Page Role Check uses currentbank. Signal Channels Broadcasts and Signal

Channel Stats. Account Directory

Author: simonredfern

src/lib/components/PageRoleCheck.svelte

@@ -8,14 +8,16 @@
     userEntitlements: any[];
     required: RoleRequirement[];
     optional?: RoleRequirement[];
+    currentBankId?: string;
     children?: Snippet;
   }
 
-  let { userEntitlements, required, optional, children }: Props = $props();
+  let { userEntitlements, required, optional, currentBankId, children }: Props =
+    $props();
 
   // Check required roles (OR logic — need at least one)
   let requiredCheck = $derived.by(() => {
-    return checkRoles(userEntitlements || [], required || []);
+    return checkRoles(userEntitlements || [], required || [], currentBankId);
   });
 
   let firstMissingRequired = $derived(requiredCheck.missingRoles[0] || null);
@@ -24,7 +26,7 @@
   // Check optional roles (informational — content still renders)
   let optionalCheck = $derived.by(() => {
     if (!optional || optional.length === 0) return null;
-    return checkRoles(userEntitlements || [], optional);
+    return checkRoles(userEntitlements || [], optional, currentBankId);
   });
 
   let missingOptionalRoles = $derived(

src/lib/config/navigation.ts

@@ -31,6 +31,7 @@ import {
   Banknote,
   Hash,
   Map,
+  Radio,
 } from "@lucide/svelte";
 import { env } from "$env/dynamic/public";
 
@@ -122,6 +123,16 @@ function buildSystemItems(): NavigationItem[] {
       label: "Migrations",
       iconComponent: GitBranch,
     },
+    {
+      href: "/system/signal-channels",
+      label: "Signal Channels",
+      iconComponent: Radio,
+    },
+    {
+      href: "/system/signal-channels-stats",
+      label: "Signal Stats",
+      iconComponent: Radio,
+    },
     {
       href: "/system/webui-props",
       label: "WebUI Props",
@@ -297,6 +308,11 @@ function buildAccountAccessItems(): NavigationItem[] {
       label: "Accounts",
       iconComponent: Landmark,
     },
+    {
+      href: "/account-access/account-directory",
+      label: "Account Directory",
+      iconComponent: FolderOpen,
+    },
   ];
 
   return items;

src/lib/utils/roleChecker.ts

@@ -7,6 +7,8 @@ const logger = createLogger("RoleChecker");
 export interface RoleRequirement {
   role: string;
   bankId?: string;
+  /** When true, the user must hold this role for the current bank (bank-level role) */
+  bankScoped?: boolean;
 }
 
 /**
@@ -111,6 +113,12 @@ export const SITE_MAP: Record<string, PageRoleConfig> = {
   "/system/webui-props/[id]/delete": {
     required: [{ role: "CanDeleteWebUiProps" }],
   },
+  "/system/signal-channels": {
+    required: [],
+  },
+  "/system/signal-channels-stats": {
+    required: [{ role: "CanGetSignalStats" }],
+  },
   "/system/featured-collections": {
     required: [{ role: "CanManageFeaturedApiCollections" }],
   },
@@ -179,6 +187,9 @@ export const SITE_MAP: Record<string, PageRoleConfig> = {
   "/account-access/custom-views/create": {
     required: [{ role: "CanCreateCustomView" }],
   },
+  "/account-access/account-directory": {
+    required: [{ role: "CanGetAccountDirectoryAtOneBank", bankScoped: true }],
+  },
 
   // ── Users ─────────────────────────────────────────────
   "/users": {
@@ -214,11 +225,13 @@ export function getPageRoles(routeId: string): PageRoleConfig | undefined {
  *
  * @param userEntitlements - List of entitlements the user has
  * @param requiredRoles - List of alternative roles (user needs at least one)
+ * @param currentBankId - The currently selected bank ID (for bankScoped role checks)
  * @returns RoleCheckResult with missing and present roles
  */
 export function checkRoles(
   userEntitlements: UserEntitlement[],
   requiredRoles: RoleRequirement[],
+  currentBankId?: string,
 ): RoleCheckResult {
   const missingRoles: RoleRequirement[] = [];
   const hasRoles: RoleRequirement[] = [];
@@ -229,6 +242,11 @@ export function checkRoles(
 
       if (!roleMatches) return false;
 
+      // Bank-scoped roles must match the current bank
+      if (requirement.bankScoped) {
+        return currentBankId ? entitlement.bank_id === currentBankId : false;
+      }
+
       if (requirement.bankId) {
         return entitlement.bank_id === requirement.bankId;
       }

src/routes/(protected)/+layout.svelte

@@ -2,6 +2,7 @@
   import { page } from "$app/state";
   import PageRoleCheck from "$lib/components/PageRoleCheck.svelte";
   import { SITE_MAP } from "$lib/utils/roleChecker";
+  import { currentBank } from "$lib/stores/currentBank.svelte";
 
   let { data, children } = $props();
 
@@ -14,6 +15,7 @@
     userEntitlements={data.userEntitlements}
     required={pageRoles.required}
     optional={pageRoles.optional}
+    currentBankId={currentBank.bankId}
   >
     {@render children()}
   </PageRoleCheck>