first commit

2026-03-24 16:03:04 +00:00
commit df40cc57e1
80 changed files with 16766 additions and 0 deletions
--- a/PERMISSIONS.md
+++ b/PERMISSIONS.md
@@ -0,0 +1,69 @@
+# Permissions Reference
+
+This file lists the permissions currently checked by the application.
+
+## Global Permissions
+
+- `*`
+    - Full access wildcard
+    - Also used by the built-in Admin group
+- admin.access
+    - Access to admin API and admin UI
+- space.create
+    - Create a new space
+- space.edit
+    - Global space edit capability (used as fallback alongside space-scoped settings edit)
+- space.delete
+    - Global space delete capability (used as fallback alongside space-scoped delete)
+
+## Space-Scoped Permission Format
+
+space.<space_permission_key>.<action>
+
+- space_permission_key is derived from the space name (normalized token)
+- Example:
+    - space.product_docs.note.create
+    - space.product_docs.settings.member.manage
+
+## Space-Scoped Actions Currently Enforced
+
+### Space Management
+
+- settings.edit
+- delete
+
+### Member Management
+
+- settings.member.manage
+- settings.member.view
+
+### Category Management
+
+- category.create
+- category.edit
+- category.delete
+
+### Note Management
+
+- note.create
+- note.edit
+- note.delete
+
+## Wildcard Support
+
+Permissions support wildcard matching with \*.
+
+Examples:
+
+- space.product_docs.\*
+    - Grants all permissions for the product_docs space
+- space.\*.note.create
+    - Grants note.create for all spaces
+- `*`
+    - Grants all permissions globally
+
+## Built-in Group
+
+- Admin group is auto-created at startup if missing
+- Admin group permissions:
+    - `*`