diff --git a/apps/authentication/backend/models/permission/constants.py b/apps/authentication/backend/models/permission/constants.py index e5765f9..89c6104 100644 --- a/apps/authentication/backend/models/permission/constants.py +++ b/apps/authentication/backend/models/permission/constants.py @@ -1,41 +1,4 @@ -from dataclasses import dataclass -from enum import IntEnum, Enum - - -@dataclass(frozen=True) # frozen=True -class DefaultRole: - role_name: str - role_key: str - role_description: str - role_level: int - - -# Default roles, which all tenants will have, cannot be modified. -class DefaultRoleEnum(Enum): - ADMIN = DefaultRole("Admin", "admin", "Have all permissions", 1) - OPERATOR = DefaultRole("Operator", "operator", "System operator with deployment and management permissions", 10) - DEVELOPER = DefaultRole("Developer", "developer", "Developer with git and issue management access", 100) - QA = DefaultRole("QA", "qa", "Quality assurance with bug and testing permissions", 1000) - - -@dataclass(frozen=True) # frozen=True -class DefaultPermission: - permission_key: str - permission_name: str - permission_description: str - - -# Default permissions, which all tenants will have, cannot be modified. -class DefaultPermissionEnum(Enum): - INVITE_COLLABORATOR = DefaultPermission("invite:collaborator", "Add/Remove participants", "Add/Remove participants") - PUBLISH_PRODUCTION = DefaultPermission("publish:production", "Deploy to production", "Deploy to production") - EDIT_PRODUCT = DefaultPermission("edit:product", "View product management UX", "View product management UX") - ACCESS_GIT_REPOSITORIES = DefaultPermission("access:git_repositories", "Access to git repositories", "Access to git repositories") - ACCESS_ISSUE_MANAGEMENT = DefaultPermission("access:issue_management", "Access to issue management", "Access to issue management") - PUBLISH_ALPHA = DefaultPermission("publish:alpha", "Access to alpha deployment", "Access to alpha deployment") - OPEN_BUGS = DefaultPermission("open:bugs", "Open/Close/Re-open bugs", "Open/Close/Re-open bugs") - QA_FAILED_PASSED = DefaultPermission("qa:failed_passed", "Update QA status - QA failed/passed", "Update QA status - QA failed/passed") - QA_TEST_REPORTS = DefaultPermission("qa:test_reports", "Update QA status - Test reports", "Update QA status - Test reports (Test coverage)") +from enum import IntEnum class AdministrativeRole(IntEnum): diff --git a/apps/authentication/webapi/bootstrap/application.py b/apps/authentication/webapi/bootstrap/application.py index d857e7f..3f6dfb3 100644 --- a/apps/authentication/webapi/bootstrap/application.py +++ b/apps/authentication/webapi/bootstrap/application.py @@ -11,7 +11,6 @@ from webapi.providers import metrics # from webapi.providers import scheduler from webapi.providers import exception_handler -from webapi.providers import permission_initialize from .freeleaps_app import FreeleapsApp from common.config.app_settings import app_settings @@ -24,7 +23,6 @@ def create_app() -> FastAPI: register(app, exception_handler) register(app, database) register(app, router) - register(app, permission_initialize) # register(app, scheduler) register(app, common) diff --git a/apps/authentication/webapi/providers/permission_initialize.py b/apps/authentication/webapi/providers/permission_initialize.py deleted file mode 100644 index b70b897..0000000 --- a/apps/authentication/webapi/providers/permission_initialize.py +++ /dev/null @@ -1,88 +0,0 @@ -import logging - -from backend.models.permission import PermissionDoc, RoleDoc -from backend.models.permission.constants import DefaultPermissionEnum, DefaultRoleEnum - - -def register(app): - # Configure logging for pymongo - logging.getLogger("init_admin_permission").setLevel(logging.INFO) # Suppress DEBUG logs - - @app.on_event("startup") - async def init_admin_permission(): - # Initialize all permissions if not exist - permission_id_map = {} - for default_permission in DefaultPermissionEnum: - if not await PermissionDoc.find_one( - {str(PermissionDoc.permission_key): default_permission.value.permission_key}): - doc = await PermissionDoc( - permission_key=default_permission.value.permission_key, - permission_name=default_permission.value.permission_name, - description=default_permission.value.permission_description, - is_default=True, - ).insert() - permission_id_map[default_permission.value.permission_key] = str(doc.id) - else: - # Get existing permission ID - existing_doc = await