chore(role&permission): remove definitions of roles and permissions from authentication
This commit is contained in:
YuehuCao
parent
49770da205
commit
f01dd755aa
@ -1,41 +1,4 @@
|
|||||||
from dataclasses import dataclass
|
from enum import IntEnum
|
||||||
from enum import IntEnum, Enum
|
|
||||||
|
|
||||||
|
|
||||||
@dataclass(frozen=True) # frozen=True
|
|
||||||
class DefaultRole:
|
|
||||||
role_name: str
|
|
||||||
role_key: str
|
|
||||||
role_description: str
|
|
||||||
role_level: int
|
|
||||||
|
|
||||||
|
|
||||||
# Default roles, which all tenants will have, cannot be modified.
|
|
||||||
class DefaultRoleEnum(Enum):
|
|
||||||
ADMIN = DefaultRole("Admin", "admin", "Have all permissions", 1)
|
|
||||||
OPERATOR = DefaultRole("Operator", "operator", "System operator with deployment and management permissions", 10)
|
|
||||||
DEVELOPER = DefaultRole("Developer", "developer", "Developer with git and issue management access", 100)
|
|
||||||
QA = DefaultRole("QA", "qa", "Quality assurance with bug and testing permissions", 1000)
|
|
||||||
|
|
||||||
|
|
||||||
@dataclass(frozen=True) # frozen=True
|
|
||||||
class DefaultPermission:
|
|
||||||
permission_key: str
|
|
||||||
permission_name: str
|
|
||||||
permission_description: str
|
|
||||||
|
|
||||||
|
|
||||||
# Default permissions, which all tenants will have, cannot be modified.
|
|
||||||
class DefaultPermissionEnum(Enum):
|
|
||||||
INVITE_COLLABORATOR = DefaultPermission("invite:collaborator", "Add/Remove participants", "Add/Remove participants")
|
|
||||||
PUBLISH_PRODUCTION = DefaultPermission("publish:production", "Deploy to production", "Deploy to production")
|
|
||||||
EDIT_PRODUCT = DefaultPermission("edit:product", "View product management UX", "View product management UX")
|
|
||||||
ACCESS_GIT_REPOSITORIES = DefaultPermission("access:git_repositories", "Access to git repositories", "Access to git repositories")
|
|
||||||
ACCESS_ISSUE_MANAGEMENT = DefaultPermission("access:issue_management", "Access to issue management", "Access to issue management")
|
|
||||||
PUBLISH_ALPHA = DefaultPermission("publish:alpha", "Access to alpha deployment", "Access to alpha deployment")
|
|
||||||
OPEN_BUGS = DefaultPermission("open:bugs", "Open/Close/Re-open bugs", "Open/Close/Re-open bugs")
|
|
||||||
QA_FAILED_PASSED = DefaultPermission("qa:failed_passed", "Update QA status - QA failed/passed", "Update QA status - QA failed/passed")
|
|
||||||
QA_TEST_REPORTS = DefaultPermission("qa:test_reports", "Update QA status - Test reports", "Update QA status - Test reports (Test coverage)")
|
|
||||||
|
|
||||||
|
|
||||||
class AdministrativeRole(IntEnum):
|
class AdministrativeRole(IntEnum):
|
||||||
|
|||||||
@ -11,7 +11,6 @@ from webapi.providers import metrics
|
|||||||
|
|
||||||
# from webapi.providers import scheduler
|
# from webapi.providers import scheduler
|
||||||
from webapi.providers import exception_handler
|
from webapi.providers import exception_handler
|
||||||
from webapi.providers import permission_initialize
|
|
||||||
from .freeleaps_app import FreeleapsApp
|
from .freeleaps_app import FreeleapsApp
|
||||||
from common.config.app_settings import app_settings
|
from common.config.app_settings import app_settings
|
||||||
|
|
||||||
@ -24,7 +23,6 @@ def create_app() -> FastAPI:
|
|||||||
register(app, exception_handler)
|
register(app, exception_handler)
|
||||||
register(app, database)
|
register(app, database)
|
||||||
register(app, router)
|
register(app, router)
|
||||||
register(app, permission_initialize)
|
|
||||||
# register(app, scheduler)
|
# register(app, scheduler)
|
||||||
register(app, common)
|
register(app, common)
|
||||||
|
|
||||||
|
|||||||
@ -1,88 +0,0 @@
|
|||||||
import logging
|
|
||||||
|
|
||||||
from backend.models.permission import PermissionDoc, RoleDoc
|
|
||||||
from backend.models.permission.constants import DefaultPermissionEnum, DefaultRoleEnum
