icecheng/freeleaps-service-hub
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(role&permission): migrate the roles and permissions from freeleaps to authentication

Browse Source
This commit is contained in:
YuehuCao 2025-09-16 16:28:15 +08:00
parent 4f09a5e4df
commit a3f8d7b8cf
3 changed files with 70 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
apps/authentication/backend/models/permission/constants.py
View File

@ -12,7 +12,10 @@ class DefaultRole:
# Default roles, which all tenants will have, cannot be modified. # Default roles, which all tenants will have, cannot be modified.
class DefaultRoleEnum(Enum): class DefaultRoleEnum(Enum):
ADMIN = DefaultRole("Administrator", "admin", "Have all permissions", 0) ADMIN = DefaultRole("Admin", "admin", "Have all permissions", 1)
OPERATOR = DefaultRole("Operator", "operator", "System operator with deployment and management permissions", 10)
DEVELOPER = DefaultRole("Developer", "developer", "Developer with git and issue management access", 100)
QA = DefaultRole("QA", "qa", "Quality assurance with bug and testing permissions", 1000)
@dataclass(frozen=True) # frozen=True @dataclass(frozen=True) # frozen=True
@ -24,9 +27,15 @@ class DefaultPermission:
# Default permissions, which all tenants will have, cannot be modified. # Default permissions, which all tenants will have, cannot be modified.
class DefaultPermissionEnum(Enum): class DefaultPermissionEnum(Enum):
CHANGE_ROLES = DefaultPermission("change:roles", "Change roles", "Add/Update/Delete roles") INVITE_COLLABORATOR = DefaultPermission("invite:collaborator", "Add/Remove participants", "Add/Remove participants")
CHANGE_PERMISSIONS = DefaultPermission("change:permissions", "Change permissions", "Add/Update/Remove permissions") PUBLISH_PRODUCTION = DefaultPermission("publish:production", "Deploy to production", "Deploy to production")
ASSIGN_ROLES = DefaultPermission("assign:roles", "Assign roles", "Assign roles to user") EDIT_PRODUCT = DefaultPermission("edit:product", "View product management UX", "View product management UX")
ACCESS_GIT_REPOSITORIES = DefaultPermission("access:git_repositories", "Access to git repositories", "Access to git repositories")
ACCESS_ISSUE_MANAGEMENT = DefaultPermission("access:issue_management", "Access to issue management", "Access to issue management")
PUBLISH_ALPHA = DefaultPermission("publish:alpha", "Access to alpha deployment", "Access to alpha deployment")
OPEN_BUGS = DefaultPermission("open:bugs", "Open/Close/Re-open bugs", "Open/Close/Re-open bugs")
QA_FAILED_PASSED = DefaultPermission("qa:failed_passed", "Update QA status - QA failed/passed", "Update QA status - QA failed/passed")
QA_TEST_REPORTS = DefaultPermission("qa:test_reports", "Update QA status - Test reports", "Update QA status - Test reports (Test coverage)")
class AdministrativeRole(IntEnum): class AdministrativeRole(IntEnum):

1
apps/authentication/backend/models/permission/models.py
View File

@ -26,6 +26,7 @@ class RoleDoc(Document):
role_description: Optional[str] = None role_description: Optional[str] = None
permission_ids: list[str] permission_ids: list[str]
role_level: int role_level: int
revision_id: Optional[str] = None # Revision ID for version control
created_at: datetime = datetime.now() # Creation timestamp, auto-generated created_at: datetime = datetime.now() # Creation timestamp, auto-generated
updated_at: datetime = datetime.now() # Last update timestamp, auto-updated updated_at: datetime = datetime.now() # Last update timestamp, auto-updated
is_default: bool = False is_default: bool = False

