Some sensitive endpoints (alert acknowledgement, camera live stream) need clearer role gating so that USER accounts cannot perform
agent/admin-only actions. The platform also needs a reliable way to know, ahead of time, whether the current user can perform a given
action.
Goals
- Enforce role checks on sensitive actions and ensure USER is blocked on:
- Alert acknowledgement (sequence labeling, sequence unmatch)
- Camera live stream access
- Return a clean, machine-readable error payload when access is denied, so the platform can display a proper message to the end user
(e.g. consistent detail + an error code like forbidden_role).
- Add a GET /users/me/permissions (or equivalent) endpoint that returns, for the authenticated user, which actions they are allowed to
perform (e.g. can_acknowledge_alert, can_access_live_stream, can_label_sequence, …). The frontend should rely on this rather than
hardcoding role logic.
Some sensitive endpoints (alert acknowledgement, camera live stream) need clearer role gating so that USER accounts cannot perform
agent/admin-only actions. The platform also needs a reliable way to know, ahead of time, whether the current user can perform a given
action.
Goals
(e.g. consistent detail + an error code like forbidden_role).
perform (e.g. can_acknowledge_alert, can_access_live_stream, can_label_sequence, …). The frontend should rely on this rather than
hardcoding role logic.