis]/[Dimension]/[Measure]usesRoleCode, notRoleName; add correct/incorrect code exampleswtm-developer-manual.md§10.5 (new section): cross-module RBAC comparison table for Analysis, Dashboard, and ETL; explains each module's mechanism, role identifier, and Admin fast-path; warns against mixingRoleCodewithRoleNameanalysis-mode.md§8: expand security section to document VM-level and field-levelAllowedRolesRBAC,IAnalysisFieldPolicycustomisation, and theRoleCoderuledashboard-dev-guide.md: updateSharing.RolesJSON examples to use correctRoleCodevalues; add explicit RoleCode vs RoleName warning; documentDashboardOptions.AdminRolesconfigurationWhat was already correct (no code changes needed)
_AnalysisController.CheckAccess()r.RoleCode✅AnalysisWidgetDataSource.CheckAccess()r.RoleCode✅AnalysisWidgetDataSource.BuildClaimsPrincipal()role.RoleCodeforClaimTypes.Role✅_DashboardController.GetUserInfo()r.RoleCode✅JsonFileDashboardService.CanAccess()/CanEdit()RoleCode[]from controller ✅Test plan
dotnet build WalkingTec.Mvvm.sln -c Releasepasses (docs-only change)AllowedRolesexamples all useRoleCodeformatCloses #536
🤖 Generated with Claude Code