Skip to main content

User Permissions Reference

This document details the available permissions in the system and the actions they control. The system uses Role-Based Access Control (RBAC) enforced via the @Permissions() decorator.

Permissions List

Permission ConstantDescriptionKey Modules/Endpoints
MANAGE_USERSFull control over user accounts (non-admin).UsersController, Auth
MANAGE_DEVICESCreate, update, delete devices and their configurations.devices, device-config
MANAGE_CONTENTManage synagogue content (Shiurim, Messages, Halachic Times).Shior, GeneralMessage, Zmanim
MANAGE_ALERTSConfigure alert rules and monitor alerts.AlertRules
MANAGE_REMOTE_CONTROLSend remote commands to Android TV devices (Reset, Screen Off).RemoteControl
MANAGE_REPORTSGenerate and download system reports.Reports
MANAGE_NOTIFICATIONSConfigure notification preferences and scheduling.Notifications
MANAGE_WHATSAPPConnect WhatsApp sessions, send messages, manage templates.WhatsappController
MANAGE_EMAIL_CONFIGConfigure SMTP settings.EmailConfig
MANAGE_SMS_CONFIGConfigure SMS provider settings.SmsConfig
MANAGE_SYSTEMHigh-level system ops: Backups, Logs, Updates.SystemController
SYSTEM_CONFIG_READRead-only access to system configuration.SystemController (GET)
SYSTEM_CONFIG_WRITEModify system configuration entries.SystemController (PUT)
VIEW_DASHBOARDAccess the main dashboard statistics.Dashboard
VIEW_ANALYTICSAccess detailed analytics modules.Analytics
VIEW_SYSTEM_HEALTHMonitor system health status.Health
VIEW_SYSTEM_METRICSView low-level metrics (CPU/RAM).Telemetry

Usage in Code

To protect a controller or a specific endpoint, use the @Permissions decorator:

// Protect entire controller
@Controller('devices')
@Permissions(Permission.MANAGE_DEVICES)
export class DevicesController {}

// Protect specific method
@Get('backup')
@Permissions(Permission.MANAGE_SYSTEM)
createBackup() {}

Admin Bypass

Users with isAdmin: true or role: 'Admin' automatically bypass all permission checks unless explicitly handled within the service logic (like Tenant isolation for impersonation).