[5.2 Admin Panel] Role-based Access (Admin, Coach, User)

[fIyingPhoenix]

Milestone: Milestone 5: Infrastructure & Tools
Category: 5.2 Admin Panel (Web)
Task: Implement role-based access control (RBAC) for the admin panel with different user roles (Admin, Coach, User).

---

Description

This task involves implementing role-based access control (RBAC) in the web admin panel. The system should define three user roles with different access levels: Admin, Coach, and User. Based on the assigned role, users will have different privileges and access to certain parts of the admin panel.

---

Subtasks:

• Define user roles in the database (Admin, Coach, User)
• Implement role management in the backend (assign roles to users)
• Modify authentication system to recognize and assign roles (JWT tokens with roles)
• Implement role-based access on the Blazor web dashboard:
  • Admin: Full access to all data and functionality (user management, meal logs, weight logs, etc.)
  • Coach: Limited access to user data (view/edit), meal logs, and weight logs
  • User: Access only to their own data (view/edit personal meals and weight)
• Display role-specific views and options in the web dashboard:
  • Admin: All options visible (e.g., managing users, viewing all meal logs)
  • Coach: Limited visibility (only users they are associated with, viewing/editing meal logs, weight tracking)
  • User: Personal data only (only view/edit their own meals, weight logs)
• Implement permissions on each page:
  • User management (Admins only)
  • Meal logs (Admins and Coaches)
  • Weight logs (Admins and Coaches)
  • Profile page (All users, but with different edit capabilities)
• Ensure proper redirection if a user tries to access a page outside their permissions
• Implement UI components to display user roles on their profile page
• Add error handling and access restrictions for unauthorized users
• Test role-based access functionality:
  • Ensure Admin can access all data
  • Ensure Coach can access limited data
  • Ensure User can access only their personal data
• Document the role-based access system in the README

---

Technical Considerations:

• Use JWT tokens to store and verify user roles
• Use middleware in the backend to protect routes based on user roles
• Implement UI components that dynamically display options based on the user’s role
• Ensure that sensitive data (e.g., other users' information) is hidden or protected based on the role

---

Acceptance Criteria:

• Admin has access to all areas of the admin panel
• Coach has access to their assigned users' data but not admin functionalities
• User has access only to their own data and cannot see other users' data
• Unauthorized users trying to access restricted pages are redirected appropriately
• Role-based UI elements are correctly displayed based on the user's role
• Proper testing and error handling are in place to handle unauthorized access
• Documentation for the RBAC system is added to the README file