feat(roles): add admin store roles page, permission i18n, and menu integration

- Add admin store roles page with merchant→store cascading for superadmin and store-only selection for platform admin - Add permission catalog API with translated labels/descriptions (en/fr/de/lb) - Add permission translations to all 15 module locale files (60 files total) - Add info icon tooltips for permission descriptions in role editor - Add store roles menu item and admin menu item in module definition - Fix store-selector.js URL construction bug when apiEndpoint has query params - Add admin store roles API (CRUD + platform scoping) - Add integration tests for admin store roles and permission catalog Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-26 23:31:27 +01:00
parent 2b55e7458b
commit f95db7c0b1
83 changed files with 3491 additions and 513 deletions
--- a/app/modules/tenancy/routes/api/store_team.py
+++ b/app/modules/tenancy/routes/api/store_team.py
@@ -28,6 +28,7 @@ from app.modules.tenancy.schemas.team import (
    InvitationAccept,
    InvitationAcceptResponse,
    InvitationResponse,
+    PermissionCatalogResponse,
    RoleCreate,
    RoleListResponse,
    RoleResponse,
@@ -42,7 +43,11 @@ from app.modules.tenancy.schemas.team import (

 # Permission IDs are now defined in module definition.py files
 # and discovered by PermissionDiscoveryService
+from app.modules.tenancy.services.permission_discovery_service import (
+    permission_discovery_service,
+)
 from app.modules.tenancy.services.store_team_service import store_team_service
+from app.utils.i18n import translate
 from models.schema.auth import UserContext

 store_team_router = APIRouter(prefix="/team")
@@ -480,6 +485,57 @@ def delete_role(
 # ============================================================================


+@store_team_router.get(
+    "/permissions/catalog", response_model=PermissionCatalogResponse
+)
+def get_permission_catalog(
+    request: Request,
+    current_user: UserContext = Depends(
+        require_store_permission("team.view")
+    ),
+):
+    """
+    Get the full permission catalog grouped by category.
+
+    **Required Permission:** `team.view`
+
+    Returns all available permissions with labels and descriptions,
+    grouped by category. Used by the role editor UI for displaying
+    permission checkboxes with human-readable names and tooltips.
+    """
+    categories = permission_discovery_service.get_permissions_by_category()
+    lang = current_user.preferred_language or getattr(
+        request.state, "language", "en"
+    )
+
+    def _t(key: str) -> str:
+        """Translate key, falling back to readable version."""
+        translated = translate(key, language=lang)
+        if translated == key:
+            parts = key.split(".")
+            return parts[-1].replace("_", " ").title()
+        return translated
+
+    return PermissionCatalogResponse(
+        categories=[
+            {
+                "id": cat.id,
+                "label": _t(cat.label_key),
+                "permissions": [
+                    {
+                        "id": p.id,
+                        "label": _t(p.label_key),
+                        "description": _t(p.description_key),
+                        "is_owner_only": p.is_owner_only,
+                    }
+                    for p in cat.permissions
+                ],
+            }
+            for cat in categories
+        ]
+    )
+
+
@store_team_router.get("/me/permissions", response_model=UserPermissionsResponse)
 def get_my_permissions(
    request: Request,