V53: Module-Level Permission System

Creates the phoenix_kit_role_permissions table for granular access control over which roles can access which admin sections and modules.

Design

• Allowlist model: row present = granted, absent = denied
• Owner role bypasses permissions entirely (hardcoded in code)
• Admin role gets ALL permissions seeded by default
• New/custom roles start with NO permissions

Table Structure

• role_id FK to phoenix_kit_user_roles (CASCADE on delete)
• module_key identifies the admin section or feature module
• granted_by FK to phoenix_kit_users (SET NULL on delete) for audit trail
• Unique constraint on (role_id, module_key) prevents duplicates

Permission Keys

Core sections (5): dashboard, users, media, settings, modules Feature modules (19): billing, shop, emails, entities, tickets, posts, ai, sync, publishing, referrals, sitemap, seo, maintenance, storage, languages, connections, legal, db, jobs