rbac: surface automations permissions in the UI

Backend already defined automations:create/read/update/delete/execute and seeded them on Owner/Editor/Viewer roles, but the Settings → Roles UI was missing the metadata to render them properly. - backend: add PERMISSION_DESCRIPTIONS entries for the 5 automations perms so the role editor stops falling back to "Permission for automations:create". - frontend: add automations to CATEGORY_CONFIG (Workflow icon, slotted between podcasts and connectors) so the role editor groups them as a real section. - frontend: extend the three ROLE_PRESETS — Editor and Contributor get create/read/update/execute (mirroring backend Editor); Viewer gets read. Prep work for the automations frontend; canPerform/usePermissionGate already handle the runtime gating, so no new hook is needed.
2026-05-29 19:35:20 +02:00 · 2026-05-28 00:30:40 +02:00 · 2026-05-28 00:30:40 +02:00 · 79f0218360
commit 79f0218360
parent 2b7d91aa03
2 changed files with 22 additions and 0 deletions
--- a/surfsense_backend/app/routes/rbac_routes.py
+++ b/surfsense_backend/app/routes/rbac_routes.py
@ -107,6 +107,12 @@ PERMISSION_DESCRIPTIONS = {
    "settings:view": "View search space settings",
    "settings:update": "Modify search space settings",
    "settings:delete": "Delete the entire search space",
+    # Automations
+    "automations:create": "Create automations from chat or JSON",
+    "automations:read": "View automations, their triggers, and run history",
+    "automations:update": "Edit automations and manage their triggers",
+    "automations:delete": "Remove automations from the search space",
+    "automations:execute": "Manually fire automations",
    # Full access
    "*": "Full access to all features and settings",
 }
--- a/surfsense_web/components/settings/roles-manager.tsx
+++ b/surfsense_web/components/settings/roles-manager.tsx
@ -23,6 +23,7 @@ import {
 	Unplug,
 	Users,
 	Video,
+	Workflow,
 } from "lucide-react";
 import { useCallback, useEffect, useMemo, useState } from "react";
 import { toast } from "sonner";
@ -126,6 +127,12 @@ const CATEGORY_CONFIG: Record<
 		description: "Generate AI podcasts from content",
 		order: 5,
 	},
+	automations: {
+		label: "Automations",
+		icon: Workflow,
+		description: "Scheduled and event-driven agent tasks",
+		order: 5.5,
+	},
 	connectors: {
 		label: "Connectors",
 		icon: Unplug,
@ -200,6 +207,10 @@ const ROLE_PRESETS = {
 			"podcasts:create",
 			"podcasts:read",
 			"podcasts:update",
+			"automations:create",
+			"automations:read",
+			"automations:update",
+			"automations:execute",
 			"connectors:create",
 			"connectors:read",
 			"connectors:update",
@ -220,6 +231,7 @@ const ROLE_PRESETS = {
 			"comments:read",
 			"llm_configs:read",
 			"podcasts:read",
+			"automations:read",
 			"connectors:read",
 			"logs:read",
 			"members:view",
@ -240,6 +252,10 @@ const ROLE_PRESETS = {
 			"comments:read",
 			"llm_configs:read",
 			"podcasts:read",
+			"automations:create",
+			"automations:read",
+			"automations:update",
+			"automations:execute",
 			"connectors:read",
 			"logs:read",
 			"members:view",