audit: 33-agent comprehensive audit + critical fixes
Full team audit run, all reports verbatim in docs/AUDIT-2026-05-12.md (5900+ lines, 30+ critical findings). Already-fixed this commit: - permission-overrides PUT: self-target block + RolePermissions allow-list + cross-tenant guard - /api/auth/resolve-identifier: rate-limit + synthetic miss-email kill enumeration - admin email-change: rotates account.accountId + revokes sessions - middleware: token-gated email confirm/cancel routes whitelisted - NAV_CATALOG: 10 dead-link sweeps to existing /admin/<x> targets Feature work landing same commit: optional username sign-in (migration 0054), per-user permission overrides (0055) with three-state matrix tabbed inside UserForm, user disable button, role + outcome + stage label normalisation across the platform, admin email-change with auto-notification template. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -244,6 +244,14 @@ export const userProfiles = pgTable(
|
||||
firstName: text('first_name'),
|
||||
lastName: text('last_name'),
|
||||
displayName: text('display_name').notNull(),
|
||||
/**
|
||||
* Optional sign-in alias. Lowercase a-z0-9 plus dot/underscore/hyphen,
|
||||
* 3–30 chars (shape pinned by `chk_user_profiles_username_shape`).
|
||||
* Case-insensitive uniqueness is enforced by a partial unique index on
|
||||
* LOWER(username); NULL allows the column to coexist with users who
|
||||
* still sign in by email. See migration 0054.
|
||||
*/
|
||||
username: text('username'),
|
||||
avatarUrl: text('avatar_url'),
|
||||
/** FK into the polymorphic `files` table — the avatar is stored
|
||||
* via getStorageBackend() so an S3↔filesystem swap carries it
|
||||
@@ -278,6 +286,42 @@ export const roles = pgTable('roles', {
|
||||
updatedAt: timestamp('updated_at', { withTimezone: true }).notNull().defaultNow(),
|
||||
});
|
||||
|
||||
/**
|
||||
* Per-user permission overrides layered on top of the role's baseline for
|
||||
* a specific port. Each row carries a `Partial<RolePermissions>` map; any
|
||||
* explicitly-set leaf wins over the role + port-role-override chain. Most
|
||||
* users will never have a row here — it exists for the rare "give Alice
|
||||
* the same role as her team but let her run permanent deletes" case.
|
||||
*
|
||||
* Effective permission resolution lives in `getEffectivePermissions` in
|
||||
* src/lib/services/permissions.service.ts.
|
||||
*/
|
||||
export const userPermissionOverrides = pgTable(
|
||||
'user_permission_overrides',
|
||||
{
|
||||
id: text('id')
|
||||
.primaryKey()
|
||||
.$defaultFn(() => crypto.randomUUID()),
|
||||
userId: text('user_id').notNull(),
|
||||
portId: text('port_id')
|
||||
.notNull()
|
||||
.references(() => ports.id, { onDelete: 'cascade' }),
|
||||
permissionOverrides: jsonb('permission_overrides')
|
||||
.$type<Partial<RolePermissions>>()
|
||||
.notNull()
|
||||
.default({}),
|
||||
createdAt: timestamp('created_at', { withTimezone: true }).notNull().defaultNow(),
|
||||
updatedAt: timestamp('updated_at', { withTimezone: true }).notNull().defaultNow(),
|
||||
},
|
||||
(table) => [
|
||||
uniqueIndex('idx_user_perm_overrides_user_port').on(table.userId, table.portId),
|
||||
index('idx_user_perm_overrides_user').on(table.userId),
|
||||
],
|
||||
);
|
||||
|
||||
export type UserPermissionOverride = typeof userPermissionOverrides.$inferSelect;
|
||||
export type NewUserPermissionOverride = typeof userPermissionOverrides.$inferInsert;
|
||||
|
||||
export const portRoleOverrides = pgTable(
|
||||
'port_role_overrides',
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user