feat: viewer role with invite-based registration by akifbayram · Pull Request #67 · akifbayram/openbin

akifbayram · 2026-03-07T17:16:33Z

Summary

Adds a viewer role to the existing admin/member permission model, along with invite-based registration and per-location default join role configuration.

Viewer Role

New viewer role in location_members (schema updated with 3-way check constraint)
Viewers can browse bins and scan QR codes but cannot create, edit, delete, pin, or upload photos
Server-side enforcement via requireMemberOrAbove helper in bin/photo routes
Client-side UI guards hide action buttons, bulk actions, and FAB for viewers
usePermissions hook updated with canEdit / isViewer flags

Invite-Based Registration

REGISTRATION_MODE env var replaces REGISTRATION_ENABLED (open | invite | closed)
invite mode requires a valid location invite code during registration — user auto-joins that location
Register page shows invite code field when mode is invite; hides register link when closed

Default Join Role

default_join_role column on locations table (member or viewer)
Configurable per-location in the retention/settings dialog
New members joining via invite code receive the configured default role

Member Management

Admins can change member roles (admin/member/viewer) in the members dialog
Role badge and dropdown shown per member
Invite QR code displayed in members dialog for easy sharing

Test Plan

Register with REGISTRATION_MODE=invite using a valid invite code — verify auto-join with correct role
Register with REGISTRATION_MODE=closed — verify registration is blocked
Join a location with default_join_role=viewer — verify viewer role assigned
As viewer: verify bins are visible but create/edit/delete/pin/photo actions are hidden
As admin: change a member's role and verify it takes effect
Verify existing admin/member flows are unaffected
Run npx vitest run (client + server) — all tests pass

- Viewers cannot create bins (uses requireMemberOrAbove) - Viewers cannot edit bins; members can edit items on any bin but metadata only on bins they created - Viewers cannot pin bins - Viewers cannot upload photos - Added tests for all four restrictions

…ault join role setting

… and UI Add requireMemberOrAbove checks to batch operations, bin duplication, tag addition, and tag color management routes. Hide pin/duplicate/move actions from viewers in BinDetailToolbar, filter reorganize from sidebar for read-only users, and redirect viewers away from ReorganizePage.

akifbayram added 10 commits March 7, 2026 11:59

feat: add viewer role and default_join_role to schema

c66533f

feat: add requireMemberOrAbove role helper with tests

f80a470

feat: configurable default join role per location

5980e1c

feat: add REGISTRATION_MODE env var and invite-based registration

3a0517f

feat: update types and permissions for viewer/member/admin roles

a1ab023

feat: viewer role UI guards, invite code registration, invite QR, def…

dc65123

…ault join role setting

fix: add migrations for viewer role on existing databases

78c1a9d

chore: sort imports alphabetically in Sidebar

268997e

akifbayram merged commit 7185268 into main Mar 7, 2026
2 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: viewer role with invite-based registration#67

feat: viewer role with invite-based registration#67
akifbayram merged 10 commits intomainfrom
feat/viewer-role

akifbayram commented Mar 7, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

akifbayram commented Mar 7, 2026

Summary

Viewer Role

Invite-Based Registration

Default Join Role

Member Management

Test Plan

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant