Part of #27
Currently the dashboard is admin-only (guild owner or Administrator permission). Moderators with Manage Messages, Kick Members, or Ban Members permissions can't access the dashboard at all.
Subtasks
Technical Notes
- Current auth:
requireGuildAdmin in src/api/middleware/auth.js — extend, don't replace
- Discord permissions are bitfields — use
PermissionFlagsBits from discord.js
- Guild member permissions fetched during OAuth flow and cached in session
Acceptance Criteria
- Moderators can access moderation panel but not config editor
- Viewers see analytics but can't mutate anything
- Unauthorized access returns 403 with clear message
- Nav items hidden based on role (not just disabled)
Part of #27
Currently the dashboard is admin-only (guild owner or Administrator permission). Moderators with Manage Messages, Kick Members, or Ban Members permissions can't access the dashboard at all.
Subtasks
requireRole('moderator' | 'admin' | 'owner')middleware that checks Discord permissionsADMINISTRATOR→ AdminMANAGE_GUILD→ AdminMANAGE_MESSAGES+KICK_MEMBERS→ ModeratorVIEW_CHANNEL→ ViewerTechnical Notes
requireGuildAdmininsrc/api/middleware/auth.js— extend, don't replacePermissionFlagsBitsfrom discord.jsAcceptance Criteria