[HIGH PRIORITY] Authentication, Users & Multi-tenancy #22

Closed
opened 2026-01-16 04:30:50 +00:00 by tonym · 0 comments
Owner

Summary

Add optional authentication with user management, permissions, and multi-tenancy support.

Upstream Issues

Problem

Spoolman has no built-in authentication. Currently relies on external solutions (Nginx auth, reverse proxy) or is exposed without protection. Users want to share instances with friends/colleagues.

Proposed Features

1. Optional Login Screen

  • Can be enabled/disabled via config
  • Simple username/password auth
  • Session-based or JWT tokens

2. User Management

  • Create/edit/delete users
  • Admin user created on first setup
  • Password reset functionality

3. Permission Levels

Granular permissions per user:

  • View: Can see spools, filaments, vendors
  • Use: Can record spool usage (deduct filament)
  • Create: Can add new spools, filaments, vendors
  • Edit: Can modify existing records
  • Delete: Can remove records
  • Admin: Full access + user management

4. Role Presets

  • Viewer: View only
  • Operator: View + Use
  • Editor: View + Use + Create + Edit
  • Admin: Everything

5. Multi-tenancy (Future)

  • Isolated data per tenant/organization
  • Shared instance for multiple users with separate inventories
  • Could be user-based (each user sees own spools) or org-based

Implementation Notes

Backend

  • Add User model with hashed passwords
  • JWT or session auth middleware
  • Permission checks on endpoints
  • SPOOLMAN_AUTH_ENABLED env var
  • Optional: tenant_id on all models for multi-tenancy

Frontend

  • Login page
  • User management in Settings (admin only)
  • Hide/disable UI elements based on permissions

Alternatives

  • Nginx/Traefik basic auth (current workaround)
  • Authelia/Authentik in front of Spoolman
  • This feature for native support
## Summary Add optional authentication with user management, permissions, and multi-tenancy support. ## Upstream Issues - https://github.com/Donkie/Spoolman/issues/501 (7 👍, 8 comments) - Auth + multi-tenancy - https://github.com/Donkie/Spoolman/issues/775 - Auth + permissions ## Problem Spoolman has no built-in authentication. Currently relies on external solutions (Nginx auth, reverse proxy) or is exposed without protection. Users want to share instances with friends/colleagues. ## Proposed Features ### 1. Optional Login Screen - Can be enabled/disabled via config - Simple username/password auth - Session-based or JWT tokens ### 2. User Management - Create/edit/delete users - Admin user created on first setup - Password reset functionality ### 3. Permission Levels Granular permissions per user: - **View**: Can see spools, filaments, vendors - **Use**: Can record spool usage (deduct filament) - **Create**: Can add new spools, filaments, vendors - **Edit**: Can modify existing records - **Delete**: Can remove records - **Admin**: Full access + user management ### 4. Role Presets - **Viewer**: View only - **Operator**: View + Use - **Editor**: View + Use + Create + Edit - **Admin**: Everything ### 5. Multi-tenancy (Future) - Isolated data per tenant/organization - Shared instance for multiple users with separate inventories - Could be user-based (each user sees own spools) or org-based ## Implementation Notes ### Backend - Add User model with hashed passwords - JWT or session auth middleware - Permission checks on endpoints - `SPOOLMAN_AUTH_ENABLED` env var - Optional: tenant_id on all models for multi-tenancy ### Frontend - Login page - User management in Settings (admin only) - Hide/disable UI elements based on permissions ## Alternatives - Nginx/Traefik basic auth (current workaround) - Authelia/Authentik in front of Spoolman - This feature for native support
tonym changed title from Authentication & User Permissions to [HIGH PRIORITY] Authentication, Users & Multi-tenancy 2026-01-16 04:39:16 +00:00
tonym referenced this issue from a commit 2026-01-16 06:53:09 +00:00
tonym closed this issue 2026-01-16 06:55:29 +00:00
Sign in to join this conversation.
No Label
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: tonym/spoolman2#22
No description provided.