BrixFax Px4

Tableau de Bord

Users and Rights

First pass: role management only. No delete/reset/group tools here.

Rights overview matrix
Role Read / browse Create / add Own submissions Pending queue Approve / reject Edit Delete / destructive Users / admin tools
Public (not logged in) Accepted public
catalogue only
No No No No No No No
Viewer Accepted public
catalogue only
No No No No No No No
Contributor Accepted public catalogue
+ own submitted rows
where allowed
EANs, prices,
reviews as pending
Yes Own pending only No No / limited later No No
Editor Accepted + pending/all
moderated content
Yes Yes All pending Yes, intended
moderation role
Yes, intended
content role
No or limited;
owner-only for
destructive/admin tools
No
Owner Everything Yes Yes All pending Yes Yes Yes / owner-only Yes

RLS and API checks are the real protection. This table is the owner-facing summary of the intended app rights. Public is not a stored user role. It means anyone not logged in.

Role rights reference
Role View catalogue Accepted Mine Pending All Add prices Add reviews Add EANs Add catalogue items Accepted directly Manage images Reassign tools Manage users Owner tools
public (anon, not logged in)
viewer
contributor Own only Pending Pending Pending — / Admin
editor Global Global — / Admin
owner Global Global

Note: public/anon/not logged in is not a stored profile role. viewer/contributor/editor/owner are logged-in roles stored in profiles.app_role. Accepted means visible in normal public browsing. Mine means the current logged-in user's own submissions. Pending means awaiting review. All means accepted + pending + rejected. Some image/admin tools still depend on the separate app_admins check during migration.

Checking owner access...