66
apps/authentication/webapi/providers/permission_initialize.py
View File

@ -10,12 +10,9 @@ def register(app):
@app.on_event("startup") @app.on_event("startup")
async def init_admin_permission(): async def init_admin_permission():
# Initialize permissions if not exist # Initialize all permissions if not exist
default_permission_ids = [] permission_id_map = {}
for default_permission in \ for default_permission in DefaultPermissionEnum:
[DefaultPermissionEnum.CHANGE_PERMISSIONS,
DefaultPermissionEnum.CHANGE_ROLES,
DefaultPermissionEnum.ASSIGN_ROLES]:
if not await PermissionDoc.find_one( if not await PermissionDoc.find_one(
{str(PermissionDoc.permission_key): default_permission.value.permission_key}): {str(PermissionDoc.permission_key): default_permission.value.permission_key}):
doc = await PermissionDoc( doc = await PermissionDoc(
@ -24,17 +21,66 @@ def register(app):
description=default_permission.value.permission_description, description=default_permission.value.permission_description,
is_default=True, is_default=True,
).insert() ).insert()
default_permission_ids.append(str(doc.id)) permission_id_map[default_permission.value.permission_key] = str(doc.id)
logging.info(f"default permissions initialized {default_permission_ids}") else:
# Get existing permission ID
existing_doc = await PermissionDoc.find_one(
{str(PermissionDoc.permission_key): default_permission.value.permission_key})
permission_id_map[default_permission.value.permission_key] = str(existing_doc.id)
logging.info(f"default permissions initialized {list(permission_id_map.keys())}")
# Define role permission mappings based on the provided data
role_permission_mappings = {
DefaultRoleEnum.ADMIN: [
DefaultPermissionEnum.PUBLISH_ALPHA,
DefaultPermissionEnum.PUBLISH_PRODUCTION,
DefaultPermissionEnum.INVITE_COLLABORATOR,
DefaultPermissionEnum.EDIT_PRODUCT,
DefaultPermissionEnum.ACCESS_GIT_REPOSITORIES,
DefaultPermissionEnum.ACCESS_ISSUE_MANAGEMENT,
DefaultPermissionEnum.OPEN_BUGS,
DefaultPermissionEnum.QA_FAILED_PASSED,
DefaultPermissionEnum.QA_TEST_REPORTS
],
DefaultRoleEnum.OPERATOR: [
DefaultPermissionEnum.PUBLISH_ALPHA,
DefaultPermissionEnum.PUBLISH_PRODUCTION,
DefaultPermissionEnum.EDIT_PRODUCT,
DefaultPermissionEnum.ACCESS_GIT_REPOSITORIES,
DefaultPermissionEnum.ACCESS_ISSUE_MANAGEMENT,
DefaultPermissionEnum.OPEN_BUGS,
DefaultPermissionEnum.QA_FAILED_PASSED,
DefaultPermissionEnum.QA_TEST_REPORTS,
],
DefaultRoleEnum.DEVELOPER: [
DefaultPermissionEnum.ACCESS_GIT_REPOSITORIES,
DefaultPermissionEnum.ACCESS_ISSUE_MANAGEMENT,
DefaultPermissionEnum.PUBLISH_ALPHA,
],
DefaultRoleEnum.QA: [
DefaultPermissionEnum.OPEN_BUGS,
DefaultPermissionEnum.QA_FAILED_PASSED,
DefaultPermissionEnum.QA_TEST_REPORTS,
],
}
# Initialize roles if not exist # Initialize roles if not exist
default_role_ids = [] default_role_ids = []
for default_role in [DefaultRoleEnum.ADMIN]: for default_role in DefaultRoleEnum:
if not await RoleDoc.find_one({str(RoleDoc.role_key): default_role.value.role_key}): if not await RoleDoc.find_one({str(RoleDoc.role_key): default_role.value.role_key}):
# Get permission IDs for this role
role_permission_ids = []
if default_role in role_permission_mappings:
for permission in role_permission_mappings[default_role]:
if permission.value.permission_key in permission_id_map:
role_permission_ids.append(permission_id_map[permission.value.permission_key])
doc = await RoleDoc( doc = await RoleDoc(
role_key=default_role.value.role_key, role_key=default_role.value.role_key,
role_name=default_role.value.role_name, role_name=default_role.value.role_name,
role_description=default_role.value.role_description, role_description=default_role.value.role_description,
permission_ids=default_permission_ids, permission_ids=role_permission_ids,
role_level=default_role.value.role_level, role_level=default_role.value.role_level,
is_default=True, is_default=True,
).insert() ).insert()