AI Content Assistant with Role-Based Access Control (RBAC)

This is my submission for the [https://Permit.io Dev Challenge]
#permitio #devchallenge #rbac #javascript #webdev #ai

🔍 What I Built

An AI-powered content assistant where:

• Users submit content for AI summarization.
• Admins can review, approve, reject, and publish summaries.
• RBAC is handled using Permit.io to ensure only authorized actions.

💡 AI Summary is mocked due to API limits, but the RBAC and flows are fully functional!

🎯 The Problem It Solves

AI-generated content is powerful, but publishing it without review can lead to misinformation.

This tool helps solve that by ensuring:

• Users can use AI to generate drafts.
• Only approved roles (admins) can publish or approve that content.

🌟 Demo

🔗 Live App: [https://ai-content-review-fjt8.vercel.app/)

📁 GitHub Repo: https://github.com/Ravi-Coding/ai-content-review

🛠️ How I Built It

• Frontend: React (Vite) + TypeScript + Tailwind CSS
• Backend: Express.js + Node.js
• Authorization: @permit.io/sdk
• Hosting: Vercel (Frontend), Render (Backend)
• AI Summary: Mocked for now (can be extended using OpenAI)

🔐 RBAC with Permit.io

Using permit.check(user, action, resource) to validate access.

ts
const allowed = await permit.check(user, "summarize", "content");
if (!allowed) {
  return res.status(403).json({ error: "Access Denied" });
}

## 🔐 Roles Defined

- **user**: Can submit content  
- **admin**: Can approve, delete, and publish  

---

## 🖥️ Dashboards Included

### User Dashboard:
- Submit content  
- View status  

### Admin Dashboard:
- View all submissions  
- Approve / Delete / Publish  

---

## 💡 Lessons & Challenges

- 🔄 Mocked AI summaries to simulate production AI logic  
- 🛡️ Implemented clean role-based permissions using Permit.io’s policy UI  
- ⚠️ Error handling and fallback logic to ensure seamless UX  

---

## 🙌 Special Thanks

Huge thanks to **Permit.io** for this opportunity and their powerful SDK + Policy Studio!

---

## 📌 Final Thoughts

Permit.io made it **incredibly easy** to manage permissions without hardcoding logic.  
This challenge helped me understand how secure AI tools can be built in real-world production.

Feel free to try it out and give feedback 🙏