feat: add module definition completeness validation and permissions

Add new validation rules MOD-020 to MOD-023 for module definition completeness and standardize permissions across all modules. Changes: - Add MOD-020: Module definitions must have required attributes - Add MOD-021: Modules with menus should have features - Add MOD-022: Feature modules should have permissions - Add MOD-023: Modules with routers should use get_*_with_routers pattern Module permissions added: - analytics: view, export, manage_dashboards - billing: view_tiers, manage_tiers, view_subscriptions, manage_subscriptions, view_invoices - cart: view, manage - checkout: view_settings, manage_settings - cms: view_pages, manage_pages, view_media, manage_media, manage_themes - loyalty: view_programs, manage_programs, view_rewards, manage_rewards - marketplace: view_integration, manage_integration, sync_products - messaging: view_messages, send_messages, manage_templates - payments: view_gateways, manage_gateways, view_transactions Module improvements: - Complete cart module with features and permissions - Complete checkout module with features and permissions - Add features to catalog module - Add version to cms module - Fix loyalty platform_router attachment - Add path definitions to payments module - Remove empty scheduled_tasks from dev_tools module Documentation: - Update module-system.md with new validation rules - Update architecture-rules.md with MOD-020 to MOD-023 Tests: - Add unit tests for module definition completeness - Add tests for permission structure validation Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-02 18:23:04 +01:00
parent 30a5c75e74
commit 967f08e4ba
50 changed files with 1014 additions and 66 deletions
--- a/docs/architecture/module-system.md
+++ b/docs/architecture/module-system.md
@@ -72,33 +72,35 @@ touch app/modules/mymodule/exceptions.py

 ## Three-Tier Classification

-### Core Modules (4)
+### Core Modules (5)

 Core modules are **always enabled** and cannot be disabled. They provide fundamental platform functionality.

-| Module | Description | Key Features |
-|--------|-------------|--------------|
-| `core` | Dashboard, settings, profile | Basic platform operation |
-| `tenancy` | Platform, company, vendor, admin user management | Multi-tenant infrastructure |
-| `cms` | Content pages, media library, themes | Content management |
-| `customers` | Customer database, profiles, segmentation | Customer data management |
+| Module | Description | Key Features | Permissions |
+|--------|-------------|--------------|-------------|
+| `contracts` | Cross-module protocols and interfaces | Service protocols, type-safe interfaces | - |
+| `core` | Dashboard, settings, profile | Basic platform operation | 5 |
+| `cms` | Content pages, media library, themes | Content management | 5 |
+| `customers` | Customer database, profiles, segmentation | Customer data management | 4 |
+| `tenancy` | Platform, company, vendor, admin user management | Multi-tenant infrastructure | 4 |

-### Optional Modules (10)
+### Optional Modules (11)

 Optional modules can be **enabled or disabled per platform**. They provide additional functionality that may not be needed by all platforms.

-| Module | Dependencies | Description |
-|--------|--------------|-------------|
-| `cart` | - | Shopping cart management, session-based carts |
-| `catalog` | - | Customer-facing product browsing |
-| `checkout` | `cart`, `orders`, `payments` | Cart-to-order conversion, checkout flow |
-| `payments` | - | Payment gateway integrations (Stripe, PayPal, etc.) |
-| `billing` | `payments` | Platform subscriptions, vendor invoices |
-| `inventory` | - | Stock management, locations |
-| `orders` | `payments` | Order management, customer checkout |
-| `marketplace` | `inventory` | Letzshop integration |
-| `analytics` | - | Reports, dashboards |
-| `messaging` | - | Messages, notifications |
+| Module | Dependencies | Description | Permissions |
+|--------|--------------|-------------|-------------|
+| `analytics` | - | Reports, dashboards | 3 |
+| `billing` | `payments` | Platform subscriptions, vendor invoices | 5 |
+| `cart` | `inventory` | Shopping cart management, session-based carts | 2 |
+| `catalog` | `inventory` | Customer-facing product browsing | 6 |
+| `checkout` | `cart`, `orders`, `payments`, `customers` | Cart-to-order conversion, checkout flow | 2 |
+| `inventory` | - | Stock management, locations | 3 |
+| `loyalty` | `customers` | Stamp/points loyalty programs, wallet integration | 4 |
+| `marketplace` | `inventory` | Letzshop integration | 3 |
+| `messaging` | - | Messages, notifications | 3 |
+| `orders` | `payments` | Order management, customer checkout | 4 |
+| `payments` | - | Payment gateway integrations (Stripe, PayPal, etc.) | 3 |

 ### Internal Modules (2)

@@ -167,8 +169,8 @@ Each module must have a `definition.py` with a `ModuleDefinition` instance:

 ```python
 # app/modules/analytics/definition.py
-from app.modules.base import ModuleDefinition
-from models.database.admin_menu_config import FrontendType
+from app.modules.base import ModuleDefinition, PermissionDefinition
+from app.modules.enums import FrontendType

 analytics_module = ModuleDefinition(
    # Identity
@@ -191,6 +193,22 @@ analytics_module = ModuleDefinition(
        "custom_reports",
    ],

+    # Module-driven permissions (RBAC)
+    permissions=[
+        PermissionDefinition(
+            id="analytics.view",
+            label_key="analytics.permissions.view",
+            description_key="analytics.permissions.view_desc",
+            category="analytics",
+        ),
+        PermissionDefinition(
+            id="analytics.export",
+            label_key="analytics.permissions.export",
+            description_key="analytics.permissions.export_desc",
+            category="analytics",
+        ),
+    ],
+
    # Menu items per frontend
    menu_items={
        FrontendType.ADMIN: [],  # Analytics uses dashboard
@@ -218,6 +236,7 @@ analytics_module = ModuleDefinition(
 | `version` | `str` | Semantic version (default: "1.0.0") |
 | `requires` | `list[str]` | Module codes this depends on |
 | `features` | `list[str]` | Feature codes for tier gating |
+| `permissions` | `list[PermissionDefinition]` | RBAC permission definitions |
 | `menu_items` | `dict` | Menu items per frontend type |
 | `is_core` | `bool` | Cannot be disabled if True |
 | `is_internal` | `bool` | Admin-only if True |
@@ -929,6 +948,10 @@ The architecture validator (`scripts/validate_architecture.py`) enforces module
 | MOD-017 | ERROR | Services must be in modules, not `app/services/` |
 | MOD-018 | ERROR | Tasks must be in modules, not `app/tasks/` |
 | MOD-019 | ERROR | Schemas must be in modules, not `models/schema/` |
+| MOD-020 | WARNING | Module definition must have required attributes (code, name, description, version, features) |
+| MOD-021 | WARNING | Modules with menus should have features defined |
+| MOD-022 | INFO | Feature modules should have permissions (unless internal or storefront-only) |
+| MOD-023 | INFO | Modules with routers should use `get_*_with_routers` pattern |

 Run validation:
 ```bash