Skip to content

Create Authorization Policies and Role-Based Access Control #24

New issue
New issue
Open
Open
Create Authorization Policies and Role-Based Access Control#24
Labels
backendBackend/Server relatedenhancementNew feature or requestsecuritySecurity related changes
Milestone
M4: Authentication & Authorization
@webceyhan

Description

@webceyhan
webceyhan
opened on Jun 29, 2025

Description

Implement comprehensive authorization policies and role-based access control throughout the application.

Acceptance Criteria

  • Create UserPolicy (admin only operations)
  • Create CustomerPolicy (all authenticated users)
  • Create TicketPolicy (technicians see assigned only)
  • Create InvoicePolicy (managers and admins only)
  • Create role-based middleware
  • Add authorization gates for admin/manager functions
  • Add ticket assignment authorization

Technical Details

Policy Structure:

  • UserPolicy: viewAny, view, create, update, delete
  • CustomerPolicy: viewAny, view, create, update, delete
  • TicketPolicy: viewAny, view, create, update, delete, assign
  • InvoicePolicy: viewAny, view, create, update, delete

Role-Based Rules:

  • Admins: Full access to everything
  • Managers: Access to all except user management
  • Technicians: Only assigned tickets and related data
  • Customer Service: Customers, devices, tickets (create/view)

Middleware:

  • role:admin
  • role:manager
  • role:technician
  • can:assign-tickets

Testing Requirements

  • Policy authorization tests
  • Role-based access tests
  • Middleware tests
  • Gate authorization tests

Definition of Done

  • All policies created and working
  • Role-based access enforced
  • Middleware protecting routes
  • All authorization tests pass

Metadata

Metadata

Assignees

No one assigned

    Labels

    backendBackend/Server relatedenhancementNew feature or requestsecuritySecurity related changes

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions