cameleer/cameleer-server
1
0
Fork 0
Code Issues 41 Pull Requests Actions Packages Projects Releases Wiki Activity

docs: document UI role gating for VIEWER/OPERATOR/ADMIN
All checks were successful
CI / cleanup-branch (push) Has been skipped
Details
CI / build (push) Successful in 1m37s
Details
CI / docker (push) Successful in 1m0s
Details
CI / deploy-feature (push) Has been skipped
Details
CI / deploy (push) Successful in 36s
Details

Browse Source 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
2026-04-06 15:52:25 +02:00
parent b1655b366e
commit 640a48114d
3 changed files with 19 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
docs/SERVER-CAPABILITIES.md
View File

@@ -250,6 +250,19 @@ Config fields: `metricsEnabled`, `samplingRate`, `tracedProcessors`, `logLevels`
| `OPERATOR` | VIEWER + send commands, modify config, replay |
| `ADMIN` | OPERATOR + user/group/role management, OIDC config, database admin |
### UI Role Gating
The UI enforces role-based visibility (backend ACLs remain the authoritative check):
| UI element | VIEWER | OPERATOR | ADMIN |
|-----------|--------|----------|-------|
| Exchanges, Dashboard, Runtime, Logs | Yes | Yes | Yes |
| Config tab (per-app) | Read-only | Edit | Edit |
| Route control bar | Hidden | Yes | Yes |
| Diagram node toolbar | Hidden | Yes | Yes |
| Admin sidebar section | Hidden | Hidden | Yes |
| Admin pages (`/admin/*`) | Redirect to `/` | Redirect to `/` | Yes |
### Ed25519 Config Signing
Server derives an Ed25519 keypair deterministically from the JWT secret. Public key is shared with agents at registration. Config-update payloads are signed so agents can verify authenticity.