RBAC and Doc updates

2025-10-13 14:05:01 +00:00
parent f721be7280
commit d4b88e0952
13 changed files with 1400 additions and 208 deletions
--- a/database/README.md
+++ b/database/README.md
@@ -2,6 +2,26 @@

 This mailing list system uses MySQL with **Postfix's native MySQL support** for real-time dynamic list management. Postfix queries the database directly for each email - no scripts or reloads needed.

+## Management Options
+
+**1. Web Interface (Recommended for Non-Technical Users)**
+- Access: http://localhost:3000
+- Visual interface with tables and forms
+- Toggle-based subscription management
+- No SQL knowledge required
+
+**2. REST API (Recommended for Automation)**
+- Access: http://localhost:8000/docs
+- Full CRUD operations via HTTP
+- Token authentication
+- Perfect for scripts and integrations
+
+**3. Direct MySQL (Recommended for Advanced Users)**
+- Full SQL access for complex queries
+- Bulk operations and reporting
+- Database administration tasks
+- Described in detail below
+
 ## Database Schema

 Three-table design with many-to-many relationships:
@@ -36,7 +56,38 @@ Three-table design with many-to-many relationships:

 ## Managing Lists and Members

-### Via MySQL Client
+### Via Web Interface (Easiest)
+
+1. Open http://localhost:3000 in your browser
+2. Enter your API_TOKEN (from .env file)
+3. Use the tabs to:
+   - **Lists Tab**: View, create, edit, delete mailing lists
+   - **Members Tab**: View, add, edit, remove members
+   - **Subscriptions**: Click "Subscriptions" button on any member to toggle their list memberships
+
+### Via REST API (For Automation)
+
+See `api/README.md` for complete API documentation, or visit http://localhost:8000/docs for interactive docs.
+
+Quick examples:
+```bash
+# Get all lists
+curl -H "Authorization: Bearer $API_TOKEN" http://localhost:8000/lists
+
+# Create member
+curl -X POST http://localhost:8000/members \
+  -H "Authorization: Bearer $API_TOKEN" \
+  -H "Content-Type: application/json" \
+  -d '{"name":"John Doe","email":"john@example.com","active":true}'
+
+# Subscribe to list
+curl -X POST http://localhost:8000/subscriptions \
+  -H "Authorization: Bearer $API_TOKEN" \
+  -H "Content-Type: application/json" \
+  -d '{"list_email":"community@lists.sasalliance.org","member_email":"john@example.com"}'
+```
+
+### Via MySQL Client (Advanced)

 Connect to the database:

--- a/database/schema.sql
+++ b/database/schema.sql
@@ -1,5 +1,37 @@
 -- Mail List Manager Database Schema

+-- Table: users
+-- Stores user authentication and authorization information
+CREATE TABLE IF NOT EXISTS users (
+    user_id INT AUTO_INCREMENT PRIMARY KEY,
+    username VARCHAR(50) NOT NULL UNIQUE,
+    password_hash VARCHAR(255) NOT NULL,  -- bcrypt hash
+    role ENUM('administrator', 'operator', 'read-only') NOT NULL DEFAULT 'read-only',
+    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+    updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+    last_login TIMESTAMP NULL,
+    active BOOLEAN DEFAULT TRUE,
+    INDEX idx_username (username),
+    INDEX idx_role (role),
+    INDEX idx_active (active)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+
+-- Table: user_sessions
+-- Stores active user sessions for authentication
+CREATE TABLE IF NOT EXISTS user_sessions (
+    session_id VARCHAR(64) PRIMARY KEY,
+    user_id INT NOT NULL,
+    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+    expires_at TIMESTAMP NOT NULL,
+    ip_address VARCHAR(45),  -- Supports both IPv4 and IPv6
+    user_agent TEXT,
+    active BOOLEAN DEFAULT TRUE,
+    FOREIGN KEY (user_id) REFERENCES users(user_id) ON DELETE CASCADE,
+    INDEX idx_user_id (user_id),
+    INDEX idx_expires_at (expires_at),
+    INDEX idx_active (active)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+
 -- Table: lists
 -- Stores mailing list information
 CREATE TABLE IF NOT EXISTS lists (
@@ -44,6 +76,12 @@ CREATE TABLE IF NOT EXISTS list_members (
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;

 -- Insert sample data
+
+-- Create default admin user (password: 'password')
+-- $2b$12$LQv3c1yqBWVHxkd0LHAkCOYz6TtxMQJqhN8/LewKv0AhDoLlZ7G.i is bcrypt hash of 'password'
+INSERT INTO users (username, password_hash, role) VALUES
+    ('admin', '$2b$12$LQv3c1yqBWVHxkd0LHAkCOYz6TtxMQJqhN8/LewKv0AhDoLlZ7G.i', 'administrator');
+
 INSERT INTO lists (list_name, list_email, description) VALUES
    ('Community', 'community@lists.sasalliance.org', 'General community announcements'),
    ('Board', 'board@lists.sasalliance.org', 'Board members only'),