icub3d/decentcom
1
0
Fork 0
Code Issues 21 Pull requests Projects Releases Packages 1 Wiki Activity Actions

type:feature: Fine-grained Permissions #62

New issue
Open
opened 2026-04-26 16:46:18 +00:00 by icub3d · 0 comments
icub3d commented 2026-04-26 16:46:18 +00:00
Owner
Copy link

Migrated from GitHub issue icub3d/decentcom#88
Original Author: @icub3d
Original Date: 2026-04-18T15:00:28Z

Feature: Fine-grained Permissions

Overview

Extend the role-based permission system with additional, more granular permission bits to support complex server configurations, bot management, and historical access control.

Background

The current permission system uses a 64-bit mask but only defines 14 bits. To support common server needs (like read-only announcement channels with historical access control or restricting bot command usage), we need more specific flags.

Requirements

  • Add READ_MESSAGE_HISTORY (bit 14) - Allow viewing messages sent before the user's current session or before they joined.
  • Add USE_APPLICATION_COMMANDS (bit 15) - Allow using slash commands or interacting with bots.
  • Add CREATE_INVITE (bit 16) - Separate the ability to create new invites from the ability to manage/delete them (MANAGE_INVITES).
  • Update ALL_PERMISSIONS and @admin role to include these new bits.
  • Enforce these permissions in the relevant API handlers.

Design

API / Interface Changes

  • Update server/src/permissions.rs to include the new constants.
  • Update server/src/messages/handlers.rs to check READ_MESSAGE_HISTORY in list_messages.
  • Update server/src/invites/handlers.rs (if it exists) to check CREATE_INVITE.

Data Model Changes

  • Update the default permissions for the @everyone and @admin roles in the database migration (server/migrations/002_roles.sql) or via a new migration.

Component Changes

  • server/src/permissions.rs: Define new bit constants.
  • server/src/messages/handlers.rs: Update list_messages to check READ_MESSAGE_HISTORY.

Task List

  • Define new permission constants in server/src/permissions.rs.
  • Create a new database migration to update existing roles if necessary (or just update the seed logic).
  • Implement permission checks in list_messages for READ_MESSAGE_HISTORY.
  • Implement permission checks for CREATE_INVITE in the invite creation handler.
  • (Future) Implement UI toggle for these permissions in the client.

Test List

  • Unit test in permissions.rs to verify bitwise operations with new bits.
  • Integration test: A user with READ_MESSAGES but without READ_MESSAGE_HISTORY can see live messages but cannot fetch past ones.
  • Integration test: A user without CREATE_INVITE cannot create an invite link even if they have other membership permissions.

Open Questions

  • Should READ_MESSAGE_HISTORY apply to all messages in the channel or only those since the user joined? (Standard behavior is usually "all messages in the channel if they have the bit").
**Migrated from GitHub issue icub3d/decentcom#88** **Original Author:** @icub3d **Original Date:** 2026-04-18T15:00:28Z --- # Feature: Fine-grained Permissions ## Overview Extend the role-based permission system with additional, more granular permission bits to support complex server configurations, bot management, and historical access control. ## Background The current permission system uses a 64-bit mask but only defines 14 bits. To support common server needs (like read-only announcement channels with historical access control or restricting bot command usage), we need more specific flags. ## Requirements - [ ] Add `READ_MESSAGE_HISTORY` (bit 14) - Allow viewing messages sent before the user's current session or before they joined. - [ ] Add `USE_APPLICATION_COMMANDS` (bit 15) - Allow using slash commands or interacting with bots. - [ ] Add `CREATE_INVITE` (bit 16) - Separate the ability to create new invites from the ability to manage/delete them (`MANAGE_INVITES`). - [ ] Update `ALL_PERMISSIONS` and `@admin` role to include these new bits. - [ ] Enforce these permissions in the relevant API handlers. ## Design ### API / Interface Changes - Update `server/src/permissions.rs` to include the new constants. - Update `server/src/messages/handlers.rs` to check `READ_MESSAGE_HISTORY` in `list_messages`. - Update `server/src/invites/handlers.rs` (if it exists) to check `CREATE_INVITE`. ### Data Model Changes - Update the default permissions for the `@everyone` and `@admin` roles in the database migration (`server/migrations/002_roles.sql`) or via a new migration. ### Component Changes - `server/src/permissions.rs`: Define new bit constants. - `server/src/messages/handlers.rs`: Update `list_messages` to check `READ_MESSAGE_HISTORY`. ## Task List - [ ] Define new permission constants in `server/src/permissions.rs`. - [ ] Create a new database migration to update existing roles if necessary (or just update the seed logic). - [ ] Implement permission checks in `list_messages` for `READ_MESSAGE_HISTORY`. - [ ] Implement permission checks for `CREATE_INVITE` in the invite creation handler. - [ ] (Future) Implement UI toggle for these permissions in the client. ## Test List - [ ] Unit test in `permissions.rs` to verify bitwise operations with new bits. - [ ] Integration test: A user with `READ_MESSAGES` but without `READ_MESSAGE_HISTORY` can see live messages but cannot fetch past ones. - [ ] Integration test: A user without `CREATE_INVITE` cannot create an invite link even if they have other membership permissions. ## Open Questions - Should `READ_MESSAGE_HISTORY` apply to all messages in the channel or only those since the user joined? (Standard behavior is usually "all messages in the channel if they have the bit").
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
feature/115-chatbot-2
feature/16-dms
gh-pages
No results found.
Labels
Clear labels   
area:api
Backend endpoints, REST, DB, Gateway

  
area:core
Shared Rust logic, crypto, Tauri shell

  
area:docs
Documentation, OpenAPI specs, architecture

  
area:infra
Deployment, Docker, build tools

  
area:ux
Frontend UI, React components, Tailwind

  
dependencies
Pull requests that update a dependency file

  
documentation
Improvements or additions to documentation

  
duplicate
This issue or pull request already exists

  
good first issue
Good for newcomers

  
help wanted
Extra attention is needed

  
invalid
This doesn't seem right

  
question
Further information is requested

  
rust
Pull requests that update rust code

  
status:complete
Feature fully implemented

  
status:partial
Partially implemented (server done, client pending)

  
status:planned
Not yet started

  
type:bug
Bug fixes

  
type:design
Architectural changes, major design decisions

  
type:feature
New features

  
type:infra
Infrastructure and CI/CD changes

  
type:refactor
Code improvements without behavioral changes

  
type:research
Spikes, investigating new tech

  
type:ux
User experience improvements

  
wontfix
This will not be worked on

No labels
area:api
area:core
area:docs
area:infra
area:ux
dependencies
documentation
duplicate
good first issue
help wanted
invalid
question
rust
status:complete
status:partial
status:planned
type:bug
type:design
type:feature
type:infra
type:refactor
type:research
type:ux
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
icub3d/decentcom#62
No description provided.