Skip to content

Feature/rbac #120

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 12 commits into from
Nov 1, 2025
Merged

Feature/rbac #120

merged 12 commits into from
Nov 1, 2025

Conversation

@fulleni
Copy link
Member

@fulleni fulleni commented Nov 1, 2025
edited
Loading

Status

READY

Description

This pull request integrates a comprehensive Role-Based Access Control (RBAC) system into the dashboard. This system ensures that users can only interact with the parts of the application relevant to their specific roles, such as 'admin' or 'publisher'. It enhances security by preventing unauthorized navigation and improves user experience by presenting a tailored interface.

Type of Change

  • ✨ New feature (non-breaking change which adds functionality)
  • 🛠️ Bug fix (non-breaking change which fixes an issue)
  • ❌ Breaking change (fix or feature that would cause existing functionality to change)
  • 🧹 Code refactor
  • ✅ Build configuration change
  • 📝 Documentation
  • 🗑️ Chore

@fulleni
feat(router): implement route permissions mapping
72973ce 
- Create a new file for defining route permissions based on user roles
- Establish a centralized mapping of dashboard user roles to permitted routes
- Include permissions for admin and publisher roles
- Utilize the existing Routes and DashboardUserRole enums
@fulleni
feat(router): implement role-based access control (RBAC)
77f1cd6 
- Add Role-Based Access Control to restrict user access based on their role
- Integrate localization for unauthorized access messages
- Implement redirect logic for unauthorized users
- Update router to handle RBAC and localization
@fulleni
feat(app_shell): implement role-based navigation filtering
af0328b 
- Add core dependency for AppBloc and AppState
- Implement role-based filtering for navigation destinations
- Admin can see all destinations
- Publisher can only see Overview and Content Management
- Refactor widget build process to use BlocBuilder
@fulleni
feat(l10n): add unauthorized access redirect message
cd4d0ac 
- Add new localization entries for unauthorized access redirect message in both Arabic and English
- Update app_ar.arb and app_en.arb files with the new translations
@fulleni
build: l10n
f81bfd0
@fulleni
docs(README): add role-based access control description
5370336 
- Introduce RBAC system for secure team member access
- Highlight protected navigation and conditional UI features
- Explain advantages for team efficiency and security
- Add section to README, maintaining content structure
@fulleni fulleni self-assigned this Nov 1, 2025
@gemini-code-assist
Copy link

gemini-code-assist bot commented Nov 1, 2025

Summary of Changes

Hello @fulleni, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request integrates a comprehensive Role-Based Access Control (RBAC) system into the dashboard. This system ensures that users can only interact with the parts of the application relevant to their specific roles, such as 'admin' or 'publisher'. It enhances security by preventing unauthorized navigation and improves user experience by presenting a tailored interface.

Highlights

  • Role-Based Access Control (RBAC) Implementation: Introduced a robust RBAC system to restrict user access to dashboard sections based on their assigned roles.
  • Dynamic Navigation Filtering: The navigation sidebar now dynamically adapts, displaying only the links and tools a user is permitted to see.
  • Unauthorized Access Redirection: Implemented a mechanism to prevent direct URL access to restricted areas, automatically redirecting unauthorized users to a safe page with a notification.
  • Centralized Route Permissions: A new file route_permissions.dart centralizes the mapping of user roles to their allowed routes, simplifying access management.
  • Localization for Access Messages: Added internationalization support for the unauthorized access redirection message.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

@fulleni fulleni added this to the Foundation Edition milestone Nov 1, 2025
gemini-code-assist[bot]
gemini-code-assist bot reviewed Nov 1, 2025
View reviewed changes
Copy link

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a Role-Based Access Control (RBAC) system, which is a great feature for managing user permissions. The implementation correctly uses a centralized permissions map and handles redirection for unauthorized access. However, I've found a critical issue in the AppShell widget where the navigation logic is flawed and will break with different role configurations. Additionally, there's a point for improvement in the router's redirect logic to avoid side effects. The changes to localization and documentation are well-implemented.

@fulleni
refactor(app): improve navigation item filtering and selection
67ac4d8 
- Implement role-based filtering for navigation items
- Add support for parallel list of route names for permission checking
- Introduce indexedDestinations to maintain order and association
- Enhance selectedIndex determination for accessible destinations
- Update goBranch logic to handle filtered navigation items
@fulleni
fix(l10n): remove redundant "Redirecting:" from access denial messages
ae0a829 
- Remove "Redirecting:" prefix from unauthorizedAccessRedirect message in app_ar.arb and app_en.arb
- Keep the description of the message intact
@fulleni
style: format
0446ede
@fulleni
Copy link
Member Author

fulleni commented Nov 1, 2025

/gemini review

gemini-code-assist[bot]
gemini-code-assist bot reviewed Nov 1, 2025
View reviewed changes
Copy link

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a comprehensive Role-Based Access Control (RBAC) system, which is a significant improvement for the application's security and user management. The implementation is well-structured, with clear separation of concerns for UI rendering in AppShell and route protection in GoRouter. My review includes suggestions to enhance maintainability by refactoring how navigation items are defined, and to fix a potential runtime error related to showing a SnackBar within the router's redirect logic. I've also pointed out some leftover debugging code that should be removed.

@fulleni
refactor(router): remove unused localization and snackbar redirect
25a00ee 
- Remove unused localization import and unused l10n variable
- Remove snackbar display for unauthorized access redirect
- Add print statement for unauthorized access attempt
- Update redirect comment to explain safe redirect logic
@fulleni
refactor(l10n): remove unauthorized access redirect localization
8631472 
- Remove "unauthorizedAccessRedirect" key and its description from app_ar.arb and app_en.arb files
- This change simplifies the localization files by removing unnecessary entries
@fulleni
build: l10n
c021c5f
@fulleni fulleni merged commit 29312ac into main Nov 1, 2025
1 check failed
@fulleni fulleni deleted the feature/rbac branch November 1, 2025 10:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@fulleni fulleni

Labels

None yet

Projects

None yet

Milestone

Foundation Edition

Development

Successfully merging this pull request may close these issues.

2 participants

@fulleni