FretPulse EngineReport an issue
Security

Access Matrix

Summary of current role capabilities and the access-control review completed for the protected API surface.

User

Register, authenticate, manage own account settings, upload files, trigger analysis on owned files, read owned jobs/artifacts/storage objects, and submit/read own bug reports.

Moderator

All user capabilities plus admin bug-report triage: review reports/events, update report status/priority, and download clean report attachments from the admin surface.

Admin

All moderator capabilities plus user role/tier management, system settings changes, retention operations, audit-log review, fingerprint backfill, and orphan cleanup.

Audit Notes
File, job, artifact, and storage routes are guarded by ownership checks tied back to the owning file.
Admin routes are protected with role dependencies rather than frontend-only gating.
Bug-report user routes are scoped to the current account; admin bug-report routes require moderator or admin roles.
The request-path SQL review found ORM/statement-based access rather than interpolated raw SQL strings.