refactor: implement module-driven permissions and relocate business logic

File Relocations: - Delete app/config/ folder (empty after menu_registry removal) - Move feature_gate.py → app/modules/billing/dependencies/ - Move theme_presets.py → app/modules/cms/services/ Module-Driven Permissions System: - Add PermissionDefinition dataclass to app/modules/base.py - Create PermissionDiscoveryService in tenancy module - Update module definitions to declare their own permissions: - core: dashboard.view, settings.* - catalog: products.* - orders: orders.* - inventory: stock.* - customers: customers.* - tenancy: team.* - Update app/core/permissions.py to use discovery service - Role presets (owner, manager, staff, etc.) now use module permissions This follows the same pattern as module-driven menus: - Each module defines its permissions in definition.py - PermissionDiscoveryService aggregates all permissions at runtime - Tenancy module handles role-to-permission assignment Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-01 21:42:13 +01:00
parent 31e3d0fcba
commit 03395a9dfa
16 changed files with 749 additions and 121 deletions
--- a/app/modules/tenancy/definition.py
+++ b/app/modules/tenancy/definition.py
@@ -6,7 +6,12 @@ Platform, company, vendor, and admin user management.
 Required for multi-tenant operation - cannot be disabled.
 """

-from app.modules.base import MenuItemDefinition, MenuSectionDefinition, ModuleDefinition
+from app.modules.base import (
+    MenuItemDefinition,
+    MenuSectionDefinition,
+    ModuleDefinition,
+    PermissionDefinition,
+)
 from app.modules.enums import FrontendType

 tenancy_module = ModuleDefinition(
@@ -16,6 +21,36 @@ tenancy_module = ModuleDefinition(
    version="1.0.0",
    is_core=True,
    is_self_contained=True,
+    # Module-driven permissions
+    permissions=[
+        PermissionDefinition(
+            id="team.view",
+            label_key="tenancy.permissions.team_view",
+            description_key="tenancy.permissions.team_view_desc",
+            category="team",
+        ),
+        PermissionDefinition(
+            id="team.invite",
+            label_key="tenancy.permissions.team_invite",
+            description_key="tenancy.permissions.team_invite_desc",
+            category="team",
+            is_owner_only=True,
+        ),
+        PermissionDefinition(
+            id="team.edit",
+            label_key="tenancy.permissions.team_edit",
+            description_key="tenancy.permissions.team_edit_desc",
+            category="team",
+            is_owner_only=True,
+        ),
+        PermissionDefinition(
+            id="team.remove",
+            label_key="tenancy.permissions.team_remove",
+            description_key="tenancy.permissions.team_remove_desc",
+            category="team",
+            is_owner_only=True,
+        ),
+    ],
    features=[
        "platform_management",
        "company_management",