mirror of
https://github.com/BEDOLAGA-DEV/remnawave-bedolaga-telegram-bot.git
synced 2026-03-01 15:52:30 +00:00
Backend: - 4 new models: AdminRole, UserRole, AccessPolicy, AdminAuditLog - Permission engine with RBAC wildcard matching + ABAC policy evaluation - 26 permission sections (78 unique permissions) covering all admin routes - require_permission() FastAPI dependency for route-level access control - JWT tokens carry permissions, roles, role_level for frontend checks - Admin roles CRUD with level-based hierarchy (viewers → superadmin) - ABAC policies with time ranges and IP whitelist conditions - Full audit log with CSV export - Bootstrap service seeds 5 preset roles and assigns superadmins at startup - Alembic migration 0011 for all RBAC tables