Add RBAC tests, wiki docs, reset token to 1 hour
12 RBAC API tests: permission denial for no-role users, viewer read-only, sales associate can create but not delete, technician scoped access, instructor inventory denied, admin full access, permission inheritance (admin implies edit+view), system role undeletable, custom role lifecycle. Wiki articles for Users & Roles and Profile settings. Reset password link expires in 1 hour instead of 24.
This commit is contained in:
Ryan Moon
@@ -216,6 +216,87 @@ You can upload photos of the front and back of the ID. These are stored securely
|
||||
If a member has multiple IDs, mark one as **Primary** — this is the one shown by default in quick lookups.
|
||||
`.trim(),
|
||||
},
|
||||
{
|
||||
slug: 'users-roles',
|
||||
title: 'Users & Roles',
|
||||
category: 'Admin',
|
||||
content: `
|
||||
# Users & Roles
|
||||
|
||||
Forte uses a permission-based access control system. **Permissions** are specific actions (like "view accounts" or "edit inventory"). **Roles** are named groups of permissions that you assign to users.
|
||||
|
||||
## Managing Users
|
||||
|
||||
Go to **Users** in the Admin section of the sidebar.
|
||||
|
||||
- View all staff accounts with their assigned roles
|
||||
- Click the three-dot menu on a user to:
|
||||
- **Manage Roles** — add or remove roles
|
||||
- **Reset Password Link** — generates a secure one-time link (expires in 1 hour) that you can send to the user
|
||||
|
||||
## Managing Roles
|
||||
|
||||
Go to **Roles** in the Admin section.
|
||||
|
||||
- View all roles (system defaults + custom roles you've created)
|
||||
- **System roles** (Admin, Manager, Sales Associate, etc.) come pre-configured but you can modify their permissions
|
||||
- Click a role to edit its permissions
|
||||
- Click **New Role** to create a custom role
|
||||
|
||||
## How Permissions Work
|
||||
|
||||
Permissions are organized by area:
|
||||
|
||||
- **Accounts** — view, edit, admin
|
||||
- **Inventory** — view, edit, admin
|
||||
- **POS** — view, edit, admin
|
||||
- **Rentals, Lessons, Repairs** — each has view, edit, admin
|
||||
|
||||
**Permission inheritance:** If a role has **admin** permission for an area, it automatically includes **edit** and **view** too. If it has **edit**, it includes **view**.
|
||||
|
||||
## Creating a Custom Role
|
||||
|
||||
1. Go to **Roles** → **New Role**
|
||||
2. Enter a name (e.g. "School Sales Rep")
|
||||
3. Check the permissions this role needs
|
||||
4. Click **Create Role**
|
||||
5. Go to **Users** → assign the new role to staff members
|
||||
|
||||
## Multiple Roles
|
||||
|
||||
A user can have multiple roles. Their effective permissions are the combination of all their roles. For example, a user with "Sales Associate" + "Repair Viewer" can do everything a sales associate can, plus view repair tickets.
|
||||
`.trim(),
|
||||
},
|
||||
{
|
||||
slug: 'profile-settings',
|
||||
title: 'Your Profile',
|
||||
category: 'General',
|
||||
content: `
|
||||
# Your Profile
|
||||
|
||||
Click your name at the bottom of the sidebar to access your profile.
|
||||
|
||||
## Editing Your Name
|
||||
|
||||
You can update your first and last name. Click **Save** to apply changes.
|
||||
|
||||
## Changing Your Password
|
||||
|
||||
1. Enter your current password
|
||||
2. Enter a new password (at least 12 characters)
|
||||
3. Confirm the new password
|
||||
4. Click **Change Password**
|
||||
|
||||
## Appearance
|
||||
|
||||
Choose your preferred mode and color theme:
|
||||
|
||||
- **Mode** — Light, Dark, or System (follows your device setting)
|
||||
- **Color Theme** — Slate, Emerald, Violet, Amber, or Rose
|
||||
|
||||
Your preferences are saved in your browser and persist across sessions.
|
||||
`.trim(),
|
||||
},
|
||||
]
|
||||
|
||||
export function getWikiPages(): WikiPage[] {
|
||||
|
||||
Reference in New Issue
Block a user