chore(role&permission): remove definitions of roles and permissions from authentication
This commit is contained in:
YuehuCao
parent
49770da205
commit
f01dd755aa
@ -1,41 +1,4 @@
|
||||
from dataclasses import dataclass
|
||||
from enum import IntEnum, Enum
|
||||
|
||||
|
||||
@dataclass(frozen=True) # frozen=True
|
||||
class DefaultRole:
|
||||
role_name: str
|
||||
role_key: str
|
||||
role_description: str
|
||||
role_level: int
|
||||
|
||||
|
||||
# Default roles, which all tenants will have, cannot be modified.
|
||||
class DefaultRoleEnum(Enum):
|
||||
ADMIN = DefaultRole("Admin", "admin", "Have all permissions", 1)
|
||||
OPERATOR = DefaultRole("Operator", "operator", "System operator with deployment and management permissions", 10)
|
||||
DEVELOPER = DefaultRole("Developer", "developer", "Developer with git and issue management access", 100)
|
||||
QA = DefaultRole("QA", "qa", "Quality assurance with bug and testing permissions", 1000)
|
||||
|
||||
|
||||
@dataclass(frozen=True) # frozen=True
|
||||
class DefaultPermission:
|
||||
permission_key: str
|
||||
permission_name: str
|
||||
permission_description: str
|
||||
|
||||
|
||||
# Default permissions, which all tenants will have, cannot be modified.
|
||||
class DefaultPermissionEnum(Enum):
|
||||
INVITE_COLLABORATOR = DefaultPermission("invite:collaborator", "Add/Remove participants", "Add/Remove participants")
|
||||
PUBLISH_PRODUCTION = DefaultPermission("publish:production", "Deploy to production", "Deploy to production")
|
||||
EDIT_PRODUCT = DefaultPermission("edit:product", "View product management UX", "View product management UX")
|
||||
ACCESS_GIT_REPOSITORIES = DefaultPermission("access:git_repositories", "Access to git repositories", "Access to git repositories")
|
||||
ACCESS_ISSUE_MANAGEMENT = DefaultPermission("access:issue_management", "Access to issue management", "Access to issue management")
|
||||
PUBLISH_ALPHA = DefaultPermission("publish:alpha", "Access to alpha deployment", "Access to alpha deployment")
|
||||
OPEN_BUGS = DefaultPermission("open:bugs", "Open/Close/Re-open bugs", "Open/Close/Re-open bugs")
|
||||
QA_FAILED_PASSED = DefaultPermission("qa:failed_passed", "Update QA status - QA failed/passed", "Update QA status - QA failed/passed")
|
||||
QA_TEST_REPORTS = DefaultPermission("qa:test_reports", "Update QA status - Test reports", "Update QA status - Test reports (Test coverage)")
|
||||
from enum import IntEnum
|
||||
|
||||
|
||||
class AdministrativeRole(IntEnum):
|
||||
|
||||
@ -11,7 +11,6 @@ from webapi.providers import metrics
|
||||
|
||||
# from webapi.providers import scheduler
|
||||
from webapi.providers import exception_handler
|
||||
from webapi.providers import permission_initialize
|
||||
from .freeleaps_app import FreeleapsApp
|
||||
from common.config.app_settings import app_settings
|
||||
|
||||
@ -24,7 +23,6 @@ def create_app() -> FastAPI:
|
||||
register(app, exception_handler)
|
||||
register(app, database)
|
||||
register(app, router)
|
||||
register(app, permission_initialize)
|
||||
# register(app, scheduler)
|
||||
register(app, common)
|
||||
|
||||
|
||||
@ -1,88 +0,0 @@
|
||||
import logging
|
||||
|
||||
from backend.models.permission import PermissionDoc, RoleDoc
|
||||
from backend.models.permission.constants import DefaultPermissionEnum, DefaultRoleEnum
|
||||
|
||||
|
||||
def register(app):
|
||||
# Configure logging for pymongo
|
||||
logging.getLogger("init_admin_permission").setLevel(logging.INFO) # Suppress DEBUG logs
|
||||
|
||||
@app.on_event("startup")
|
||||
async def init_admin_permission():
|
||||
# Initialize all permissions if not exist
|
||||
permission_id_map = {}
|
||||
for default_permission in DefaultPermissionEnum:
|
||||
if not await PermissionDoc.find_one(
|
||||
{str(PermissionDoc.permission_key): default_permission.value.permission_key}):
|
||||
doc = await PermissionDoc(
|
||||
permission_key=default_permission.value.permission_key,
|
||||
permission_name=default_permission.value.permission_name,
|
||||
