sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Vendor team member management features

Browse Source
This commit is contained in:
Samir Boulahtit
2025-11-14 21:08:57 +01:00
parent af23f5b88f
commit 41439eed09
10 changed files with 1786 additions and 85 deletions
Download Patch File Download Diff File Expand all files Collapse all files

203
app/core/permissions.py Normal file
View File

@@ -0,0 +1,203 @@
# app/core/permissions.py
"""
Permission constants and checking logic for RBAC.
This module defines:
- Vendor-specific permissions
- Permission groups (for easier role creation)
- Permission checking utilities
"""
from enum import Enum
from typing import List, Set
class VendorPermissions(str, Enum):
"""
All available permissions within a vendor context.
Naming convention: RESOURCE_ACTION
"""
# Dashboard
DASHBOARD_VIEW = "dashboard.view"
# Products
PRODUCTS_VIEW = "products.view"
PRODUCTS_CREATE = "products.create"
PRODUCTS_EDIT = "products.edit"
PRODUCTS_DELETE = "products.delete"
PRODUCTS_IMPORT = "products.import"
PRODUCTS_EXPORT = "products.export"
# Stock/Inventory
STOCK_VIEW = "stock.view"
STOCK_EDIT = "stock.edit"
STOCK_TRANSFER = "stock.transfer"
# Orders
ORDERS_VIEW = "orders.view"
ORDERS_EDIT = "orders.edit"
ORDERS_CANCEL = "orders.cancel"
ORDERS_REFUND = "orders.refund"
# Customers
CUSTOMERS_VIEW = "customers.view"
CUSTOMERS_EDIT = "customers.edit"
CUSTOMERS_DELETE = "customers.delete"
CUSTOMERS_EXPORT = "customers.export"
# Marketing
MARKETING_VIEW = "marketing.view"
MARKETING_CREATE = "marketing.create"
MARKETING_SEND = "marketing.send"
# Reports
REPORTS_VIEW = "reports.view"
REPORTS_FINANCIAL = "reports.financial"
REPORTS_EXPORT = "reports.export"
# Settings
SETTINGS_VIEW = "settings.view"
SETTINGS_EDIT = "settings.edit"
SETTINGS_THEME = "settings.theme"
SETTINGS_DOMAINS = "settings.domains"
# Team Management
TEAM_VIEW = "team.view"
TEAM_INVITE = "team.invite"
TEAM_EDIT = "team.edit"
TEAM_REMOVE = "team.remove"
# Marketplace Imports
IMPORTS_VIEW = "imports.view"
IMPORTS_CREATE = "imports.create"
IMPORTS_CANCEL = "imports.cancel"
class PermissionGroups:
"""Pre-defined permission groups for common roles."""
# Full access (for owners)
OWNER: Set[str] = set(p.value for p in VendorPermissions)
# Manager - Can do most things except team management and critical settings
MANAGER: Set[str] = {
VendorPermissions.DASHBOARD_VIEW.value,
VendorPermissions.PRODUCTS_VIEW.value,
VendorPermissions.PRODUCTS_CREATE.value,
VendorPermissions.PRODUCTS_EDIT.value,
VendorPermissions.PRODUCTS_DELETE.value,
VendorPermissions.PRODUCTS_IMPORT.value,
VendorPermissions.PRODUCTS_EXPORT.value,
VendorPermissions.STOCK_VIEW.value,
VendorPermissions.STOCK_EDIT.value,
VendorPermissions.STOCK_TRANSFER.value,
VendorPermissions.ORDERS_VIEW.value,
VendorPermissions.ORDERS_EDIT.value,
VendorPermissions.ORDERS_CANCEL.value,
VendorPermissions.ORDERS_REFUND.value,
VendorPermissions.CUSTOMERS_VIEW.value,
VendorPermissions.CUSTOMERS_EDIT.value,
VendorPermissions.CUSTOMERS_EXPORT.value,
VendorPermissions.MARKETING_VIEW.value,
VendorPermissions.MARKETING_CREATE.value,
VendorPermissions.MARKETING_SEND.value,
VendorPermissions.REPORTS_VIEW.value,
VendorPermissions.REPORTS_FINANCIAL.value,