PermissionDoc.find_one( - {str(PermissionDoc.permission_key): default_permission.value.permission_key}) - permission_id_map[default_permission.value.permission_key] = str(existing_doc.id) - - logging.info(f"default permissions initialized {list(permission_id_map.keys())}") - - # Define role permission mappings based on the provided data - role_permission_mappings = { - DefaultRoleEnum.ADMIN: [ - DefaultPermissionEnum.PUBLISH_ALPHA, - DefaultPermissionEnum.PUBLISH_PRODUCTION, - DefaultPermissionEnum.INVITE_COLLABORATOR, - DefaultPermissionEnum.EDIT_PRODUCT, - DefaultPermissionEnum.ACCESS_GIT_REPOSITORIES, - DefaultPermissionEnum.ACCESS_ISSUE_MANAGEMENT, - DefaultPermissionEnum.OPEN_BUGS, - DefaultPermissionEnum.QA_FAILED_PASSED, - DefaultPermissionEnum.QA_TEST_REPORTS - ], - DefaultRoleEnum.OPERATOR: [ - DefaultPermissionEnum.PUBLISH_ALPHA, - DefaultPermissionEnum.PUBLISH_PRODUCTION, - DefaultPermissionEnum.EDIT_PRODUCT, - DefaultPermissionEnum.ACCESS_GIT_REPOSITORIES, - DefaultPermissionEnum.ACCESS_ISSUE_MANAGEMENT, - DefaultPermissionEnum.OPEN_BUGS, - DefaultPermissionEnum.QA_FAILED_PASSED, - DefaultPermissionEnum.QA_TEST_REPORTS, - ], - DefaultRoleEnum.DEVELOPER: [ - DefaultPermissionEnum.ACCESS_GIT_REPOSITORIES, - DefaultPermissionEnum.ACCESS_ISSUE_MANAGEMENT, - DefaultPermissionEnum.PUBLISH_ALPHA, - ], - DefaultRoleEnum.QA: [ - DefaultPermissionEnum.OPEN_BUGS, - DefaultPermissionEnum.QA_FAILED_PASSED, - DefaultPermissionEnum.QA_TEST_REPORTS, - ], - } - - # Initialize roles if not exist - default_role_ids = [] - for default_role in DefaultRoleEnum: - if not await RoleDoc.find_one({str(RoleDoc.role_key): default_role.value.role_key}): - # Get permission IDs for this role - role_permission_ids = [] - if default_role in role_permission_mappings: - for permission in role_permission_mappings[default_role]: - if permission.value.permission_key in permission_id_map: - role_permission_ids.append(permission_id_map[permission.value.permission_key]) - - doc = await RoleDoc( - role_key=default_role.value.role_key, - role_name=default_role.value.role_name, - role_description=default_role.value.role_description, - permission_ids=role_permission_ids, - role_level=default_role.value.role_level, - is_default=True, - ).insert() - default_role_ids.append(str(doc.id)) - logging.info(f"default roles initialized {default_role_ids}") diff --git a/apps/authentication/webapi/routes/permission/create_permission.py b/apps/authentication/webapi/routes/permission/create_permission.py index 27ecd8c..e186ef7 100644 --- a/apps/authentication/webapi/routes/permission/create_permission.py +++ b/apps/authentication/webapi/routes/permission/create_permission.py @@ -4,7 +4,6 @@ from fastapi import APIRouter, Depends from pydantic import BaseModel from typing import Optional -from backend.models.permission.constants import DefaultPermissionEnum from backend.services.permission.permission_service import PermissionService from common.token.token_manager import TokenManager diff --git a/apps/authentication/webapi/routes/permission/delete_permission.py b/apps/authentication/webapi/routes/permission/delete_permission.py index 0b15f77..34038fb 100644 --- a/apps/authentication/webapi/routes/permission/delete_permission.py +++ b/apps/authentication/webapi/routes/permission/delete_permission.py @@ -1,7 +1,6 @@ from fastapi import APIRouter, Depends from pydantic import BaseModel -from backend.models.permission.constants import DefaultPermissionEnum from backend.services.permission.permission_service import PermissionService from common.token.token_manager import TokenManager @@ -27,7 +26,7 @@ class DeletePermissionResponse(BaseModel): ) async def delete_permission( req: DeletePermissionRequest, - _: bool = Depends(token_manager.has_all_permissions([DefaultPermissionEnum.INVITE_COLLABORATOR.value.permission_key])) + #_: bool = Depends(token_manager.has_all_permissions([DefaultPermissionEnum.INVITE_COLLABORATOR.value.permission_key])) ) -> DeletePermissionResponse: await permission_service.delete_permission(req.permission_id) return DeletePermissionResponse(success=True) diff --git a/apps/authentication/webapi/routes/permission/update_permission.py b/apps/authentication/webapi/routes/permission/update_permission.py index 7a87c27..073516a 100644 --- a/apps/authentication/webapi/routes/permission/update_permission.py +++ b/apps/authentication/webapi/routes/permission/update_permission.py @@ -4,7 +4,6 @@ from fastapi import APIRouter, Depends from pydantic import BaseModel from typing import Optional -from backend.models.permission.constants import