0a0ec016d8
Backend: - auth/permissions.go: full permission matrix with RequirePermission/RequireRole middleware, CanEditCase, CanDeleteDocument helpers - auth/context.go: add user role to request context - auth/middleware.go: resolve role alongside tenant in auth flow - auth/tenant_resolver.go: verify membership + resolve role for X-Tenant-ID - handlers/case_assignments.go: CRUD for case-level user assignments - handlers/tenant_handler.go: UpdateMemberRole, GetMe (/api/me) endpoints - handlers/documents.go: permission-based delete (own vs all) - router/router.go: permission-wrapped routes for all endpoints - services/case_assignment_service.go: assign/unassign with tenant validation - services/tenant_service.go: UpdateMemberRole with owner protection - models/case_assignment.go: CaseAssignment model Database: - user_tenants.role: CHECK constraint (owner/partner/associate/paralegal/secretary) - case_assignments table: case_id, user_id, role (lead/team/viewer) - Migrated existing admin->partner, member->associate Frontend: - usePermissions hook: fetches /api/me, provides can() helper - TeamSettings: 5-role dropdown, role change, permission-gated invite - CaseAssignments: new component for case-level team management - Sidebar: conditionally hides AI/Settings based on permissions - Cases page: hides "Neue Akte" button for non-authorized roles - Case detail: new "Mitarbeiter" tab for assignment management
KanzlAI-mGMT
Kanzleimanagement online — law firm management for deadlines, appointments, and case tracking.
Structure
backend/ Go API server
frontend/ Next.js 15 (TypeScript, Tailwind CSS)
Development
make dev-backend # Go server on :8080
make dev-frontend # Next.js dev server
make build # Build both
make lint # Lint both
make test # Test both
Tech Stack
- Frontend: Next.js 15, TypeScript, Tailwind CSS
- Backend: Go
- Database: Supabase (PostgreSQL) —
kanzlaischema - Deploy: Dokploy on mLake (kanzlai.msbls.de)