From 30a0281c663430098a9eecae24ece3ff8b0c8390 Mon Sep 17 00:00:00 2001 From: Albrecht Degering Date: Fri, 10 Jul 2026 17:54:14 +0200 Subject: [PATCH] Use core auth and scope contracts --- src/govoplan_admin/backend/api/v1/routes.py | 4 ++-- src/govoplan_admin/backend/db/models.py | 2 +- src/govoplan_admin/backend/governance.py | 2 +- src/govoplan_admin/backend/manifest.py | 3 ++- 4 files changed, 6 insertions(+), 5 deletions(-) diff --git a/src/govoplan_admin/backend/api/v1/routes.py b/src/govoplan_admin/backend/api/v1/routes.py index 4fdcecb..b60979b 100644 --- a/src/govoplan_admin/backend/api/v1/routes.py +++ b/src/govoplan_admin/backend/api/v1/routes.py @@ -9,7 +9,7 @@ from sqlalchemy.orm import Session from govoplan_admin.backend.governance import create_template, delete_template, update_template from govoplan_core.admin.settings import get_system_settings -from govoplan_access.auth import ApiPrincipal, has_scope, require_any_scope, require_scope +from govoplan_core.auth import ApiPrincipal, has_scope, require_any_scope, require_scope from govoplan_core.audit.logging import audit_from_principal, audit_operation_context from govoplan_admin.backend.db.models import GovernanceTemplate, GovernanceTemplateAssignment from govoplan_core.admin.common import AdminConflictError, AdminValidationError @@ -75,8 +75,8 @@ from govoplan_core.privacy.retention import privacy_policy_from_settings, set_pr from govoplan_core.security.permissions import ALL_PERMISSIONS, effective_permission_count from govoplan_core.server.registry import available_module_manifests from govoplan_core.settings import settings as core_settings +from govoplan_core.tenancy.scope import Tenant from govoplan_core.tenancy.service import tenant_counts -from govoplan_tenancy.backend.db.models import Tenant from .schemas import ( AdminOverviewResponse, diff --git a/src/govoplan_admin/backend/db/models.py b/src/govoplan_admin/backend/db/models.py index 9f89675..e771f76 100644 --- a/src/govoplan_admin/backend/db/models.py +++ b/src/govoplan_admin/backend/db/models.py @@ -31,7 +31,7 @@ class GovernanceTemplateAssignment(Base, TimestampMixin): id: Mapped[str] = mapped_column(String(36), primary_key=True, default=new_uuid) template_id: Mapped[str] = mapped_column(ForeignKey("admin_governance_templates.id", ondelete="CASCADE"), nullable=False, index=True) - tenant_id: Mapped[str] = mapped_column(ForeignKey("tenancy_tenants.id", ondelete="CASCADE"), nullable=False, index=True) + tenant_id: Mapped[str] = mapped_column(String(36), nullable=False, index=True) mode: Mapped[str] = mapped_column(String(20), default="available", nullable=False) diff --git a/src/govoplan_admin/backend/governance.py b/src/govoplan_admin/backend/governance.py index 6c2ed0f..c343936 100644 --- a/src/govoplan_admin/backend/governance.py +++ b/src/govoplan_admin/backend/governance.py @@ -11,7 +11,7 @@ from govoplan_core.core.access import ( ) from govoplan_core.core.runtime import get_registry from govoplan_core.security.permissions import validate_tenant_permissions -from govoplan_tenancy.backend.db.models import Tenant +from govoplan_core.tenancy.scope import Tenant TEMPLATE_KINDS = {"group", "role"} ASSIGNMENT_MODES = {"available", "required"} diff --git a/src/govoplan_admin/backend/manifest.py b/src/govoplan_admin/backend/manifest.py index fec1b76..c064170 100644 --- a/src/govoplan_admin/backend/manifest.py +++ b/src/govoplan_admin/backend/manifest.py @@ -1,6 +1,7 @@ from __future__ import annotations from govoplan_admin.backend.db import models as admin_models # noqa: F401 - populate Admin ORM metadata +from govoplan_core.core.access import CAPABILITY_AUTH_PERMISSION_EVALUATOR, CAPABILITY_AUTH_PRINCIPAL_RESOLVER from govoplan_core.core.module_guards import persistent_table_uninstall_guard from govoplan_core.core.modules import MigrationSpec, ModuleContext, ModuleManifest from govoplan_core.db.base import Base @@ -17,7 +18,7 @@ manifest = ModuleManifest( id="admin", name="Admin", version="0.1.6", - dependencies=("access",), + required_capabilities=(CAPABILITY_AUTH_PRINCIPAL_RESOLVER, CAPABILITY_AUTH_PERMISSION_EVALUATOR), route_factory=_route_factory, migration_spec=MigrationSpec(module_id="admin", metadata=Base.metadata), uninstall_guard_providers=(