Sync GovOPlaN module state
This commit is contained in:
@@ -45,9 +45,10 @@ importing access internals:
|
||||
`UserRef`, `GroupRef`, `RoleRef`, `IdentityRef`,
|
||||
`OrganizationUnitRef`, `FunctionRef`, `FunctionAssignmentRef`,
|
||||
`FunctionDelegationRef`, `AccessDecisionProvenance`,
|
||||
`PrincipalResolver`, `AccessDirectory`, `AccessSemanticDirectory`,
|
||||
`PermissionEvaluator`, `AccessExplanationService`,
|
||||
`TenantAccessProvisioner`, `AccessAdministration`, and
|
||||
`ApiPrincipalProvider`, `TenantContextSwitcher`, `PrincipalResolver`,
|
||||
`AccessDirectory`, `AccessSemanticDirectory`, `PermissionEvaluator`,
|
||||
`AccessExplanationService`, `TenantAccessProvisioner`,
|
||||
`AccessAdministration`, and
|
||||
`AccessGovernanceMaterializer`
|
||||
- health, platform metadata, and module startup ordering
|
||||
- generic security helpers that are not access-state semantics, such as
|
||||
@@ -81,12 +82,21 @@ contracts. New module code should pass around `PrincipalRef` or primitive IDs.
|
||||
- optional `acting_for_account_id` for acting-in-place flows
|
||||
- optional display fields `email` and `display_name`
|
||||
|
||||
`/api/v1/auth/me`, `/api/v1/auth/login`, profile refreshes, and tenant switches
|
||||
include this payload as `principal` alongside the existing compatibility
|
||||
fields. Modules that need current user context should prefer
|
||||
`auth.principal`/`AuthInfo.principal` in the WebUI and
|
||||
`govoplan_core.auth` is now backed by the `auth.apiPrincipalProvider`
|
||||
capability. The access module provides that capability; core no longer imports
|
||||
access auth dependencies directly. `/api/v1/auth/me`, `/api/v1/auth/login`,
|
||||
profile refreshes, and tenant switches include this payload as `principal`
|
||||
alongside the existing compatibility fields. Modules that need current user
|
||||
context should prefer `auth.principal`/`AuthInfo.principal` in the WebUI and
|
||||
`principal.to_platform_principal()` in backend request handlers.
|
||||
|
||||
Interactive tenant context switching is exposed through
|
||||
`auth.tenantContextSwitcher`. The existing `/api/v1/auth/switch-tenant` route
|
||||
remains for API compatibility; `govoplan-tenancy` also contributes
|
||||
`/api/v1/tenancy/switch-tenant`. Both delegate to the same access-owned session
|
||||
switch behavior. Lifecycle code must use the capability instead of importing
|
||||
`govoplan_access.backend.security.sessions`.
|
||||
|
||||
## Identity And Function Boundary
|
||||
|
||||
The full semantic model is documented in
|
||||
|
||||
Reference in New Issue
Block a user