Roles & permissions
Platform access is controlled by the UserRole enum and helper groups in src/lib/roles.ts.
Roles
| Role | Label | Typical use |
|---|---|---|
VISITOR |
Visitor | Legacy / limited |
MEMBER |
Member | Default signed-up user |
RESEARCHER |
Researcher | Study PI — research panel only |
CONTRIBUTOR |
Contributor | CMS author |
EDITOR |
Editor | CMS editor |
ADMIN |
Admin | Full platform access |
Permission groups
| Group | Roles | Grants |
|---|---|---|
| CMS staff | Admin, Editor, Contributor | Articles, frameworks, resources, etc. |
| Research admin | Admin, Editor, Contributor, Researcher | Studies, exports, analytics, coding |
| Admin panel | Same as research admin | Enter /admin |
| Full admin | Admin only | Member management, system research ops |
Route guards
| Guard | Used for |
|---|---|
requireAdminPanel() |
Any /admin layout access |
requireCmsStaff() |
CMS server actions |
requireResearchAdmin() |
Study and export actions |
requireFullAdmin() |
/admin/users, system jobs |
Researcher restrictions
Researchers landing on /admin redirect to /admin/research. Middleware blocks CMS-only paths (/admin/articles, /admin/users, etc.).
Researchers attempting CMS actions are redirected to the research panel, not login.
Study-level roles
Separate from platform role, UserResearchProfile.researchRole tracks research participation context (Participant, Rater, etc.). Study raters are assigned via StudyRater records.
Assigning roles
- Sign in as Admin
- Go to
/admin/users - Change role via the inline dropdown, or create a new member with the desired role
Research role vs platform role
A member can participate in studies while holding any platform role. RESEARCHER is for staff who manage studies without CMS access — not for study participants.