Menü
Guide for implementing permission-based UI gating in the web app.
Mit Codex oder Claude installieren Kopieren Sie diesen Prompt, fügen Sie ihn in Codex, Claude oder einen anderen Assistant ein und lassen Sie die Skill-Seite prüfen und installieren.
Basierend auf der SOC-Berufsklassifikation
Long-running (multi-hour) adversarial hunt for P0/P1/P2 bugs across the codebase. Mixes codebase observation, mechanical linting, real test + telemetry verification, and parallel skeptic sub-agents that must REFUTE each candidate before it is accepted. Fixes verified bugs on a branch off main with surgical per-bug commits, re-runs gates, and writes a dated report to the Desktop. Never pushes or merges. Use when you want a deep, autonomous bug-finding-and-fixing pass.
Diagnose and durably eliminate flaky/intermittent test failures (passes locally but fails CI, rotates between tests, red only under load). Reproduce under contention, instrument the real state instead of guessing, root-cause by signal not duration, fix at the source, validate multi-run. Use when a test is flaky, CI is intermittently red, or fixing one flake unmasks others.
Safely prune dead local branches, git worktrees, and remote branches in this repo. Use when asked to "prune dead branches", "clean up worktrees", "delete merged branches", "tidy up git", or after a batch of PRs has merged. Knows this repo merges via squash, so it verifies death by PR state, not just git ancestry.
Reduce test-suite wall-clock (dev + CI) without losing coverage or telemetry. Measure the phase breakdown first, then apply proven levers (parallelize turbo, narrow imports vs barrels, lazy-load heavy graphs, pool/worker config, DB pool sizing) and capture the before/after delta. Use when tests are slow, CI time is high, or to set/check a perf baseline. Composes with the read-only test-perf and test-census skills.
Census the repo's tests by TYPE, not by name. Classifies every tracked test file via content heuristics into unit / integration / react-component / e2e (plus a separate db pgTAP count), in precedence order so buckets are mutually exclusive. Use when the user asks "what kinds of tests do we have", "how many component vs integration tests", "what's our e2e coverage", or wants a per-area test-type breakdown.
Snapshot test-suite timings in this repo. Runs the unit and/or integration suites (or a single integration project) and reports wall-clock time, Vitest's own phase breakdown (transform/setup/import/tests/environment), and the slowest test files. Use when the user asks "how slow are the tests", "where does the test time go", wants a perf baseline, or wants to check the suite hasn't regressed.
| name | frontend-role-checks |
| description | Guide for implementing permission-based UI gating in the web app. |
| metadata | {"short-description":"Permission-based UI gating patterns for the web app"} |
Guide for implementing permission-based UI gating in the web app.
import { PermissionsGate } from '@/components/PermissionsGate'
<PermissionsGate permission="upload_assets">
<Button>Upload</Button>
</PermissionsGate>
// With fallback
<PermissionsGate permission="manage_billing" fallback={<span>Admin only</span>}>
<BillingSettings />
</PermissionsGate>
import { RequireRole } from '@/components/RequireRole'
<RequireRole roles={['admin']} redirectTo={`/org/${orgId}`}>
<OrgSettingsPage />
</RequireRole>
import { useHasPermission, useMyPermissions } from '@/hooks/use-permissions'
// Check single permission
const canUpload = useHasPermission('upload_assets')
// Get full permission set
const { data } = useMyPermissions()
const role = data?.role
const permissions = data?.permissions ?? []
| Permission | Admin | Member | Viewer |
|---|---|---|---|
| view_assets | yes | yes | yes |
| upload_assets | yes | yes | no |
| manage_assets | yes | yes | no |
| delete_assets | yes | yes | no |
| manage_team_members | yes | no | no |
| manage_billing | yes | no | no |
| manage_organization | yes | no | no |
Add requiredPermission to NavItem in AppSidebar.tsx:
{
label: 'Settings',
requiredPermission: 'manage_organization',
}
Use renderWithProviders + seed a user with the appropriate role.
The permissions API (/v1/permissions/me) returns the user's resolved permissions.
describe('MyComponent role behavior', () => {
it('admin sees all controls', async () => {
const { owner } = await setupOwnerWithTeam()
writeAuthToken(owner.token)
renderWithProviders(<MyComponent />)
expect(screen.getByRole('button', { name: /delete/i })).toBeInTheDocument()
})
it('viewer cannot see delete', async () => {
// Seed a viewer-role team member
// writeAuthToken(viewer.token)
// renderWithProviders(<MyComponent />)
// expect(screen.queryByRole('button', { name: /delete/i })).not.toBeInTheDocument()
})
})
Note: Full role-based integration tests require seeding users with specific team
roles via the API. The team_members.role column defaults to 'viewer'. Use
clientApi.updateTeamMemberRole() to set admin/member roles after invitation.