refactor: remove backward compatibility layer for permissions

- Delete app/core/permissions.py (VendorPermissions enum, PermissionGroups) - Update all code to use permission_discovery_service directly: - app/api/deps.py: get_user_permissions() uses discovery service - app/modules/tenancy/models/vendor.py: get_all_permissions() uses discovery - app/modules/tenancy/routes/api/vendor_team.py: use string literals - app/modules/tenancy/services/vendor_team_service.py: use discovery service - scripts/init_production.py: use discovery service for presets Permissions are now fully module-driven: - Each module defines permissions in definition.py - PermissionDiscoveryService aggregates all permissions - Role presets reference permission IDs directly Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-01 21:49:11 +01:00
parent 03395a9dfa
commit 30a5c75e74
6 changed files with 36 additions and 193 deletions
--- a/app/core/permissions.py
+++ b/app/core/permissions.py
@@ -1,171 +0,0 @@
-# app/core/permissions.py
-"""
-Permission constants and checking logic for RBAC.
-
-NOTE: This module now uses the module-driven permission system.
-Permissions are defined in each module's definition.py file and
-discovered by PermissionDiscoveryService.
-
-This file provides backward-compatible exports for existing code.
-New code should use:
-    from app.modules.tenancy.services.permission_discovery_service import (
-        permission_discovery_service
-    )
-"""
-
-from enum import Enum
-
-from app.modules.tenancy.services.permission_discovery_service import (
-    permission_discovery_service,
-)
-
-
-class VendorPermissions(str, Enum):
-    """
-    All available permissions within a vendor context.
-
-    NOTE: This enum is maintained for backward compatibility.
-    Permissions are now defined in module definition.py files.
-
-    Naming convention: RESOURCE_ACTION
-    """
-
-    # Dashboard (from core module)
-    DASHBOARD_VIEW = "dashboard.view"
-
-    # Products (from catalog module)
-    PRODUCTS_VIEW = "products.view"
-    PRODUCTS_CREATE = "products.create"
-    PRODUCTS_EDIT = "products.edit"
-    PRODUCTS_DELETE = "products.delete"
-    PRODUCTS_IMPORT = "products.import"
-    PRODUCTS_EXPORT = "products.export"
-
-    # Stock/Inventory (from inventory module)
-    STOCK_VIEW = "stock.view"
-    STOCK_EDIT = "stock.edit"
-    STOCK_TRANSFER = "stock.transfer"
-
-    # Orders (from orders module)
-    ORDERS_VIEW = "orders.view"
-    ORDERS_EDIT = "orders.edit"
-    ORDERS_CANCEL = "orders.cancel"
-    ORDERS_REFUND = "orders.refund"
-
-    # Customers (from customers module)
-    CUSTOMERS_VIEW = "customers.view"
-    CUSTOMERS_EDIT = "customers.edit"
-    CUSTOMERS_DELETE = "customers.delete"
-    CUSTOMERS_EXPORT = "customers.export"
-
-    # Marketing (from messaging module - to be added)
-    MARKETING_VIEW = "marketing.view"
-    MARKETING_CREATE = "marketing.create"
-    MARKETING_SEND = "marketing.send"
-
-    # Reports (from analytics module - to be added)
-    REPORTS_VIEW = "reports.view"
-    REPORTS_FINANCIAL = "reports.financial"
-    REPORTS_EXPORT = "reports.export"
-
-    # Settings (from core module)
-    SETTINGS_VIEW = "settings.view"
-    SETTINGS_EDIT = "settings.edit"
-    SETTINGS_THEME = "settings.theme"
-    SETTINGS_DOMAINS = "settings.domains"
-
-    # Team Management (from tenancy module)
-    TEAM_VIEW = "team.view"
-    TEAM_INVITE = "team.invite"
-    TEAM_EDIT = "team.edit"
-    TEAM_REMOVE = "team.remove"
-
-    # Marketplace Imports (from marketplace module - to be added)
-    IMPORTS_VIEW = "imports.view"
-    IMPORTS_CREATE = "imports.create"
-    IMPORTS_CANCEL = "imports.cancel"
-
-
-class PermissionGroups:
-    """
-    Pre-defined permission groups for common roles.
-
-    NOTE: These now delegate to permission_discovery_service for consistency.
-    """
-
-    @property
-    def OWNER(self) -> set[str]:
-        """Full access (for owners) - all permissions."""
-        return permission_discovery_service.get_preset_permissions("owner")
-
-    @property
-    def MANAGER(self) -> set[str]:
-        """Manager - Can do most things except team management."""
-        return permission_discovery_service.get_preset_permissions("manager")
-
-    @property
-    def STAFF(self) -> set[str]:
-        """Staff - Can view and edit products/orders but limited access."""
-        return permission_discovery_service.get_preset_permissions("staff")
-
-    @property
-    def SUPPORT(self) -> set[str]:
-        """Support - Can view and assist with orders/customers."""
-        return permission_discovery_service.get_preset_permissions("support")
-
-    @property
-    def VIEWER(self) -> set[str]:
-        """Viewer - Read-only access."""
-        return permission_discovery_service.get_preset_permissions("viewer")
-
-    @property
-    def MARKETING(self) -> set[str]:
-        """Marketing - Focused on marketing and customer communication."""
-        return permission_discovery_service.get_preset_permissions("marketing")
-
-
-# Singleton instance for backward compatibility
-_permission_groups = PermissionGroups()
-
-
-class PermissionChecker:
-    """Utility class for permission checking."""
-
-    @staticmethod
-    def has_permission(permissions: list[str], required_permission: str) -> bool:
-        """Check if a permission list contains a required permission."""
-        return required_permission in permissions
-
-    @staticmethod
-    def has_any_permission(
-        permissions: list[str], required_permissions: list[str]
-    ) -> bool:
-        """Check if a permission list contains ANY of the required permissions."""
-        return any(perm in permissions for perm in required_permissions)
-
-    @staticmethod
-    def has_all_permissions(
-        permissions: list[str], required_permissions: list[str]
-    ) -> bool:
-        """Check if a permission list contains ALL of the required permissions."""
-        return all(perm in permissions for perm in required_permissions)
-
-    @staticmethod
-    def get_missing_permissions(
-        permissions: list[str], required_permissions: list[str]
-    ) -> list[str]:
-        """Get list of missing permissions."""
-        return [perm for perm in required_permissions if perm not in permissions]
-
-
-def get_preset_permissions(preset_name: str) -> set[str]:
-    """
-    Get permissions for a preset role.
-
-    Args:
-        preset_name: Name of the preset (owner, manager, staff, support, viewer, marketing)
-
-    Returns:
-        Set of permission strings
-    """
-    return permission_discovery_service.get_preset_permissions(preset_name)