|
|
||||||
|
|
||||||
|
|
||||||
def register(app):
|
|
||||||
# Configure logging for pymongo
|
|
||||||
logging.getLogger("init_admin_permission").setLevel(logging.INFO) # Suppress DEBUG logs
|
|
||||||
|
|
||||||
@app.on_event("startup")
|
|
||||||
async def init_admin_permission():
|
|
||||||
# Initialize all permissions if not exist
|
|
||||||
permission_id_map = {}
|
|
||||||
for default_permission in DefaultPermissionEnum:
|
|
||||||
if not await PermissionDoc.find_one(
|
|
||||||
{str(PermissionDoc.permission_key): default_permission.value.permission_key}):
|
|
||||||
doc = await PermissionDoc(
|
|
||||||
permission_key=default_permission.value.permission_key,
|
|
||||||
permission_name=default_permission.value.permission_name,
|
|
||||||
description=default_permission.value.permission_description,
|
|
||||||
is_default=True,
|
|
||||||
).insert()
|
|
||||||
permission_id_map[default_permission.value.permission_key] = str(doc.id)
|
|
||||||
else:
|
|
||||||
# Get existing permission ID
|
|
||||||
existing_doc = await PermissionDoc.find_one(
|
|
||||||
{str(PermissionDoc.permission_key): default_permission.value.permission_key})
|
|
||||||
permission_id_map[default_permission.value.permission_key] = str(existing_doc.id)
|
|
||||||
|
|
||||||
logging.info(f"default permissions initialized {list(permission_id_map.keys())}")
|
|
||||||
|
|
||||||
# Define role permission mappings based on the provided data
|
|
||||||
role_permission_mappings = {
|
|
||||||
DefaultRoleEnum.ADMIN: [
|
|
||||||
DefaultPermissionEnum.PUBLISH_ALPHA,
|
|
||||||
DefaultPermissionEnum.PUBLISH_PRODUCTION,
|
|
||||||
DefaultPermissionEnum.INVITE_COLLABORATOR,
|
|
||||||
DefaultPermissionEnum.EDIT_PRODUCT,
|
|
||||||
DefaultPermissionEnum.ACCESS_GIT_REPOSITORIES,
|
|
||||||
DefaultPermissionEnum.ACCESS_ISSUE_MANAGEMENT,
|
|
||||||
DefaultPermissionEnum.OPEN_BUGS,
|
|
||||||
DefaultPermissionEnum.QA_FAILED_PASSED,
|
|
||||||
DefaultPermissionEnum.QA_TEST_REPORTS
|
|
||||||
],
|
|
||||||
DefaultRoleEnum.OPERATOR: [
|
|
||||||
DefaultPermissionEnum.PUBLISH_ALPHA,
|
|
||||||
DefaultPermissionEnum.PUBLISH_PRODUCTION,
|
|
||||||
DefaultPermissionEnum.EDIT_PRODUCT,
|
|
||||||
DefaultPermissionEnum.ACCESS_GIT_REPOSITORIES,
|
|
||||||
DefaultPermissionEnum.ACCESS_ISSUE_MANAGEMENT,
|
|
||||||
DefaultPermissionEnum.OPEN_BUGS,
|
|
||||||
DefaultPermissionEnum.QA_FAILED_PASSED,
|
|
||||||
DefaultPermissionEnum.QA_TEST_REPORTS,
|
|
||||||
],
|
|
||||||
DefaultRoleEnum.DEVELOPER: [
|
|
||||||
DefaultPermissionEnum.ACCESS_GIT_REPOSITORIES,
|
|
||||||
DefaultPermissionEnum.ACCESS_ISSUE_MANAGEMENT,
|
|
||||||
DefaultPermissionEnum.PUBLISH_ALPHA,
|
|
||||||
],
|
|
||||||
DefaultRoleEnum.QA: [
|
|
||||||
DefaultPermissionEnum.OPEN_BUGS,
|
|
||||||
DefaultPermissionEnum.QA_FAILED_PASSED,
|
|
||||||
DefaultPermissionEnum.QA_TEST_REPORTS,
|
|
||||||
],
|
|
||||||
}
|
|
||||||
|
|
||||||
# Initialize roles if not exist
|
|
||||||
default_role_ids = []
|
|
||||||
for default_role in DefaultRoleEnum:
|
|
||||||
if not await RoleDoc.find_one({str(RoleDoc.role_key): default_role.value.role_key}):
|
|
||||||
# Get permission IDs for this role
|
|
||||||
role_permission_ids = []
|
|
||||||
if default_role in role_permission_mappings:
|
|
||||||
for permission in role_permission_mappings[default_role]:
|
|
||||||
if permission.value.permission_key in permission_id_map:
|
|
||||||
role_permission_ids.append(permission_id_map[permission.value.permission_key])
|
|
||||||
|
|
||||||
doc = await RoleDoc(
|
|
||||||
role_key=default_role.value.role_key,
|
|
||||||
role_name=default_role.value.role_name,
|
|
||||||
role_description=default_role.value.role_description,
|
|
||||||
permission_ids=role_permission_ids,
|
|
||||||
role_level=default_role.value.role_level,
|
|
||||||
is_default=True,
|
|
||||||
).insert()
|
|
||||||
default_role_ids.append(str(doc.id))
|
|
||||||
