Ske_Signage/ROLE_BASED_ACCESS_CONTROL.md

Ske_Signage Role-Based Access Control Implementation

Summary of Changes

This document outlines the modifications made to implement proper role-based access control in the Ske_Signage project, ensuring that both 'admin' and 'sadmin' roles have appropriate access to user management functions while maintaining the 'sadmin' role as the highest privilege level.

Modified Files

1. /app/routes/admin.py

Changes made:

• create_user function (lines ~75-85):

  • Changed restriction from completely preventing sadmin creation to allowing only sadmin users to create other sadmin users
  • Regular admins can now create admin and user roles, but not sadmin

• edit_user function (lines ~460-470):

  • Changed from completely preventing sadmin editing to allowing sadmin users to edit other sadmin users
  • Regular admins cannot modify sadmin users or assign sadmin role

• delete_user function (lines ~108-130):

  • Changed decorator from @super_admin_required to @admin_required
  • Added protection so only sadmin users can delete other sadmin users
  • Regular admins can delete admin and user roles, but not sadmin

2. /app/templates/admin/index.html

Changes made:

• User row clickability (line ~164):

  • Modified logic to allow sadmin users to edit other sadmin users
  • user.role != 'sadmin' or current_user.is_super_admin

• Edit action visibility (lines ~190-196):

  • Updated to show edit option for sadmin users when current user is also sadmin
  • Shows "Protected" badge only for sadmin users when current user is not sadmin

• Edit form expandable rows (line ~202):

  • Modified condition to allow sadmin editing by other sadmin users

• Role selection in edit form (lines ~224-230):

  • Added sadmin option only visible to super admin users
  • {% if current_user.is_super_admin %}<option value="sadmin">{% endif %}

• Delete user section (lines ~252-267):

  • Changed from sadmin-only to admin-accessible with restrictions
  • Regular admins can delete non-sadmin users
  • Only sadmin can delete other sadmin users

• Create user modal (lines ~578-586):

  • Added sadmin option only visible to super admin users

3. /app/templates/base.html

Changes made:

• Navigation menu (line ~83):
  • Changed from current_user.is_admin to current_user.has_admin_access
  • Now both admin and sadmin users can see admin navigation options

Role Hierarchy

Super Admin (sadmin)

• Full access: Can create, edit, and delete all users including other sadmin users
• Exclusive privileges: Only role that can assign sadmin role to others
• Ultimate control: Has access to all admin functions

Admin

• User management: Can create, edit, and delete regular users and other admins
• Restrictions: Cannot create, edit, or delete sadmin users
• Cannot: Assign sadmin role to any user

User

• Limited access: Cannot access admin functions
• Standard user: Can only access regular user features

Security Features

1. Privilege Escalation Prevention: Regular admins cannot create or promote users to sadmin
2. Self-Protection: Users cannot edit or delete their own accounts
3. Role Protection: Sadmin users are protected from modification by regular admins
4. Hierarchical Deletion: Admins can only delete users at their level or below (except sadmin)

Template Logic

The templates now use conditional logic to show/hide features based on user roles:

• current_user.is_super_admin: Only for sadmin users
• current_user.has_admin_access: For both admin and sadmin users
• current_user.is_admin: For admin users only

Validation

All backend routes now include proper validation to:

• Prevent unauthorized role assignments
• Protect sadmin users from unauthorized modifications
• Ensure proper access control at the API level
• Provide meaningful error messages for restricted actions

This implementation ensures that the admin role has proper access to create, edit, and delete users while maintaining the sadmin role as the supreme administrator with full control over all aspects of user management.