Why roles matter
LearnTerms is role-gated at both the UI and route-protection level. Some pages are student-facing by default, while/admin routes are protected and require both authentication and an allowed LearnTerms role.
This matters because the app is collaborative. It has to balance content access, content editing, and operational control without giving every user the same authority.
Main roles
The schema and role-management logic currently recognize:studentas the implicit baseline when no elevated role is setcuratoradmindev
What students can expect
Students are the default consumers of:- classes
- modules
- module study
- custom tests
- personal progress
- cohort-facing community surfaces
What curators can expect
Curators are part of the content-operations side of the app. In practice, they can access admin tools and work with content workflows such as:- document curation
- question editing
- question media
- generation workflows
What admins can expect
Admins have broader cohort-level control, but not unlimited control. In the current role-management rules:- admins can manage
studentandcuratorrole assignments - admins cannot manage
adminordevusers - admins cannot assign
adminordevroles - admins cannot change their own role
What devs can expect
Devs are the highest-privilege role in the current model. A dev can bypass the admin limitations above and perform role changes that normal admins cannot. This is the role that carries full operational authority in the current implementation.Route protection
Admin routes are protected in the server hooks. When a request hits/admin or a nested admin path, the app:
- checks whether the user is authenticated
- resolves the user record from Convex
- verifies the role is
dev,admin, orcurator - redirects unauthorized users away
Practical implications for documentation
When writing docs, it helps to state clearly:- whether a page is student-facing
- whether it requires curator or admin access
- whether a workflow depends on cohort membership