sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: implement module-driven permissions and relocate business logic

Browse Source 
File Relocations:
- Delete app/config/ folder (empty after menu_registry removal)
- Move feature_gate.py → app/modules/billing/dependencies/
- Move theme_presets.py → app/modules/cms/services/

Module-Driven Permissions System:
- Add PermissionDefinition dataclass to app/modules/base.py
- Create PermissionDiscoveryService in tenancy module
- Update module definitions to declare their own permissions:
  - core: dashboard.view, settings.*
  - catalog: products.*
  - orders: orders.*
  - inventory: stock.*
  - customers: customers.*
  - tenancy: team.*
- Update app/core/permissions.py to use discovery service
- Role presets (owner, manager, staff, etc.) now use module permissions

This follows the same pattern as module-driven menus:
- Each module defines its permissions in definition.py
- PermissionDiscoveryService aggregates all permissions at runtime
- Tenancy module handles role-to-permission assignment

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Samir Boulahtit
2026-02-01 21:42:13 +01:00
parent 31e3d0fcba
commit 03395a9dfa
16 changed files with 749 additions and 121 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
app/modules/orders/definition.py
View File

@@ -6,7 +6,12 @@ Defines the orders module including its features, menu items,
route configurations, and self-contained module settings.
"""
from app.modules.base import MenuItemDefinition, MenuSectionDefinition, ModuleDefinition
from app.modules.base import (
MenuItemDefinition,
MenuSectionDefinition,
ModuleDefinition,
PermissionDefinition,
)
from app.modules.enums import FrontendType
@@ -34,6 +39,33 @@ orders_module = ModuleDefinition(
),
version="1.0.0",
requires=["payments"], # Depends on payments module for checkout
# Module-driven permissions
permissions=[
PermissionDefinition(
id="orders.view",
label_key="orders.permissions.orders_view",
description_key="orders.permissions.orders_view_desc",
category="orders",
),
PermissionDefinition(
id="orders.edit",
label_key="orders.permissions.orders_edit",
description_key="orders.permissions.orders_edit_desc",
category="orders",
),
PermissionDefinition(
id="orders.cancel",
label_key="orders.permissions.orders_cancel",
description_key="orders.permissions.orders_cancel_desc",
category="orders",
),
PermissionDefinition(
id="orders.refund",
label_key="orders.permissions.orders_refund",
description_key="orders.permissions.orders_refund_desc",
category="orders",
),
],
features=[
"order_management", # Basic order CRUD
"order_bulk_actions", # Bulk status updates

2
app/modules/orders/routes/api/vendor_invoices.py
View File

@@ -33,7 +33,7 @@ from sqlalchemy.orm import Session
from app.api.deps import get_current_vendor_api, require_module_access
from app.core.database import get_db
from app.core.feature_gate import RequireFeature
from app.modules.billing.dependencies.feature_gate import RequireFeature
from app.modules.orders.exceptions import (
InvoicePDFNotFoundException,
)