sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cb3bc3c1182381b0fd98206f834ce9275878f4d3
orion/app/modules/orders/routes/pages/store.py
Samir Boulahtit cb3bc3c118
Some checks failed
CI / pytest (push) Failing after 45m29s
Details
CI / validate (push) Successful in 24s
Details
CI / dependency-scanning (push) Successful in 28s
Details
CI / docs (push) Has been skipped
Details
CI / deploy (push) Has been skipped
Details
CI / ruff (push) Successful in 9s
Details
feat: implement complete RBAC access control with tests 
Add 4-layer access control stack (subscription → module → menu → permissions):
- P1: Wire requires_permission into menu sidebar filtering
- P2: Expose window.USER_PERMISSIONS for Alpine.js client-side gating
- P3: Add page-level permission guards on store routes
- P4: Role CRUD API endpoints and role editor UI
- P5: Audit trail for all role/permission changes

Includes unit tests (menu permission filtering, role CRUD service) and
integration tests (role API endpoints). All 404 core+tenancy tests pass.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-26 18:26:59 +01:00

78 lines
2.1 KiB
Python
Raw Blame History

# app/modules/orders/routes/pages/store.py
"""
Orders Store Page Routes (HTML rendering).
Store pages for order management:
- Orders list
- Order detail
"""
from fastapi import APIRouter, Depends, Path, Request
from fastapi.responses import HTMLResponse
from sqlalchemy.orm import Session
from app.api.deps import (
get_db,
get_resolved_store_code,
require_store_page_permission,
)
from app.modules.core.utils.page_context import get_store_context
from app.modules.tenancy.models import User
from app.templates_config import templates
router = APIRouter()
# ============================================================================
# ORDER MANAGEMENT
# ============================================================================
@router.get(
"/orders", response_class=HTMLResponse, include_in_schema=False
)
async def store_orders_page(
request: Request,
store_code: str = Depends(get_resolved_store_code),
current_user: User = Depends(require_store_page_permission("orders.view")),
db: Session = Depends(get_db),
):
"""
Render orders management page.
JavaScript loads order list via API.
"""
return templates.TemplateResponse(
"orders/store/orders.html",
get_store_context(request, db, current_user, store_code),
)
@router.get(
"/orders/{order_id}",
response_class=HTMLResponse,
include_in_schema=False,
)
async def store_order_detail_page(
request: Request,
store_code: str = Depends(get_resolved_store_code),
order_id: int = Path(..., description="Order ID"),
current_user: User = Depends(require_store_page_permission("orders.view")),
db: Session = Depends(get_db),
):
"""
Render order detail page.
Shows comprehensive order information including:
- Order header and status
- Customer and shipping details
- Order items with shipment status
- Invoice creation/viewing
- Partial shipment controls
JavaScript loads order details via API.
"""
return templates.TemplateResponse(
"orders/store/order-detail.html",
get_store_context(request, db, current_user, store_code, order_id=order_id),
)
Reference in New Issue View Git Blame Copy Permalink