description=default_permission.value.permission_description,
|
||||
is_default=True,
|
||||
).insert()
|
||||
permission_id_map[default_permission.value.permission_key] = str(doc.id)
|
||||
else:
|
||||
# Get existing permission ID
|
||||
existing_doc = await PermissionDoc.find_one(
|
||||
{str(PermissionDoc.permission_key): default_permission.value.permission_key})
|
||||
permission_id_map[default_permission.value.permission_key] = str(existing_doc.id)
|
||||
|
||||
logging.info(f"default permissions initialized {list(permission_id_map.keys())}")
|
||||
|
||||
# Define role permission mappings based on the provided data
|
||||
role_permission_mappings = {
|
||||
DefaultRoleEnum.ADMIN: [
|
||||
DefaultPermissionEnum.PUBLISH_ALPHA,
|
||||
DefaultPermissionEnum.PUBLISH_PRODUCTION,
|
||||
DefaultPermissionEnum.INVITE_COLLABORATOR,
|
||||
DefaultPermissionEnum.EDIT_PRODUCT,
|
||||
DefaultPermissionEnum.ACCESS_GIT_REPOSITORIES,
|
||||
DefaultPermissionEnum.ACCESS_ISSUE_MANAGEMENT,
|
||||
DefaultPermissionEnum.OPEN_BUGS,
|
||||
DefaultPermissionEnum.QA_FAILED_PASSED,
|
||||
DefaultPermissionEnum.QA_TEST_REPORTS
|
||||
],
|
||||
DefaultRoleEnum.OPERATOR: [
|
||||
DefaultPermissionEnum.PUBLISH_ALPHA,
|
||||
DefaultPermissionEnum.PUBLISH_PRODUCTION,
|
||||
DefaultPermissionEnum.EDIT_PRODUCT,
|
||||
DefaultPermissionEnum.ACCESS_GIT_REPOSITORIES,
|
||||
DefaultPermissionEnum.ACCESS_ISSUE_MANAGEMENT,
|
||||
DefaultPermissionEnum.OPEN_BUGS,
|
||||
DefaultPermissionEnum.QA_FAILED_PASSED,
|
||||
DefaultPermissionEnum.QA_TEST_REPORTS,
|
||||
],
|
||||
DefaultRoleEnum.DEVELOPER: [
|
||||
DefaultPermissionEnum.ACCESS_GIT_REPOSITORIES,
|
||||
DefaultPermissionEnum.ACCESS_ISSUE_MANAGEMENT,
|
||||
DefaultPermissionEnum.PUBLISH_ALPHA,
|
||||
],
|
||||
DefaultRoleEnum.QA: [
|
||||
DefaultPermissionEnum.OPEN_BUGS,
|
||||
DefaultPermissionEnum.QA_FAILED_PASSED,
|
||||
DefaultPermissionEnum.QA_TEST_REPORTS,
|
||||
],
|
||||
}
|
||||
|
||||
# Initialize roles if not exist
|
||||
default_role_ids = []
|
||||
for default_role in DefaultRoleEnum:
|
||||
if not await RoleDoc.find_one({str(RoleDoc.role_key): default_role.value.role_key}):
|
||||
# Get permission IDs for this role
|
||||
role_permission_ids = []
|
||||
if default_role in role_permission_mappings:
|
||||
for permission in role_permission_mappings[default_role]:
|
||||
if permission.value.permission_key in permission_id_map:
|
||||
role_permission_ids.append(permission_id_map[permission.value.permission_key])
|
||||
|
||||
doc = await RoleDoc(
|
||||
role_key=default_role.value.role_key,
|
||||
role_name=default_role.value.role_name,
|
||||
role_description=default_role.value.role_description,
|
||||
permission_ids=role_permission_ids,
|
||||
role_level=default_role.value.role_level,
|
||||
is_default=True,
|
||||
).insert()
|
||||
default_role_ids.append(str(doc.id))
|
||||
logging.info(f"default roles initialized {default_role_ids}")
|
||||
@ -4,7 +4,6 @@ from fastapi import APIRouter, Depends
|
||||
from pydantic import BaseModel
|
||||
from typing import Optional
|
||||
|
||||
from backend.models.permission.constants import DefaultPermissionEnum
|
||||
from backend.services.permission.permission_service import PermissionService
|
||||
from common.token.token_manager import TokenManager
|
||||
|
||||
|
||||
@ -1,7 +1,6 @@
|
||||
from fastapi import APIRouter, Depends
|
||||
from pydantic import BaseModel
|
||||
|
||||
from backend.models.permission.constants import DefaultPermissionEnum
|
||||
from backend.services.permission.permission_service import PermissionService
|
||||
from common.token.token_manager import TokenManager
|
||||
|
||||
@ -27,7 +26,7 @@ class DeletePermissionResponse(BaseModel):
|
||||
)
|
||||
async def delete_permission(
|
||||
req: DeletePermissionRequest,
|
||||
_: bool = Depends(token_manager.has_all_permissions([DefaultPermissionEnum.INVITE_COLLABORATOR.value.permission_key]))
|
||||
#_: bool = Depends(token_manager.has_all_permissions([DefaultPermissionEnum.INVITE_COLLABORATOR.value.permission_key]))
