coldbox-security-rbac

What problem does it solve?

Centralizes access control by replacing ad-hoc permission checks with a role-and-permission model so teams can consistently enforce who can view, modify, or manage application resources.

Core Features & Use Cases

• Persistent Role & Permission Storage: Database schema for roles, permissions, role_permissions pivot, and user_roles pivot to store RBAC data.
• Role and User Services: RoleService and UserService patterns for creating roles, assigning permissions, assigning/removing roles from users, and resolving effective permissions including hierarchical inheritance.
• Handler and Route Enforcement: Examples showing handler-level checks using cbsecurity, CBSecurity rules for route-level protection, and patterns for protecting sensitive actions like deleting admin users.
• Use Case: Protect an admin dashboard and critical endpoints in a CMS by defining viewer/editor/admin roles, assigning permissions, and enforcing checks both in handlers and in module settings.

Quick Start

Create roles with RoleService, assign permissions and user roles with UserService, then check permissions inside handlers using cbsecurity.can before executing sensitive actions.