Zac ec026195eb feat(mam-api,web-ui): per-project RBAC (v2 auth layer) ... Adds per-project access control on top of the flat v1 auth. admin keeps global access; editor/viewer are scoped to projects granted to them (direct or via group) at view (read-only) or edit (read-write) level. - migration 026: project_access table + access_level enum - src/auth/authz.js: central isAdmin/accessibleProjectIds/projectLevel/ assertProjectAccess - requireAdmin middleware; admin-gate /users, /auth/users, /groups - enforce scoping on projects, assets, bins (list filter + per-resource view/edit + create checks); gate bulk asset maintenance + batch-trim - grant API: GET/POST/DELETE /projects/:id/access - web-ui: hide admin nav for non-admins, admin-route bounce, project "Manage access" modal, rewrite Policies tab - tests: authz, project-access, assets-access (node:test, skip w/o DB) - deferred routers carry TODO(authz) markers; .env.example documents the service-token-needs-admin/grants requirement Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>		2026-05-30 02:37:36 +00:00
..
ampp	feat: AMPP folder sync integration — pre-create folder hierarchy on upload, expose lookup endpoint for Script Task: client.js	2026-04-18 13:42:07 -04:00
auth	feat(mam-api,web-ui): per-project RBAC (v2 auth layer)	2026-05-30 02:37:36 +00:00
db	feat(mam-api,web-ui): per-project RBAC (v2 auth layer)	2026-05-30 02:37:36 +00:00
middleware	feat(mam-api,web-ui): per-project RBAC (v2 auth layer)	2026-05-30 02:37:36 +00:00
routes	feat(mam-api,web-ui): per-project RBAC (v2 auth layer)	2026-05-30 02:37:36 +00:00
s3	fix(s3): land NodeHttpHandler request/connection timeout in main	2026-05-29 17:26:59 -04:00
tasks	Revert "auth: top-to-bottom rework — local accounts, RBAC + client tag, audit log, env-bootstrap"	2026-05-27 03:28:05 +00:00
index.js	feat(mam-api,web-ui): per-project RBAC (v2 auth layer)	2026-05-30 02:37:36 +00:00
scheduler.js	chore: 1.2 ship-prep sweep — close 38 issues	2026-05-27 02:06:14 +00:00