Skip to main content

Roles & Permissions

Control access with granular precision.

Overview

LibreApps Desktop uses a Role-Based Access Control (RBAC) system to manage user permissions. This allows you to define specific roles (e.g., Admin, Editor, Viewer) and assign them to users, controlling what they can see and do within the dashboard.

Key Concepts

  • Permissions: The smallest unit of access control (e.g., view_analytics, edit_users, delete_orders).
  • Roles: A collection of permissions (e.g., an Admin role might have all permissions, while a Viewer role only has view_* permissions).
  • User-Role Assignment: The process of assigning one or more roles to a user.

How it Works

  1. Definition: Roles and permissions are defined in the backend (e.g., in Keycloak or your database).
  2. Assignment: Admins assign roles to users via the user management interface.
  3. Enforcement (Backend): The backend API checks the user's roles and permissions before performing any sensitive action.
  4. Enforcement (Frontend): The frontend uses the user's roles to conditionally show or hide UI elements (e.g., hiding the "Delete" button for users without the delete_* permission).

Implementation in LibreApps Desktop

LibreApps Desktop provides a set of helper functions and components for working with roles and permissions:

import { useHasPermission } from '@/hooks/use-permissions';

export function MyComponent() {
  const canEdit = useHasPermission('edit_users');

  return (
    <div>
      {canEdit && <button>Edit User</button>}
    </div>
  );
}

Best Practices

  • Do this: Use the principle of least privilege; only give users the permissions they need to do their job.
  • Do this: Group permissions into logical roles for easier management.
  • Don't do this: Hardcode role checks in your UI; use the provided hooks and components for a more maintainable approach.