VendorPermissions.REPORTS_EXPORT.value,
VendorPermissions.SETTINGS_VIEW.value,
VendorPermissions.SETTINGS_THEME.value,
VendorPermissions.IMPORTS_VIEW.value,
VendorPermissions.IMPORTS_CREATE.value,
VendorPermissions.IMPORTS_CANCEL.value,
}
# Staff - Can view and edit products/orders but limited access
STAFF: Set[str] = {
VendorPermissions.DASHBOARD_VIEW.value,
VendorPermissions.PRODUCTS_VIEW.value,
VendorPermissions.PRODUCTS_CREATE.value,
VendorPermissions.PRODUCTS_EDIT.value,
VendorPermissions.STOCK_VIEW.value,
VendorPermissions.STOCK_EDIT.value,
VendorPermissions.ORDERS_VIEW.value,
VendorPermissions.ORDERS_EDIT.value,
VendorPermissions.CUSTOMERS_VIEW.value,
VendorPermissions.CUSTOMERS_EDIT.value,
}
# Support - Can view and assist with orders/customers
SUPPORT: Set[str] = {
VendorPermissions.DASHBOARD_VIEW.value,
VendorPermissions.PRODUCTS_VIEW.value,
VendorPermissions.ORDERS_VIEW.value,
VendorPermissions.ORDERS_EDIT.value,
VendorPermissions.CUSTOMERS_VIEW.value,
VendorPermissions.CUSTOMERS_EDIT.value,
}
# Viewer - Read-only access
VIEWER: Set[str] = {
VendorPermissions.DASHBOARD_VIEW.value,
VendorPermissions.PRODUCTS_VIEW.value,
VendorPermissions.STOCK_VIEW.value,
VendorPermissions.ORDERS_VIEW.value,
VendorPermissions.CUSTOMERS_VIEW.value,
VendorPermissions.REPORTS_VIEW.value,
}
# Marketing - Focused on marketing and customer communication
MARKETING: Set[str] = {
VendorPermissions.DASHBOARD_VIEW.value,
VendorPermissions.CUSTOMERS_VIEW.value,
VendorPermissions.CUSTOMERS_EXPORT.value,
VendorPermissions.MARKETING_VIEW.value,
VendorPermissions.MARKETING_CREATE.value,
VendorPermissions.MARKETING_SEND.value,
VendorPermissions.REPORTS_VIEW.value,
}
class PermissionChecker:
"""Utility class for permission checking."""
@staticmethod
def has_permission(permissions: List[str], required_permission: str) -> bool:
"""Check if a permission list contains a required permission."""
return required_permission in permissions
@staticmethod
def has_any_permission(permissions: List[str], required_permissions: List[str]) -> bool:
"""Check if a permission list contains ANY of the required permissions."""
return any(perm in permissions for perm in required_permissions)
@staticmethod
def has_all_permissions(permissions: List[str], required_permissions: List[str]) -> bool:
"""Check if a permission list contains ALL of the required permissions."""
return all(perm in permissions for perm in required_permissions)
@staticmethod
def get_missing_permissions(permissions: List[str], required_permissions: List[str]) -> List[str]:
"""Get list of missing permissions."""
return [perm for perm in required_permissions if perm not in permissions]
# Helper function to get permissions for a role preset
def get_preset_permissions(preset_name: str) -> Set[str]:
"""
Get permissions for a preset role.
Args:
preset_name: Name of the preset (manager, staff, support, viewer, marketing)
Returns:
Set of permission strings
"""
presets = {
"owner": PermissionGroups.OWNER,
"manager": PermissionGroups.MANAGER,
"staff": PermissionGroups.STAFF,
"support": PermissionGroups.SUPPORT,
"viewer": PermissionGroups.VIEWER,
"marketing": PermissionGroups.MARKETING,
}
return presets.get(preset_name.lower(), set())