Admin Tools & Role-Based Access Control

PadawanForge implements a comprehensive role-based access control (RBAC) system with game-specific terminology and granular permissions for administrative functions.

Role Hierarchy

Overview

The system uses a 5-level role hierarchy with specific permissions assigned to each level:

Level 0: Guest       → Demo & Documentation Access
Level 1: Padawan     → Browse-Only Access  
Level 2: Game Master → Create/Remove NPCs & Games
Level 3: Guild Leader → Currently Unused
Level 4: System Admin → Full System Configuration

Detailed Role Descriptions

Guest (Level 0)

Purpose: Temporary visitors with limited access to demonstration features and documentation.

Access Rights:

  • Demo system functionality
  • Documentation viewing
  • 24-hour session expiration

Permissions:

  • content.view - View documentation and content
  • demo.access - Access demo system features

Admin Routes:

  • /admin/demo - Demo system interface
  • /admin/docs - Documentation access

Padawan (Level 1)

Purpose: Standard registered players with limited creation abilities to learn the system.

Access Rights:

  • View player information and profiles
  • Browse NPC configurations and characters
  • Create up to 3 NPCs (learning limit)
  • View game sessions and rooms

Permissions:

  • players.view - Browse player lists and basic information
  • npcs.view - View NPC configurations and characters
  • npcs.create - Create new NPCs (limited to 3)
  • games.view - View game sessions and rooms
  • content.view - View documentation and content

Admin Routes:

  • /admin - Main admin dashboard
  • /admin/players - Player management (view only)
  • /admin/npcs - NPC management (view and limited create)
  • /admin/games - Game management (view only)

NPC Creation Limit: Padawans can create a maximum of 3 NPCs to learn the system. This limit encourages learning without overwhelming the system with test content. To create more NPCs, users must be promoted to Game Master role.

Game Master (Level 2)

Purpose: Content creators who can manage NPCs and game sessions but cannot modify players or system settings.

Access Rights:

  • Full NPC management (create, view, delete)
  • Full game session management (create, view, delete)
  • Content moderation capabilities
  • Limited to content creation, no player management

Permissions:

  • npcs.view - View NPC configurations
  • npcs.create - Create new NPCs
  • npcs.delete - Remove NPCs
  • games.view - View game sessions
  • games.create - Create new game sessions
  • games.delete - Remove game sessions
  • content.view - View documentation and content

Admin Routes:

  • /admin - Main admin dashboard
  • /admin/npcs - Full NPC management
  • /admin/games - Full game session management

Key Restrictions:

  • ❌ Cannot manage player accounts
  • ❌ Cannot access system configuration
  • ❌ Cannot modify roles or permissions
  • ❌ Cannot access audit logs

Guild Leader (Level 3)

Purpose: Currently unused role reserved for future community management features.

Status: Inactive - no permissions assigned Future Use: May be implemented for advanced community moderation and player management features.

System Admin (Level 4)

Purpose: Technical administrators with full system configuration access.

Access Rights:

  • Complete system configuration management
  • Role and permission administration
  • System monitoring and audit logs
  • Core system settings and maintenance

Permissions:

  • admin.config - System configuration access
  • admin.roles - Role and permission management
  • admin.logs - Audit log access
  • admin.system - Core system management
  • content.view - View documentation and content

Admin Routes:

  • /admin - Main admin dashboard
  • /admin/config - System configuration
  • /admin/roles - Role management
  • /admin/logs - Audit logs and system monitoring

Key Restrictions:

  • ❌ Cannot directly manage game content (NPCs/games)
  • ❌ Cannot directly manage player accounts
  • ❌ Focused on system administration only

Permission System

Permission Categories

Demo System

  • demo.access - Access to demo system features

Content Management

  • content.view - View documentation and general content

Player Management

  • players.view - Browse player information and profiles

NPC Management

  • npcs.view - View NPC configurations and characters
  • npcs.create - Create new NPCs
  • npcs.delete - Remove NPCs

Game Management

  • games.view - View game sessions and rooms
  • games.create - Create new game sessions
  • games.delete - Remove game sessions

System Administration

  • admin.config - System configuration access
  • admin.roles - Role and permission management
  • admin.logs - Audit log access
  • admin.system - Core system management

Permission Matrix

PermissionGuestPadawanGame MasterGuild LeaderSystem Admin
demo.access
content.view
players.view
npcs.view
npcs.create⚠️*
npcs.delete
games.view
games.create
games.delete
admin.config
admin.roles
admin.logs
admin.system

*⚠️ Padawans can create up to 3 NPCs maximum (learning limit)

Admin Dashboard Features

Dynamic Menu System

The admin dashboard automatically generates menu items based on user permissions:

  • Permission-Driven: Only displays accessible features
  • Role-Aware: Adapts interface based on user’s role level
  • Graceful Degradation: Shows appropriate messaging for insufficient permissions

Access Control Implementation

Route Protection

  • Middleware-Level: Global route protection for all /admin/* paths
  • Component-Level: Individual UI components check permissions
  • API-Level: Backend endpoints validate role permissions

Security Features

  • Multi-Layer Defense: Authentication, authorization, and permission checks
  • Audit Trail: Complete logging of administrative actions
  • Session Management: Secure session handling with role persistence

Role Assignment

Default Assignment

  • New registered users: Padawan (Level 1)
  • Demo/guest sessions: Guest (Level 0)
  • Manual promotion required for higher roles

Role Management

  • Only System Admins can assign/modify roles
  • Role changes require appropriate permissions (admin.roles)
  • All role modifications are logged for audit purposes

Best Practices

For Game Masters

  1. Focus on content creation (NPCs and games)
  2. Use preview/test features before publishing
  3. Follow content guidelines and community standards
  4. Report technical issues to System Admins

For System Admins

  1. Use principle of least privilege when assigning roles
  2. Regularly review audit logs for security
  3. Coordinate with Game Masters for content-related issues
  4. Maintain system configuration documentation

Security Considerations

  1. Regular role permission audits
  2. Monitor for privilege escalation attempts
  3. Implement role separation of duties
  4. Maintain audit logs for compliance

API Integration

For developers integrating with the admin system, see:

Troubleshooting

Common Issues

  1. “Limited Access” Message: User lacks required permissions
  2. Route Redirects: Insufficient role level for requested page
  3. API Errors: Missing or invalid permission tokens

Getting Help

  • Check role assignments in admin dashboard
  • Review audit logs for permission denials
  • Contact System Admin for role modifications
Core Features Authentication System
PadawanForge v1.4.1