sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: remove backward compatibility layer for permissions

Browse Source 
- Delete app/core/permissions.py (VendorPermissions enum, PermissionGroups)
- Update all code to use permission_discovery_service directly:
  - app/api/deps.py: get_user_permissions() uses discovery service
  - app/modules/tenancy/models/vendor.py: get_all_permissions() uses discovery
  - app/modules/tenancy/routes/api/vendor_team.py: use string literals
  - app/modules/tenancy/services/vendor_team_service.py: use discovery service
  - scripts/init_production.py: use discovery service for presets

Permissions are now fully module-driven:
- Each module defines permissions in definition.py
- PermissionDiscoveryService aggregates all permissions
- Role presets reference permission IDs directly

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Samir Boulahtit
2026-02-01 21:49:11 +01:00
parent 03395a9dfa
commit 30a5c75e74
6 changed files with 36 additions and 193 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
scripts/init_production.py
View File

@@ -34,7 +34,9 @@ from app.core.config import (
)
from app.core.database import SessionLocal
from app.core.environment import is_production
from app.core.permissions import PermissionGroups
from app.modules.tenancy.services.permission_discovery_service import (
permission_discovery_service,
)
from middleware.auth import AuthManager
from app.modules.tenancy.models import AdminSetting
from app.modules.tenancy.models import User
@@ -128,11 +130,11 @@ def create_default_role_templates(db: Session) -> dict:
print_success("Role templates ready for vendor onboarding")
return {
"manager": list(PermissionGroups.MANAGER),
"staff": list(PermissionGroups.STAFF),
"support": list(PermissionGroups.SUPPORT),
"viewer": list(PermissionGroups.VIEWER),
"marketing": list(PermissionGroups.MARKETING),
"manager": list(permission_discovery_service.get_preset_permissions("manager")),
"staff": list(permission_discovery_service.get_preset_permissions("staff")),
"support": list(permission_discovery_service.get_preset_permissions("support")),
"viewer": list(permission_discovery_service.get_preset_permissions("viewer")),
"marketing": list(permission_discovery_service.get_preset_permissions("marketing")),
}