sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cb3bc3c1182381b0fd98206f834ce9275878f4d3
orion/app/modules/core/definition.py
Samir Boulahtit cb3bc3c118
Some checks failed
CI / pytest (push) Failing after 45m29s
Details
CI / validate (push) Successful in 24s
Details
CI / dependency-scanning (push) Successful in 28s
Details
CI / docs (push) Has been skipped
Details
CI / deploy (push) Has been skipped
Details
CI / ruff (push) Successful in 9s
Details
feat: implement complete RBAC access control with tests 
Add 4-layer access control stack (subscription → module → menu → permissions):
- P1: Wire requires_permission into menu sidebar filtering
- P2: Expose window.USER_PERMISSIONS for Alpine.js client-side gating
- P3: Add page-level permission guards on store routes
- P4: Role CRUD API endpoints and role editor UI
- P5: Audit trail for all role/permission changes

Includes unit tests (menu permission filtering, role CRUD service) and
integration tests (role API endpoints). All 404 core+tenancy tests pass.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-26 18:26:59 +01:00

194 lines
6.1 KiB
Python
Raw Blame History

# app/modules/core/definition.py
"""
Core Platform module definition.
Dashboard, settings, and profile management.
Required for basic operation - cannot be disabled.
"""
from app.modules.base import (
MenuItemDefinition,
MenuSectionDefinition,
ModuleDefinition,
PermissionDefinition,
)
from app.modules.enums import FrontendType
core_module = ModuleDefinition(
code="core",
name="Core Platform",
description="Dashboard, settings, and profile management. Required for basic operation.",
version="1.0.0",
is_core=True,
is_self_contained=True,
# Module-driven permissions
permissions=[
PermissionDefinition(
id="dashboard.view",
label_key="core.permissions.dashboard_view",
description_key="core.permissions.dashboard_view_desc",
category="dashboard",
),
PermissionDefinition(
id="settings.view",
label_key="core.permissions.settings_view",
description_key="core.permissions.settings_view_desc",
category="settings",
),
PermissionDefinition(
id="settings.edit",
label_key="core.permissions.settings_edit",
description_key="core.permissions.settings_edit_desc",
category="settings",
),
PermissionDefinition(
id="settings.theme",
label_key="core.permissions.settings_theme",
description_key="core.permissions.settings_theme_desc",
category="settings",
),
PermissionDefinition(
id="settings.domains",
label_key="core.permissions.settings_domains",
description_key="core.permissions.settings_domains_desc",
category="settings",
is_owner_only=True, # Only owners can manage domains
),
],
features=[
"dashboard",
"settings",
"profile",
],
# Legacy menu_items (IDs only)
menu_items={
FrontendType.ADMIN: [
"dashboard",
"settings",
"email-templates",
"my-menu",
],
FrontendType.STORE: [
"dashboard",
"profile",
"settings",
"email-templates",
],
FrontendType.MERCHANT: [
"dashboard",
],
},
# New module-driven menu definitions
menus={
FrontendType.ADMIN: [
MenuSectionDefinition(
id="main",
label_key=None, # No header for main section
icon=None,
order=0,
is_collapsible=False,
items=[
MenuItemDefinition(
id="dashboard",
label_key="core.menu.dashboard",
icon="home",
route="/admin/dashboard",
order=10,
is_mandatory=True,
),
],
),
MenuSectionDefinition(
id="settings",
label_key="core.menu.platform_settings",
icon="cog",
order=900,
items=[
MenuItemDefinition(
id="settings",
label_key="core.menu.general",
icon="cog",
route="/admin/settings",
order=10,
is_mandatory=True,
),
MenuItemDefinition(
id="my-menu",
label_key="core.menu.my_menu",
icon="view-grid",
route="/admin/my-menu",
order=30,
is_mandatory=True,
is_super_admin_only=True,
),
],
),
],
FrontendType.MERCHANT: [
MenuSectionDefinition(
id="main",
label_key=None,
icon=None,
order=0,
is_collapsible=False,
items=[
MenuItemDefinition(
id="dashboard",
label_key="core.menu.dashboard",
icon="home",
route="/merchants/dashboard",
order=10,
is_mandatory=True,
),
],
),
],
FrontendType.STORE: [
MenuSectionDefinition(
id="main",
label_key=None,
icon=None,
order=0,
is_collapsible=False,
items=[
MenuItemDefinition(
id="dashboard",
label_key="core.menu.dashboard",
icon="home",
route="/store/{store_code}/dashboard",
order=10,
is_mandatory=True,
requires_permission="dashboard.view",
),
],
),
MenuSectionDefinition(
id="account",
label_key="core.menu.account_settings",
icon="user",
order=900,
items=[
MenuItemDefinition(
id="profile",
label_key="core.menu.profile",
icon="user",
route="/store/{store_code}/profile",
order=10,
),
MenuItemDefinition(
id="settings",
label_key="core.menu.settings",
icon="cog",
route="/store/{store_code}/settings",
order=20,
is_mandatory=True,
requires_permission="settings.view",
),
],
),
],
},
)
__all__ = ["core_module"]
Reference in New Issue View Git Blame Copy Permalink