logging.info(f"default roles initialized {default_role_ids}")
|
|
||||||
@ -4,7 +4,6 @@ from fastapi import APIRouter, Depends
|
|||||||
from pydantic import BaseModel
|
from pydantic import BaseModel
|
||||||
from typing import Optional
|
from typing import Optional
|
||||||
|
|
||||||
from backend.models.permission.constants import DefaultPermissionEnum
|
|
||||||
from backend.services.permission.permission_service import PermissionService
|
from backend.services.permission.permission_service import PermissionService
|
||||||
from common.token.token_manager import TokenManager
|
from common.token.token_manager import TokenManager
|
||||||
|
|
||||||
|
|||||||
@ -1,7 +1,6 @@
|
|||||||
from fastapi import APIRouter, Depends
|
from fastapi import APIRouter, Depends
|
||||||
from pydantic import BaseModel
|
from pydantic import BaseModel
|
||||||
|
|
||||||
from backend.models.permission.constants import DefaultPermissionEnum
|
|
||||||
from backend.services.permission.permission_service import PermissionService
|
from backend.services.permission.permission_service import PermissionService
|
||||||
from common.token.token_manager import TokenManager
|
from common.token.token_manager import TokenManager
|
||||||
|
|
||||||
@ -27,7 +26,7 @@ class DeletePermissionResponse(BaseModel):
|
|||||||
)
|
)
|
||||||
async def delete_permission(
|
async def delete_permission(
|
||||||
req: DeletePermissionRequest,
|
req: DeletePermissionRequest,
|
||||||
_: bool = Depends(token_manager.has_all_permissions([DefaultPermissionEnum.INVITE_COLLABORATOR.value.permission_key]))
|
#_: bool = Depends(token_manager.has_all_permissions([DefaultPermissionEnum.INVITE_COLLABORATOR.value.permission_key]))
|
||||||
) -> DeletePermissionResponse:
|
) -> DeletePermissionResponse:
|
||||||
await permission_service.delete_permission(req.permission_id)
|
await permission_service.delete_permission(req.permission_id)
|
||||||
return DeletePermissionResponse(success=True)
|
return DeletePermissionResponse(success=True)
|
||||||
|
|||||||
@ -4,7 +4,6 @@ from fastapi import APIRouter, Depends
|
|||||||
from pydantic import BaseModel
|
from pydantic import BaseModel
|
||||||
from typing import Optional
|
from typing import Optional
|
||||||
|
|
||||||
from backend.models.permission.constants import DefaultPermissionEnum
|
|
||||||
from backend.services.permission.permission_service import PermissionService
|
from backend.services.permission.permission_service import PermissionService
|
||||||
from common.token.token_manager import TokenManager
|
from common.token.token_manager import TokenManager
|
||||||
|
|
||||||
|
|||||||
@ -4,7 +4,6 @@ from fastapi import APIRouter, Depends
|
|||||||
from pydantic import BaseModel
|
from pydantic import BaseModel
|
||||||
from typing import List
|
from typing import List
|
||||||
|
|
||||||
from backend.models.permission.constants import DefaultPermissionEnum
|
|
||||||
from backend.services.permission.role_service import RoleService
|
from backend.services.permission.role_service import RoleService
|
||||||
from common.token.token_manager import TokenManager
|
from common.token.token_manager import TokenManager
|
||||||
|
|
||||||
@ -35,7 +34,7 @@ class RoleResponse(BaseModel):
|
|||||||
)
|
)
|
||||||
async def assign_permissions_to_role(
|
async def assign_permissions_to_role(
|
||||||
req: AssignPermissionsRequest,
|
req: AssignPermissionsRequest,
|
||||||
_: bool = Depends(token_manager.has_all_permissions([DefaultPermissionEnum.INVITE_COLLABORATOR.value.permission_key]))
|
#_: bool = Depends(token_manager.has_all_permissions([DefaultPermissionEnum.INVITE_COLLABORATOR.value.permission_key]))
|
||||||
) -> RoleResponse:
|
) -> RoleResponse:
|
||||||
doc = await role_service.assign_permissions_to_role(req.role_id, req.permission_ids)
|
doc = await role_service.assign_permissions_to_role(req.role_id, req.permission_ids)
|
||||||
return RoleResponse(**doc.dict())
