refactor: implement module-driven permissions and relocate business logic

File Relocations: - Delete app/config/ folder (empty after menu_registry removal) - Move feature_gate.py → app/modules/billing/dependencies/ - Move theme_presets.py → app/modules/cms/services/ Module-Driven Permissions System: - Add PermissionDefinition dataclass to app/modules/base.py - Create PermissionDiscoveryService in tenancy module - Update module definitions to declare their own permissions: - core: dashboard.view, settings.* - catalog: products.* - orders: orders.* - inventory: stock.* - customers: customers.* - tenancy: team.* - Update app/core/permissions.py to use discovery service - Role presets (owner, manager, staff, etc.) now use module permissions This follows the same pattern as module-driven menus: - Each module defines its permissions in definition.py - PermissionDiscoveryService aggregates all permissions at runtime - Tenancy module handles role-to-permission assignment Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-01 21:42:13 +01:00
parent 31e3d0fcba
commit 03395a9dfa
16 changed files with 749 additions and 121 deletions
--- a/app/modules/core/definition.py
+++ b/app/modules/core/definition.py
@@ -6,7 +6,12 @@ Dashboard, settings, and profile management.
 Required for basic operation - cannot be disabled.
 """

-from app.modules.base import MenuItemDefinition, MenuSectionDefinition, ModuleDefinition
+from app.modules.base import (
+    MenuItemDefinition,
+    MenuSectionDefinition,
+    ModuleDefinition,
+    PermissionDefinition,
+)
 from app.modules.enums import FrontendType

 core_module = ModuleDefinition(
@@ -16,6 +21,40 @@ core_module = ModuleDefinition(
    version="1.0.0",
    is_core=True,
    is_self_contained=True,
+    # Module-driven permissions
+    permissions=[
+        PermissionDefinition(
+            id="dashboard.view",
+            label_key="core.permissions.dashboard_view",
+            description_key="core.permissions.dashboard_view_desc",
+            category="dashboard",
+        ),
+        PermissionDefinition(
+            id="settings.view",
+            label_key="core.permissions.settings_view",
+            description_key="core.permissions.settings_view_desc",
+            category="settings",
+        ),
+        PermissionDefinition(
+            id="settings.edit",
+            label_key="core.permissions.settings_edit",
+            description_key="core.permissions.settings_edit_desc",
+            category="settings",
+        ),
+        PermissionDefinition(
+            id="settings.theme",
+            label_key="core.permissions.settings_theme",
+            description_key="core.permissions.settings_theme_desc",
+            category="settings",
+        ),
+        PermissionDefinition(
+            id="settings.domains",
+            label_key="core.permissions.settings_domains",
+            description_key="core.permissions.settings_domains_desc",
+            category="settings",
+            is_owner_only=True,  # Only owners can manage domains
+        ),
+    ],
    features=[
        "dashboard",
        "settings",