🔐 Rusty Beam Authorization Admin

Manage users, roles, and authorization rules for the Rusty Beam server

👥 User Management

Add New User

Tip: Hold Ctrl (Windows/Linux) or Cmd (Mac) to select multiple roles

Users & Roles
Username (Email) Roles Actions
test@example.com
  • user
james@kinburnstreet.consulting
  • user
  • administrators
james@stance.global
  • user

📝 Google OAuth2 Integration

Users who authenticate via Google OAuth2 are automatically granted the 'user' role.

The OAuth2 plugin sets the 'authenticated_user' metadata with the user's email address.

Administrators can be designated by adding their Google email to the administrators role above.

🛡️ Authorization Rules

Add New Authorization Rule

Authorization Rules
Username/Role Path Selector Methods Action Description Actions
* /assets/*
  • GET
  • HEAD
Everyone can access CSS, JavaScript and other assets
* /
  • GET
Everyone can access the home page
* /auth/
  • GET
  • POST
  • PUT
  • DELETE
Anonymous users cannot access authorization admin
* /config/
  • GET
  • POST
  • PUT
  • DELETE
  • PATCH
Anonymous users cannot access config admin
* /*
  • GET
Everybody can read all pages
* /demos/guestbook/
  • GET
Everyone can read all guestbook pages
* /demos/guestbook/ #entries
  • GET
Everyone can read guestbook entries
* /demos/guestbook/ #entries
  • POST
Everyone can add new guestbook entries
* /demos/guestbook/ #entries .entry
  • DELETE
Regular users cannot delete entries
administrators /demos/guestbook/ #entries .entry
  • DELETE
Administrators can delete individual entries
* /demos/todo/
  • GET
Allow everyone to view the todo app
user /demos/todo/ #todos
  • POST
Allow logged in users to add new todos
* /demos/todo/ #todos li
  • DELETE
Deny deletion of todos by default
* /ws
  • GET
Everyone can connect to WebSocket
administrators /auth/
  • GET
  • POST
  • PUT
  • DELETE
Administrators can manage authorization rules
administrators /auth/ *
  • GET
  • POST
  • PUT
  • DELETE
Administrators can use any CSS selector on authorization admin interface
* /auth/google/login
  • GET
Anyone can initiate Google OAuth2 login
* /auth/google/callback
  • GET
OAuth2 callback must be accessible
* /auth/logout
  • POST
Anyone can logout
* /auth/user
  • GET
Anyone can check authentication status
administrators /config/
  • GET
  • POST
  • PUT
  • DELETE
  • PATCH
Administrators can manage server configuration
administrators /config/ *
  • GET
  • POST
  • PUT
  • DELETE
  • PATCH
Administrators can use any CSS selector on config admin interface
user /demos/crs/ttb/:username/ #skills-list, #talent-list, #equipment-list
  • POST
  • DELETE
Allow authenticated users to add skills
user /demos/crs/ttb/:username/ [contenteditable]
  • PUT
Allow authenticated users to add skills
user /demos/crs/ttb/:username/ #skills-list tr, #talent-list li, #equipment-list li
  • DELETE
Allow authenticated users to add skills
user /demos/todo/ li:has(meta[content="${username}"])
  • DELETE
Users can delete only the todo items they created (matches username in metadata)
jamesaduncan@mac.com /demos/todo/ #todos li
  • GET
  • POST
  • PUT
  • DELETE
James can do it all (temporarily)
user /playground/ *
  • GET
  • POST
  • PUT
  • DELETE
Any user can edit this page