sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
884 Commits 1 Branch 0 Tags
1eef69f300c1b8e0e8581866de385121a8ab5ae9
Commit Graph

4 Commits

Author SHA1 Message Date
Samir Boulahtit
1eef69f300 ci: add security/performance/audit validators to pre-commit and CI
Some checks failed
CI / ruff (push) Successful in 10s
Details
CI / validate (push) Has been cancelled
Details
CI / dependency-scanning (push) Has been cancelled
Details
CI / docs (push) Has been cancelled
Details
CI / deploy (push) Has been cancelled
Details
CI / pytest (push) Has started running
Details 
- Add validate-security, validate-performance, validate-audit hooks
  to .pre-commit-config.yaml (previously only architecture was checked)
- Break single "Run all validators" CI step into 4 explicit steps
  (architecture, security, performance, audit) for clearer pipeline output
- Add noqa: SEC001 suppressions for test fixture hashed_password values

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-19 22:49:04 +01:00
Samir Boulahtit
1dcb0e6c33 feat: RBAC Phase 1 — consolidate user roles into 4-value enum
Some checks failed
CI / ruff (push) Successful in 11s
Details
CI / validate (push) Has been cancelled
Details
CI / dependency-scanning (push) Has been cancelled
Details
CI / docs (push) Has been cancelled
Details
CI / deploy (push) Has been cancelled
Details
CI / pytest (push) Has been cancelled
Details 
Consolidate User.role (2-value: admin/store) + User.is_super_admin (boolean)
into a single 4-value UserRole enum: super_admin, platform_admin,
merchant_owner, store_member. Drop stale StoreUser.user_type column.
Fix role="user" bug in merchant creation.

Key changes:
- Expand UserRole enum from 2 to 4 values with computed properties
  (is_admin, is_super_admin, is_platform_admin, is_merchant_owner, is_store_user)
- Add Alembic migration (tenancy_003) for data migration + column drops
- Remove is_super_admin from JWT token payload
- Update all auth dependencies, services, routes, templates, JS, and tests
- Update all RBAC documentation

66 files changed, 1219 unit tests passing.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-19 22:44:29 +01:00
Samir Boulahtit
ffa12f0255 test: complete remaining deps.py phases — platform, module, merchant, customer, permissions 
Add 16 tests covering: require_platform_access (super admin bypass,
platform admin with/without access), get_admin_with_platform_context,
require_module_access (super admin bypass, enabled/disabled module),
and get_user_permissions (owner gets all, member gets specific, empty).

Total: 89 tests for app/api/deps.py (all 31 functions covered).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-19 17:49:42 +01:00
Samir Boulahtit
93731b7173 test: add 73 unit tests for app/api/deps.py auth dependencies 
Cover all core authentication paths: helpers (_get_token_from_request,
_validate_user_token, _get_user_model, _validate_customer_token),
admin/store/merchant/customer auth (cookie + header + API variants),
optional auth, store permission factories, and store ownership checks.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-19 17:38:31 +01:00