DefaultPermissionEnum from backend.services.permission.permission_service import PermissionService from common.token.token_manager import TokenManager diff --git a/apps/authentication/webapi/routes/role/assign_permissions.py b/apps/authentication/webapi/routes/role/assign_permissions.py index 46a038c..51fca2a 100644 --- a/apps/authentication/webapi/routes/role/assign_permissions.py +++ b/apps/authentication/webapi/routes/role/assign_permissions.py @@ -4,7 +4,6 @@ from fastapi import APIRouter, Depends from pydantic import BaseModel from typing import List -from backend.models.permission.constants import DefaultPermissionEnum from backend.services.permission.role_service import RoleService from common.token.token_manager import TokenManager @@ -35,7 +34,7 @@ class RoleResponse(BaseModel): ) async def assign_permissions_to_role( req: AssignPermissionsRequest, - _: bool = Depends(token_manager.has_all_permissions([DefaultPermissionEnum.INVITE_COLLABORATOR.value.permission_key])) + #_: bool = Depends(token_manager.has_all_permissions([DefaultPermissionEnum.INVITE_COLLABORATOR.value.permission_key])) ) -> RoleResponse: doc = await role_service.assign_permissions_to_role(req.role_id, req.permission_ids) return RoleResponse(**doc.dict()) \ No newline at end of file diff --git a/apps/authentication/webapi/routes/role/create_role.py b/apps/authentication/webapi/routes/role/create_role.py index 1fcfc11..d68de94 100644 --- a/apps/authentication/webapi/routes/role/create_role.py +++ b/apps/authentication/webapi/routes/role/create_role.py @@ -4,7 +4,6 @@ from fastapi import APIRouter, Depends from pydantic import BaseModel from typing import Optional, List -from backend.models.permission.constants import DefaultPermissionEnum from backend.services.permission.role_service import RoleService from common.token.token_manager import TokenManager diff --git a/apps/authentication/webapi/routes/role/delete_role.py b/apps/authentication/webapi/routes/role/delete_role.py index 8cb1610..8a8832a 100644 --- a/apps/authentication/webapi/routes/role/delete_role.py +++ b/apps/authentication/webapi/routes/role/delete_role.py @@ -1,7 +1,6 @@ from fastapi import APIRouter, Depends from pydantic import BaseModel -from backend.models.permission.constants import DefaultPermissionEnum from backend.services.permission.role_service import RoleService from common.token.token_manager import TokenManager @@ -27,7 +26,7 @@ class DeleteRoleResponse(BaseModel): ) async def delete_role( req: DeleteRoleRequest, - _: bool = Depends(token_manager.has_all_permissions([DefaultPermissionEnum.INVITE_COLLABORATOR.value.permission_key])) + #_: bool = Depends(token_manager.has_all_permissions([DefaultPermissionEnum.INVITE_COLLABORATOR.value.permission_key])) ) -> DeleteRoleResponse: await role_service.delete_role(req.role_id) return DeleteRoleResponse(success=True) diff --git a/apps/authentication/webapi/routes/role/update_role.py b/apps/authentication/webapi/routes/role/update_role.py index c8788fe..137eac3 100644 --- a/apps/authentication/webapi/routes/role/update_role.py +++ b/apps/authentication/webapi/routes/role/update_role.py @@ -4,7 +4,6 @@ from fastapi import APIRouter, Depends from pydantic import BaseModel from typing import Optional, List -from backend.models.permission.constants import DefaultPermissionEnum from backend.services.permission.role_service import RoleService from common.token.token_manager import TokenManager diff --git a/apps/authentication/webapi/routes/user/assign_roles.py b/apps/authentication/webapi/routes/user/assign_roles.py index 213fadf..79b2ab3 100644 --- a/apps/authentication/webapi/routes/user/assign_roles.py +++ b/apps/authentication/webapi/routes/user/assign_roles.py @@ -3,7 +3,6 @@ from fastapi.params import Depends from pydantic import BaseModel from typing import List, Optional -from backend.models.permission.constants import DefaultPermissionEnum from backend.services.user.user_management_service import UserManagementService from common.token.token_manager import TokenManager @@ -31,7 +30,7 @@ class UserRoleResponse(BaseModel): ) async def assign_roles_to_user( req: AssignRolesRequest, - _: bool = Depends(token_manager.has_all_permissions([DefaultPermissionEnum.INVITE_COLLABORATOR.value.permission_key])), + #_: bool = Depends(token_manager.has_all_permissions([DefaultPermissionEnum.INVITE_COLLABORATOR.value.permission_key])), ) -> UserRoleResponse: doc = await user_management_service.assign_roles_to_user(req.user_id, req.role_ids) return UserRoleResponse(**doc.dict())