sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: RBAC Phase 1 — consolidate user roles into 4-value enum
Some checks failed
CI / ruff (push) Successful in 11s
Details
CI / validate (push) Has been cancelled
Details
CI / dependency-scanning (push) Has been cancelled
Details
CI / docs (push) Has been cancelled
Details
CI / deploy (push) Has been cancelled
Details
CI / pytest (push) Has been cancelled
Details

Browse Source 
Consolidate User.role (2-value: admin/store) + User.is_super_admin (boolean)
into a single 4-value UserRole enum: super_admin, platform_admin,
merchant_owner, store_member. Drop stale StoreUser.user_type column.
Fix role="user" bug in merchant creation.

Key changes:
- Expand UserRole enum from 2 to 4 values with computed properties
  (is_admin, is_super_admin, is_platform_admin, is_merchant_owner, is_store_user)
- Add Alembic migration (tenancy_003) for data migration + column drops
- Remove is_super_admin from JWT token payload
- Update all auth dependencies, services, routes, templates, JS, and tests
- Update all RBAC documentation

66 files changed, 1219 unit tests passing.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Samir Boulahtit
2026-02-19 22:44:29 +01:00
parent ef21d47533
commit 1dcb0e6c33
67 changed files with 874 additions and 616 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/modules/billing/tests/integration/test_admin_routes.py
View File

@@ -80,7 +80,7 @@ def rt_merchant(db, rt_platform):
email=f"merchant_{uuid.uuid4().hex[:8]}@test.com",
username=f"merchant_{uuid.uuid4().hex[:8]}",
hashed_password=auth.hash_password("pass123"),
role="store",
role="merchant_owner",
is_active=True,
)
db.add(owner)

4
app/modules/billing/tests/integration/test_merchant_routes.py
View File

@@ -43,7 +43,7 @@ def merch_owner(db):
email=f"merchowner_{uuid.uuid4().hex[:8]}@test.com",
username=f"merchowner_{uuid.uuid4().hex[:8]}",
hashed_password=auth.hash_password("merchpass123"),
role="store",
role="merchant_owner",
is_active=True,
)
db.add(user)
@@ -160,7 +160,7 @@ def merch_auth_headers(merch_owner, merch_merchant):
id=merch_owner.id,
email=merch_owner.email,
username=merch_owner.username,
role="store",
role="merchant_owner",
is_active=True,
)

7
app/modules/billing/tests/integration/test_store_routes.py
View File

@@ -24,7 +24,7 @@ from app.modules.billing.models import (
SubscriptionTier,
)
from app.modules.tenancy.models import Merchant, Platform, Store, User
from app.modules.tenancy.models.store import StoreUser, StoreUserType
from app.modules.tenancy.models.store import StoreUser
from app.modules.tenancy.models.store_platform import StorePlatform
# ============================================================================
@@ -65,7 +65,7 @@ def store_full_setup(db, store_platform):
email=f"storeowner_{uid}@test.com",
username=f"storeowner_{uid}",
hashed_password=auth.hash_password("storepass123"),
role="store",
role="merchant_owner",
is_active=True,
is_email_verified=True,
)
@@ -98,11 +98,10 @@ def store_full_setup(db, store_platform):
db.commit()
db.refresh(store)
# 4. Create StoreUser (owner association)
# 4. Create StoreUser (ownership determined via Merchant.owner_user_id)
store_user = StoreUser(
store_id=store.id,
user_id=owner.id,
user_type=StoreUserType.OWNER.value,
is_active=True,
)
db.add(store_user)