cameleer/cameleer-server
1
0
Fork 0
Code Issues 42 Pull Requests Actions Packages Projects Releases Wiki Activity

Non-admin user landing experience (VIEWER/OPERATOR) #82

New Issue
Open
opened 2026-03-17 19:14:37 +01:00 by claude · 0 comments
claude commented 2026-03-17 19:14:37 +01:00
Owner
Copy Link

Context

Local users created via the admin UI get the VIEWER role by default. They can log in successfully, but:

  • The admin pages (RBAC, OIDC, thresholds, etc.) are gated behind ADMIN role
  • The sidebar hides admin links for non-ADMIN users
  • There is no profile page or self-service area for regular users
  • VIEWER/OPERATOR users land on the main dashboard but have no way to manage their own account

Requirements

User profile page

  • Route: /profile or /settings
  • Accessible to all authenticated users
  • Shows: display name, email, provider, roles, group memberships (read-only)
  • Self-service actions: change display name, change password (local users only, see #80)

Navigation

  • Add a user menu (avatar/name in header or sidebar) that links to profile
  • Show current user's roles somewhere visible (e.g., profile page or user menu tooltip)

Role-appropriate landing

  • VIEWER: can view dashboards, search, diagrams — ensure these pages work well without command buttons
  • OPERATOR: same as VIEWER plus command buttons (overlaps with #42)
  • ADMIN: full access as today

Notes

  • This becomes important once per-user password login is merged (feature/rbac-management)
  • Without this, creating non-admin users is mostly useless since they have no self-service capabilities
## Context Local users created via the admin UI get the VIEWER role by default. They can log in successfully, but: - The admin pages (RBAC, OIDC, thresholds, etc.) are gated behind `ADMIN` role - The sidebar hides admin links for non-ADMIN users - There is no profile page or self-service area for regular users - VIEWER/OPERATOR users land on the main dashboard but have no way to manage their own account ## Requirements ### User profile page - Route: `/profile` or `/settings` - Accessible to all authenticated users - Shows: display name, email, provider, roles, group memberships (read-only) - Self-service actions: change display name, change password (local users only, see #80) ### Navigation - Add a user menu (avatar/name in header or sidebar) that links to profile - Show current user's roles somewhere visible (e.g., profile page or user menu tooltip) ### Role-appropriate landing - VIEWER: can view dashboards, search, diagrams — ensure these pages work well without command buttons - OPERATOR: same as VIEWER plus command buttons (overlaps with #42) - ADMIN: full access as today ## Notes - This becomes important once per-user password login is merged (`feature/rbac-management`) - Without this, creating non-admin users is mostly useless since they have no self-service capabilities
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
accessibility
Accessibility (a11y) improvements
 bug
Something isn't working correctly
 cleanup
Code cleanup, dead code removal, refactoring
 epic
Epic: groups related issues
 feature
New functionality
 pmf
Product-market fit: critical for first market offer
 route-diagram
Route diagram page and execution overlay
 security
Authentication, authorization, RBAC
 ui
Frontend / React UI
 ux
UX/usability improvements
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
claude
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: cameleer/cameleer-server#82
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?