Skip to content

Add role hierarchy and temporary assignments #55#77

Merged
Lakes41 merged 2 commits into
Adamantine-guild:mainfrom
clintjeff2:Add-role-hierarchy-and-temporary-assignments-#55
Jun 29, 2026
Merged

Add role hierarchy and temporary assignments #55#77
Lakes41 merged 2 commits into
Adamantine-guild:mainfrom
clintjeff2:Add-role-hierarchy-and-temporary-assignments-#55

Conversation

@clintjeff2

Copy link
Copy Markdown
Contributor

Description

This PR introduces comprehensive role hierarchy support and optional expiration timestamps to the access control framework. Roles now scale downward dynamically, and permissions gracefully revoke themselves automatically once a role's expiration timestamp passes, providing much finer-grained control over temporary administrative or community access.

Linked Issue

Closes #55

Type of Change

  • 🐛 Bug fix (API or policy engine)
  • ✨ New feature / endpoint
  • 📝 Documentation / OpenAPI spec update
  • 🔧 Chore / refactor / dependency update
  • 🧪 Tests only
  • ⛓️ Smart contract change (requires extra review)

Changes Made

  • Prisma Schema Optimization: Upgraded the RoleAssignment data model to support an optional expiresAt DateTime field.
  • Policy Engine (resolveEffectiveRoles): Integrated temporal checks to automatically drop expired roles relative to runtime computation clock frames.
  • Role Hierarchy Layer: Implemented explicit inheritance rules where permissions cascade downward logically:
    • admin implicitly inherits contributor and member authorization weights.
    • contributor implicitly inherits member authorization weights.
  • memberService.ts Refactor: Standardized member service routines to flush out dead duplicate methods, enhance transactional runtime safety, and align data hydration mapping perfectly with the policy engine specs.
  • Test Coverage Expansion: Added 29 comprehensive test blocks validating hierarchy cascades, boundary edge cases, and temporal revocation loops.

google-labs-jules Bot and others added 2 commits June 29, 2026 17:53
- Updated Prisma schema to include optional `expiresAt` on `RoleAssignment`.
- Enhanced policy engine to filter expired roles and implement hierarchy (admin > contributor > member).
- Updated `memberService` to pass expiration data to the policy engine.
- Fixed various bugs and inconsistencies in `memberService.ts`.
- Added comprehensive tests for hierarchy and expiration logic.

Co-authored-by: clintjeff2 <119521983+clintjeff2@users.noreply.github.com>
…-assignments-55-1064163907611436356

Add role hierarchy and temporary assignments

@Lakes41 Lakes41 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good Job

@Lakes41 Lakes41 merged commit 035ea42 into Adamantine-guild:main Jun 29, 2026
0 of 2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add role hierarchy and temporary assignments

2 participants