RBAC Console
AuthorizationPage — manage roles, claims & scopes
AuthorizationPage is the admin UI for the Authorization model. It renders the roles, the auto-seeded claims and the role→claim assignments your config defines, and lets a godmin edit them visually — including the row-level scope on each assignment. It's the human front-end to everything the claim-check middleware enforces.
It's a pure consumer of generated CRUD actions over the roles, claims and role_claims system tables — you wire nine actions and the page composes three coordinated panels. Theme it with authorizationPageTheme / extendAuthorizationPageTheme and drive its useAuthorizationStore directly if you need a custom layout.
Wiring the console#
AuthorizationPage takes typed actions for roles, claims and role-claims. Update actions are optional — omit them for a read-only view.
1import { AuthorizationPage } from "nucleus-core/fe";2import { useApiActions } from "@/lib/api";3 4const a = useApiActions();5 6<AuthorizationPage7 getRolesAction={a.GET_ROLES}8 addRoleAction={a.CREATE_ROLE}9 deleteRoleAction={a.DELETE_ROLE}10 getClaimsAction={a.GET_CLAIMS}11 getRoleClaimsAction={a.GET_ROLE_CLAIMS}12 addRoleClaimAction={a.CREATE_ROLE_CLAIM}13 deleteRoleClaimAction={a.DELETE_ROLE_CLAIM}14 updateRoleClaimAction={a.UPDATE_ROLE_CLAIM}15 defaultMethodFilter="get"16/>;role actionsgetRolesAction · addRoleAction · deleteRoleAction · updateRoleAction?OptionalBack the RoleList panel — list, create and delete roles (update optional). Operate on the roles system table.
claim actionsgetClaimsActionOptionalFeeds the ClaimList — the full set of claims, mostly auto-seeded from your entities (get.product, post.order, get.product.price, …). Filterable by entity and HTTP method via defaultEntityFilter / defaultMethodFilter.
role-claim actionsgetRoleClaims · addRoleClaim · deleteRoleClaim · updateRoleClaim?OptionalPower the RoleClaimEditor — toggle a claim onto the selected role and write the assignment row. updateRoleClaimAction persists scope edits.
callbacksonRoleCreated / onRoleDeleted / onClaimToggledOptionalFire after each mutation so you can toast or refresh; the page already updates its own store optimistically.
The three panels#
The page composes three sub-components you can also use standalone.
RoleListroles + create/deleteOptionalLists roles, selects the active one, and has an inline create form (name + description) and delete. Selecting a role drives the editor.
ClaimListbrowse claimsOptionalA read view of every claim in the system — the catalogue of permissions the entities generated, so you can see what's assignable.
RoleClaimEditortoggle + scopeOptionalFor the selected role, toggles each claim on/off (writes/removes a role_claims row) and edits the scope string per assignment — including self: references for row-level ownership. This is the visual editor for the exact scopeFilters the backend applies.
Related sections