feat: add RBAC for compliance dashboard#822
Merged
Mystery-CLI merged 4 commits intoJun 26, 2026
Merged
Conversation
|
@Damidesign Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
- Add UserRole enum (USER, COMPLIANCE, ADMIN) to Prisma schema with migration - Add requireRole/requireAdmin middleware to enforce role-based access - Protect compliance report and AML alert endpoints (COMPLIANCE | ADMIN only) - Add PUT /api/auth/users/:id/role endpoint (ADMIN only) for role assignment - Read JWT role claim in frontend; show Compliance tab only to allowed roles - Add ComplianceDashboard with access-denied guard for non-compliance users - Add RBAC unit tests (12 tests covering requireRole, requireAdmin, JWT claims) - Resolve merge conflict artifacts in schema.prisma, auth.js, and App.jsx Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Damidesign
force-pushed
the
feat/rbac-compliance-dashboard
branch
from
5684721 to
f5e7f09
Compare
- Fix invalid actions/upload-artifact SHA pin across 15 workflow files (4cec3d8 was an invalid commit hash, update to @v4) - Fix ESLint lint scripts in backend/package.json and frontend/package.json to use flat config (ESLint v9 requires eslint.config.js, not .eslintrc.js) - Fix migration-smoke-test to use npm install --ignore-scripts to avoid husky failing when installing backend workspace dependencies - Fix npm audit to use --audit-level=critical (resolved critical shell-quote vulnerability via npm audit fix; 5 remaining high vulns need --force to fix) - Update package-lock.json after npm audit fix Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…script - Fix stellar.js: remove premature try-close at line 280 (orphaned catch) - Fix TxLookup.jsx: remove jsx-a11y eslint-disable comments for missing plugin - Fix Skeleton.jsx: justify-content CSS property must be camelCase in JSX styles - Fix ErrorBoundary.jsx: use this.setState() not direct state mutation - Fix usePWA.js: add comment to empty catch blocks (no-empty rule) - Fix StateDebugger.jsx: move useAppState hook before conditional return - Fix eslint.config.js: remove jsx-a11y/no-autofocus (plugin not registered), merge duplicate ignores keys Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
this pr closes #701
this pr closes #702
this pr closes #583
this pr closes #584