Vendor team member management features

2025-11-14 21:08:57 +01:00
parent af23f5b88f
commit 41439eed09
10 changed files with 1786 additions and 85 deletions
--- a/app/api/deps.py
+++ b/app/api/deps.py
@@ -498,3 +498,179 @@ def get_user_vendor(

    # User doesn't have access to this vendor
    raise UnauthorizedVendorAccessException(vendor_code, current_user.id)
+
+# ============================================================================
+# PERMISSIONS CHECKING
+# ============================================================================
+
+def require_vendor_permission(permission: str):
+    """
+    Dependency factory to require a specific vendor permission.
+
+    Usage:
+        @router.get("/products")
+        def list_products(
+            vendor: Vendor = Depends(get_vendor_from_code),
+            user: User = Depends(require_vendor_permission(VendorPermissions.PRODUCTS_VIEW.value))
+        ):
+            ...
+    """
+
+    def permission_checker(
+            request: Request,
+            db: Session = Depends(get_db),
+            current_user: User = Depends(get_current_vendor_from_cookie_or_header),
+    ) -> User:
+        # Get vendor from request state (set by middleware)
+        vendor = getattr(request.state, "vendor", None)
+        if not vendor:
+            raise VendorAccessDeniedException("No vendor context")
+
+        # Check if user has permission
+        if not current_user.has_vendor_permission(vendor.id, permission):
+            raise InsufficientVendorPermissionsException(
+                required_permission=permission,
+                vendor_code=vendor.vendor_code,
+            )
+
+        return current_user
+
+    return permission_checker
+
+
+def require_vendor_owner(
+        request: Request,
+        db: Session = Depends(get_db),
+        current_user: User = Depends(get_current_vendor_from_cookie_or_header),
+) -> User:
+    """
+    Dependency to require vendor owner role.
+
+    Usage:
+        @router.delete("/team/{user_id}")
+        def remove_team_member(
+            user: User = Depends(require_vendor_owner)
+        ):
+            ...
+    """
+    vendor = getattr(request.state, "vendor", None)
+    if not vendor:
+        raise VendorAccessDeniedException("No vendor context")
+
+    if not current_user.is_owner_of(vendor.id):
+        raise VendorOwnerOnlyException(
+            operation="team management",
+            vendor_code=vendor.vendor_code,
+        )
+
+    return current_user
+
+
+def require_any_vendor_permission(*permissions: str):
+    """
+    Dependency factory to require ANY of the specified permissions.
+
+    Usage:
+        @router.get("/dashboard")
+        def dashboard(
+            user: User = Depends(require_any_vendor_permission(
+                VendorPermissions.DASHBOARD_VIEW.value,
+                VendorPermissions.REPORTS_VIEW.value
+            ))
+        ):
+            ...
+    """
+
+    def permission_checker(
+            request: Request,
+            db: Session = Depends(get_db),
+            current_user: User = Depends(get_current_vendor_from_cookie_or_header),
+    ) -> User:
+        vendor = getattr(request.state, "vendor", None)
+        if not vendor:
+            raise VendorAccessDeniedException("No vendor context")
+
+        # Check if user has ANY of the required permissions
+        has_permission = any(
+            current_user.has_vendor_permission(vendor.id, perm)
+            for perm in permissions
+        )
+
+        if not has_permission:
+            raise InsufficientVendorPermissionsException(
+                required_permission=f"Any of: {', '.join(permissions)}",
+                vendor_code=vendor.vendor_code,
+            )
+
+        return current_user
+
+    return permission_checker
+
+
+def require_all_vendor_permissions(*permissions: str):
+    """
+    Dependency factory to require ALL of the specified permissions.
+
+    Usage:
+        @router.post("/products/bulk-delete")
+        def bulk_delete_products(
+            user: User = Depends(require_all_vendor_permissions(
+                VendorPermissions.PRODUCTS_VIEW.value,
+                VendorPermissions.PRODUCTS_DELETE.value
+            ))
+        ):
+            ...
+    """
+
+    def permission_checker(
+            request: Request,
+            db: Session = Depends(get_db),
+            current_user: User = Depends(get_current_vendor_from_cookie_or_header),
+    ) -> User:
+        vendor = getattr(request.state, "vendor", None)
+        if not vendor:
+            raise VendorAccessDeniedException("No vendor context")
+
+        # Check if user has ALL required permissions
+        missing_permissions = [
+            perm for perm in permissions
+            if not current_user.has_vendor_permission(vendor.id, perm)
+        ]
+
+        if missing_permissions:
+            raise InsufficientVendorPermissionsException(
+                required_permission=f"All of: {', '.join(permissions)}",
+                vendor_code=vendor.vendor_code,
+            )
+
+        return current_user
+
+    return permission_checker
+
+
+def get_user_permissions(
+        request: Request,
+        current_user: User = Depends(get_current_vendor_from_cookie_or_header),
+) -> list:
+    """
+    Get all permissions for current user in current vendor.
+
+    Returns empty list if no vendor context.
+    """
+    vendor = getattr(request.state, "vendor", None)
+    if not vendor:
+        return []
+
+    # If owner, return all permissions
+    if current_user.is_owner_of(vendor.id):
+        from app.core.permissions import VendorPermissions
+        return [p.value for p in VendorPermissions]
+
+    # Get permissions from vendor membership
+    for vm in current_user.vendor_memberships:
+        if vm.vendor_id == vendor.id and vm.is_active:
+            return vm.get_all_permissions()
+
+    return []
+
+