sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: RBAC Phase 1 — consolidate user roles into 4-value enum
Some checks failed
CI / ruff (push) Successful in 11s
Details
CI / validate (push) Has been cancelled
Details
CI / dependency-scanning (push) Has been cancelled
Details
CI / docs (push) Has been cancelled
Details
CI / deploy (push) Has been cancelled
Details
CI / pytest (push) Has been cancelled
Details

Browse Source 
Consolidate User.role (2-value: admin/store) + User.is_super_admin (boolean)
into a single 4-value UserRole enum: super_admin, platform_admin,
merchant_owner, store_member. Drop stale StoreUser.user_type column.
Fix role="user" bug in merchant creation.

Key changes:
- Expand UserRole enum from 2 to 4 values with computed properties
  (is_admin, is_super_admin, is_platform_admin, is_merchant_owner, is_store_user)
- Add Alembic migration (tenancy_003) for data migration + column drops
- Remove is_super_admin from JWT token payload
- Update all auth dependencies, services, routes, templates, JS, and tests
- Update all RBAC documentation

66 files changed, 1219 unit tests passing.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Samir Boulahtit
2026-02-19 22:44:29 +01:00
parent ef21d47533
commit 1dcb0e6c33
67 changed files with 874 additions and 616 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
tests/unit/models/schema/test_auth.py
View File

@@ -65,19 +65,19 @@ class TestUserCreateSchema:
password="securepass", # noqa: SEC001
first_name="Admin",
last_name="User",
role="admin",
role="super_admin",
)
assert user.email == "admin@example.com"
assert user.role == "admin"
assert user.role == "super_admin"
def test_default_role_is_store(self):
"""Test default role is store."""
def test_default_role_is_store_member(self):
"""Test default role is store_member."""
user = UserCreate(
email="store@example.com",
username="storeuser",
password="securepass", # noqa: SEC001
)
assert user.role == "store"
assert user.role == "store_member"
def test_invalid_role(self):
"""Test invalid role raises ValidationError."""
@@ -135,10 +135,10 @@ class TestUserUpdateSchema:
def test_valid_role_update(self):
"""Test valid role values."""
admin_update = UserUpdate(role="admin")
store_update = UserUpdate(role="store")
assert admin_update.role == "admin"
assert store_update.role == "store"
admin_update = UserUpdate(role="super_admin")
store_update = UserUpdate(role="merchant_owner")
assert admin_update.role == "super_admin"
assert store_update.role == "merchant_owner"
def test_empty_update(self):
"""Test empty update is valid (all fields optional)."""
@@ -159,7 +159,7 @@ class TestUserResponseSchema:
"id": 1,
"email": "test@example.com",
"username": "testuser",
"role": "store",
"role": "merchant_owner",
"is_active": True,
"created_at": datetime.now(),
"updated_at": datetime.now(),
@@ -177,7 +177,7 @@ class TestUserResponseSchema:
"id": 1,
"email": "test@example.com",
"username": "testuser",
"role": "store",
"role": "merchant_owner",
"is_active": True,
"created_at": datetime.now(),
"updated_at": datetime.now(),