feat(role_management): add assign permissions to role api

apps/authentication/backend/infra/permission/role_handler.py

@@ -2,7 +2,7 @@ from typing import Optional, List, Tuple
 
 from fastapi.exceptions import RequestValidationError
 
-from backend.models.permission.models import RoleDoc
+from backend.models.permission.models import RoleDoc, PermissionDoc
 from beanie import PydanticObjectId
 from datetime import datetime
 
@@ -71,3 +71,25 @@ class RoleHandler:
         total = await cursor.count()
         docs = await cursor.skip(skip).limit(limit).to_list()
         return docs, total
+
+    async def assign_permissions_to_role(self, role_id: PydanticObjectId, permission_ids: List[str]) -> Optional[RoleDoc]:
+        """Assign permissions to a role by updating the permission_ids field"""
+        if not role_id or not permission_ids:
+            raise RequestValidationError("role_id and permission_ids are required.")
+        doc = await RoleDoc.get(role_id)
+        if not doc:
+            raise RequestValidationError("Role not found.")
+        
+        # Validate that all permission_ids exist in the permission collection
+        for permission_id in permission_ids:
+            permission_doc = await PermissionDoc.get(PydanticObjectId(permission_id))
+            if not permission_doc:
+                raise RequestValidationError(f"Permission with id {permission_id} not found.")
+        
+        # Remove duplicates from permission_ids
+        unique_permission_ids = list(dict.fromkeys(permission_ids))
+        
+        doc.permission_ids = unique_permission_ids
+        doc.updated_at = datetime.now()
+        await doc.save()
+        return doc

apps/authentication/backend/services/permission/role_service.py

@@ -1,4 +1,4 @@
-from typing import Optional, Dict, Any
+from typing import Optional, Dict, Any, List
 
 from fastapi.exceptions import RequestValidationError
 
@@ -34,3 +34,7 @@ class RoleService:
             "page": page,
             "page_size": page_size
         }
+
+    async def assign_permissions_to_role(self, role_id: str, permission_ids: List[str]) -> RoleDoc:
+        """Assign permissions to a role by updating the permission_ids field"""
+        return await self.role_handler.assign_permissions_to_role(PydanticObjectId(role_id), permission_ids) 

apps/authentication/webapi/routes/role/__init__.py

@@ -2,9 +2,11 @@ from fastapi import APIRouter
 from .create_role import router as create_role_router
 from .update_role import router as update_role_router
 from .query_role import router as query_role_router
+from .assign_permissions import router as assign_permissions_router
 
 router = APIRouter()
 
 router.include_router(create_role_router, prefix="/role", tags=["role"])
 router.include_router(update_role_router, prefix="/role", tags=["role"])
 router.include_router(query_role_router, prefix="/role", tags=["role"])
+router.include_router(assign_permissions_router, prefix="/role", tags=["role"])

apps/authentication/webapi/routes/role/assign_permissions.py

@@ -0,0 +1,38 @@
+from datetime import datetime
+
+from fastapi import APIRouter
+from pydantic import BaseModel
+from typing import List
+from backend.services.permission.role_service import RoleService
+from common.token.token_manager import TokenManager
+
+router = APIRouter()
+token_manager = TokenManager()
+role_service = RoleService()
+
+class AssignPermissionsRequest(BaseModel):
+    role_id: str
+    permission_ids: List[str]
+
+class RoleResponse(BaseModel):
+    id: str
+    role_key: str
+    role_name: str
+    role_description: str
+    permission_ids: List[str]
+    role_level: int
+    created_at: datetime
+    updated_at: datetime
+
+@router.post(
+    "/assign-permissions",
+    response_model=RoleResponse,
+    operation_id="assign-permissions-to-role",
+    summary="Assign Permissions to Role",
+    description="Assign permissions to a role by updating the permission_ids field."
+)
+async def assign_permissions_to_role(
+    req: AssignPermissionsRequest,
+) -> RoleResponse:
+    doc = await role_service.assign_permissions_to_role(req.role_id, req.permission_ids)
+    return RoleResponse(**doc.dict())