Teams & RBAC
Nodebyte is multi-tenant — every resource (nodes, tokens, invites) is scoped to a team. Users can belong to multiple teams and switch between them. Access is controlled by four roles.
| Role | Permissions |
|---|---|
| Viewer | Read-only access to team nodes |
| Member | Create, edit, and delete nodes. Manage own settings. |
| Admin | Everything a member can do, plus: manage team members, create invites, manage registration tokens |
| Owner | Full control including deleting the team and managing other admins. Each team has at least one owner. |
The hierarchy is: viewer < member < admin < owner.
Creating a Team
Section titled “Creating a Team”When you register your first account, a team is created automatically. To create additional teams:
- Open the team switcher in the sidebar
- Click Create Team
- Enter a team name
- You become the owner of the new team
You can switch between teams at any time using the team switcher.
Inviting Members
Section titled “Inviting Members”Admins and owners can invite new members by email:
- Navigate to Team in the sidebar
- Click Invite Member
- Enter the person’s email address and select a role
- They receive a link to join — if they don’t have a Nodebyte account, they’ll register first, then automatically join your team
Pending invites appear in the Team page. Admins can revoke an invite before it’s accepted.
Invite API
Section titled “Invite API”curl -X POST http://localhost:8000/api/teams/{team_id}/invites \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{"email": "colleague@example.com", "role": "member"}'Managing Members
Section titled “Managing Members”From the Team page, admins and owners can:
- Change role — promote or demote a member (owners can set any role, admins can set up to admin)
- Remove member — revoke team access immediately
Role Change API
Section titled “Role Change API”curl -X PATCH http://localhost:8000/api/teams/{team_id}/members/{user_id} \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{"role": "admin"}'Super Admin Console
Section titled “Super Admin Console”Users with is_superuser = true get a platform-wide Admin section in the sidebar:
- Overview — total users, teams, and nodes at a glance
- Users — search, activate/deactivate, toggle superuser status, delete any user
- Teams — search, view member/node counts, delete any team
The first superuser is created with the create_admin.py script:
docker compose exec backend python scripts/create_admin.pyExisting superusers can promote other users from the admin console.
API Reference
Section titled “API Reference”| Method | Endpoint | Description |
|---|---|---|
GET | /api/teams | List your teams |
POST | /api/teams | Create a team |
GET | /api/teams/{team_id}/members | List team members |
PATCH | /api/teams/{team_id}/members/{user_id} | Update member role |
DELETE | /api/teams/{team_id}/members/{user_id} | Remove a member |
POST | /api/teams/{team_id}/invites | Create an invite |
GET | /api/teams/{team_id}/invites | List pending invites |
DELETE | /api/teams/{team_id}/invites/{invite_id} | Revoke an invite |
GET | /api/invites/{token} | Get invite info (public) |
POST | /api/invites/{token}/accept | Accept an invite |