70 lines
1.4 KiB
Markdown
70 lines
1.4 KiB
Markdown
# Permissions Reference
|
|
|
|
This file lists the permissions currently checked by the application.
|
|
|
|
## Global Permissions
|
|
|
|
- `*`
|
|
- Full access wildcard
|
|
- Also used by the built-in Admin group
|
|
- admin.access
|
|
- Access to admin API and admin UI
|
|
- space.create
|
|
- Create a new space
|
|
- space.edit
|
|
- Global space edit capability (used as fallback alongside space-scoped settings edit)
|
|
- space.delete
|
|
- Global space delete capability (used as fallback alongside space-scoped settings.delete)
|
|
|
|
## Space-Scoped Permission Format
|
|
|
|
space.<space_permission_key>.<action>
|
|
|
|
- space_permission_key is derived from the space name (normalized token)
|
|
- Example:
|
|
- space.product_docs.note.create
|
|
- space.product_docs.settings.member.manage
|
|
|
|
## Space-Scoped Actions Currently Enforced
|
|
|
|
### Space Management
|
|
|
|
- settings.edit
|
|
- settings.delete
|
|
|
|
### Member Management
|
|
|
|
- settings.member.manage
|
|
- settings.member.view
|
|
|
|
### Category Management
|
|
|
|
- category.create
|
|
- category.edit
|
|
- category.delete
|
|
|
|
### Note Management
|
|
|
|
- note.create
|
|
- note.edit
|
|
- note.delete
|
|
|
|
## Wildcard Support
|
|
|
|
Permissions support wildcard matching with \*.
|
|
|
|
Examples:
|
|
|
|
- space.product_docs.\*
|
|
- Grants all permissions for the product_docs space
|
|
- space.\*.note.create
|
|
- Grants note.create for all spaces
|
|
- `*`
|
|
- Grants all permissions globally
|
|
|
|
## Built-in Group
|
|
|
|
- Admin group is auto-created at startup if missing
|
|
- Admin group permissions:
|
|
- `*`
|