|
return RoleResponse(**doc.dict())
|
||||||
@ -4,7 +4,6 @@ from fastapi import APIRouter, Depends
|
|||||||
from pydantic import BaseModel
|
from pydantic import BaseModel
|
||||||
from typing import Optional, List
|
from typing import Optional, List
|
||||||
|
|
||||||
from backend.models.permission.constants import DefaultPermissionEnum
|
|
||||||
from backend.services.permission.role_service import RoleService
|
from backend.services.permission.role_service import RoleService
|
||||||
from common.token.token_manager import TokenManager
|
from common.token.token_manager import TokenManager
|
||||||
|
|
||||||
|
|||||||
@ -1,7 +1,6 @@
|
|||||||
from fastapi import APIRouter, Depends
|
from fastapi import APIRouter, Depends
|
||||||
from pydantic import BaseModel
|
from pydantic import BaseModel
|
||||||
|
|
||||||
from backend.models.permission.constants import DefaultPermissionEnum
|
|
||||||
from backend.services.permission.role_service import RoleService
|
from backend.services.permission.role_service import RoleService
|
||||||
from common.token.token_manager import TokenManager
|
from common.token.token_manager import TokenManager
|
||||||
|
|
||||||
@ -27,7 +26,7 @@ class DeleteRoleResponse(BaseModel):
|
|||||||
)
|
)
|
||||||
async def delete_role(
|
async def delete_role(
|
||||||
req: DeleteRoleRequest,
|
req: DeleteRoleRequest,
|
||||||
_: bool = Depends(token_manager.has_all_permissions([DefaultPermissionEnum.INVITE_COLLABORATOR.value.permission_key]))
|
#_: bool = Depends(token_manager.has_all_permissions([DefaultPermissionEnum.INVITE_COLLABORATOR.value.permission_key]))
|
||||||
) -> DeleteRoleResponse:
|
) -> DeleteRoleResponse:
|
||||||
await role_service.delete_role(req.role_id)
|
await role_service.delete_role(req.role_id)
|
||||||
return DeleteRoleResponse(success=True)
|
return DeleteRoleResponse(success=True)
|
||||||
|
|||||||
@ -4,7 +4,6 @@ from fastapi import APIRouter, Depends
|
|||||||
from pydantic import BaseModel
|
from pydantic import BaseModel
|
||||||
from typing import Optional, List
|
from typing import Optional, List
|
||||||
|
|
||||||
from backend.models.permission.constants import DefaultPermissionEnum
|
|
||||||
from backend.services.permission.role_service import RoleService
|
from backend.services.permission.role_service import RoleService
|
||||||
from common.token.token_manager import TokenManager
|
from common.token.token_manager import TokenManager
|
||||||
|
|
||||||
|
|||||||
@ -3,7 +3,6 @@ from fastapi.params import Depends
|
|||||||
from pydantic import BaseModel
|
from pydantic import BaseModel
|
||||||
from typing import List, Optional
|
from typing import List, Optional
|
||||||
|
|
||||||
from backend.models.permission.constants import DefaultPermissionEnum
|
|
||||||
from backend.services.user.user_management_service import UserManagementService
|
from backend.services.user.user_management_service import UserManagementService
|
||||||
from common.token.token_manager import TokenManager
|
from common.token.token_manager import TokenManager
|
||||||
|
|
||||||
@ -31,7 +30,7 @@ class UserRoleResponse(BaseModel):
|
|||||||
)
|
)
|
||||||
async def assign_roles_to_user(
|
async def assign_roles_to_user(
|
||||||
req: AssignRolesRequest,
|
req: AssignRolesRequest,
|
||||||
_: bool = Depends(token_manager.has_all_permissions([DefaultPermissionEnum.INVITE_COLLABORATOR.value.permission_key])),
|
#_: bool = Depends(token_manager.has_all_permissions([DefaultPermissionEnum.INVITE_COLLABORATOR.value.permission_key])),
|
||||||
) -> UserRoleResponse:
|
) -> UserRoleResponse:
|
||||||
doc = await user_management_service.assign_roles_to_user(req.user_id, req.role_ids)
|
doc = await user_management_service.assign_roles_to_user(req.user_id, req.role_ids)
|
||||||
return UserRoleResponse(**doc.dict())
|
return UserRoleResponse(**doc.dict())
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user