|
||||
) -> DeletePermissionResponse:
|
||||
await permission_service.delete_permission(req.permission_id)
|
||||
return DeletePermissionResponse(success=True)
|
||||
|
||||
@ -4,7 +4,6 @@ from fastapi import APIRouter, Depends
|
||||
from pydantic import BaseModel
|
||||
from typing import Optional
|
||||
|
||||
from backend.models.permission.constants import DefaultPermissionEnum
|
||||
from backend.services.permission.permission_service import PermissionService
|
||||
from common.token.token_manager import TokenManager
|
||||
|
||||
|
||||
@ -4,7 +4,6 @@ from fastapi import APIRouter, Depends
|
||||
from pydantic import BaseModel
|
||||
from typing import List
|
||||
|
||||
from backend.models.permission.constants import DefaultPermissionEnum
|
||||
from backend.services.permission.role_service import RoleService
|
||||
from common.token.token_manager import TokenManager
|
||||
|
||||
@ -35,7 +34,7 @@ class RoleResponse(BaseModel):
|
||||
)
|
||||
async def assign_permissions_to_role(
|
||||
req: AssignPermissionsRequest,
|
||||
_: bool = Depends(token_manager.has_all_permissions([DefaultPermissionEnum.INVITE_COLLABORATOR.value.permission_key]))
|
||||
#_: bool = Depends(token_manager.has_all_permissions([DefaultPermissionEnum.INVITE_COLLABORATOR.value.permission_key]))
|
||||
) -> RoleResponse:
|
||||
doc = await role_service.assign_permissions_to_role(req.role_id, req.permission_ids)
|
||||
return RoleResponse(**doc.dict())
|
||||
@ -4,7 +4,6 @@ from fastapi import APIRouter, Depends
|
||||
from pydantic import BaseModel
|
||||
from typing import Optional, List
|
||||
|
||||
from backend.models.permission.constants import DefaultPermissionEnum
|
||||
from backend.services.permission.role_service import RoleService
|
||||
from common.token.token_manager import TokenManager
|
||||
|
||||
|
||||
@ -1,7 +1,6 @@
|
||||
from fastapi import APIRouter, Depends
|
||||
from pydantic import BaseModel
|
||||
|
||||
from backend.models.permission.constants import DefaultPermissionEnum
|
||||
from backend.services.permission.role_service import RoleService
|
||||
from common.token.token_manager import TokenManager
|
||||
|
||||
@ -27,7 +26,7 @@ class DeleteRoleResponse(BaseModel):
|
||||
)
|
||||
async def delete_role(
|
||||
req: DeleteRoleRequest,
|
||||
_: bool = Depends(token_manager.has_all_permissions([DefaultPermissionEnum.INVITE_COLLABORATOR.value.permission_key]))
|
||||
#_: bool = Depends(token_manager.has_all_permissions([DefaultPermissionEnum.INVITE_COLLABORATOR.value.permission_key]))
|
||||
) -> DeleteRoleResponse:
|
||||
await role_service.delete_role(req.role_id)
|
||||
return DeleteRoleResponse(success=True)
|
||||
|
||||
@ -4,7 +4,6 @@ from fastapi import APIRouter, Depends
|
||||
from pydantic import BaseModel
|
||||
from typing import Optional, List
|
||||
|
||||
from backend.models.permission.constants import DefaultPermissionEnum
|
||||
from backend.services.permission.role_service import RoleService
|
||||
from common.token.token_manager import TokenManager
|
||||
|
||||
|
||||
@ -3,7 +3,6 @@ from fastapi.params import Depends
|
||||
from pydantic import BaseModel
|
||||
from typing import List, Optional
|
||||
|
||||
from backend.models.permission.constants import DefaultPermissionEnum
|
||||
from backend.services.user.user_management_service import UserManagementService
|
||||
from common.token.token_manager import TokenManager
|
||||
|
||||
@ -31,7 +30,7 @@ class UserRoleResponse(BaseModel):
|
||||
)
|
||||
async def assign_roles_to_user(
|
||||
req: AssignRolesRequest,
|
||||
_: bool = Depends(token_manager.has_all_permissions([DefaultPermissionEnum.INVITE_COLLABORATOR.value.permission_key])),
|
||||
#_: bool = Depends(token_manager.has_all_permissions([DefaultPermissionEnum.INVITE_COLLABORATOR.value.permission_key])),
|
||||
) -> UserRoleResponse:
|
||||
doc = await user_management_service.assign_roles_to_user(req.user_id, req.role_ids)
|
||||
return UserRoleResponse(**doc.dict())
|
||||
|
||||
Loading…
Reference in New Issue
Block a user