feat(role_management): add delete permission api

apps/authentication/backend/infra/permission/permission_handler.py

@@ -2,7 +2,7 @@ from typing import Optional, List, Tuple
 
 from fastapi.exceptions import RequestValidationError
 
-from backend.models.permission.models import PermissionDoc
+from backend.models.permission.models import PermissionDoc, RoleDoc
 from beanie import PydanticObjectId
 from datetime import datetime
 
@@ -74,3 +74,16 @@ class PermissionHandler:
         total = await cursor.count()
         docs = await cursor.skip(skip).limit(limit).to_list()
         return docs, total
+
+    async def delete_permission(self, permission_id: PydanticObjectId) -> None:
+        """Delete a permission document after checking if it is referenced by any role"""
+        if not permission_id:
+            raise RequestValidationError("permission_id is required.")
+        # Check if any role references this permission
+        role = await RoleDoc.find_one({"permission_ids": str(permission_id)})
+        if role:
+            raise RequestValidationError("Permission is referenced by a role and cannot be deleted.")
+        doc = await PermissionDoc.get(permission_id)
+        if not doc:
+            raise RequestValidationError("Permission not found.")
+        await doc.delete()

apps/authentication/backend/services/permission/permission_service.py

@@ -29,4 +29,8 @@ class PermissionService:
             "total": total,
             "page": page,
             "page_size": page_size
-        }
+        }
+
+    async def delete_permission(self, permission_id: str) -> None:
+        """Delete a permission document after checking if it is referenced by any role"""
+        return await self.permission_handler.delete_permission(PydanticObjectId(permission_id))

apps/authentication/webapi/routes/permission/__init__.py

@@ -2,10 +2,12 @@ from fastapi import APIRouter
 from .create_permission import router as cp_router
 from .query_permission import router as qp_router
 from .update_permission import router as up_router
+from .delete_permission import router as delp_router
 
 
 router = APIRouter()
 
 router.include_router(cp_router, prefix="/permission", tags=["permission"])
 router.include_router(qp_router, prefix="/permission", tags=["permission"])
-router.include_router(up_router, prefix="/permission", tags=["permission"])
+router.include_router(up_router, prefix="/permission", tags=["permission"])
+router.include_router(delp_router, prefix="/permission", tags=["permission"])

apps/authentication/webapi/routes/permission/delete_permission.py

@@ -0,0 +1,23 @@
+from fastapi import APIRouter
+from pydantic import BaseModel
+from backend.services.permission.permission_service import PermissionService
+
+router = APIRouter()
+permission_service = PermissionService()
+
+class DeletePermissionRequest(BaseModel):
+    permission_id: str
+
+class DeletePermissionResponse(BaseModel):
+    success: bool
+
+@router.post(
+    "/delete",
+    response_model=DeletePermissionResponse,
+    operation_id="delete-permission",
+    summary="Delete Permission",
+    description="Delete a permission after checking if it is referenced by any role."
+)
+async def delete_permission(req: DeletePermissionRequest) -> DeletePermissionResponse:
+    await permission_service.delete_permission(req.permission_id)
+    return DeletePermissionResponse(success=True)