Use core auth and scope contracts
This commit is contained in:
@@ -9,7 +9,7 @@ from sqlalchemy.orm import Session
|
|||||||
|
|
||||||
from govoplan_admin.backend.governance import create_template, delete_template, update_template
|
from govoplan_admin.backend.governance import create_template, delete_template, update_template
|
||||||
from govoplan_core.admin.settings import get_system_settings
|
from govoplan_core.admin.settings import get_system_settings
|
||||||
from govoplan_access.auth import ApiPrincipal, has_scope, require_any_scope, require_scope
|
from govoplan_core.auth import ApiPrincipal, has_scope, require_any_scope, require_scope
|
||||||
from govoplan_core.audit.logging import audit_from_principal, audit_operation_context
|
from govoplan_core.audit.logging import audit_from_principal, audit_operation_context
|
||||||
from govoplan_admin.backend.db.models import GovernanceTemplate, GovernanceTemplateAssignment
|
from govoplan_admin.backend.db.models import GovernanceTemplate, GovernanceTemplateAssignment
|
||||||
from govoplan_core.admin.common import AdminConflictError, AdminValidationError
|
from govoplan_core.admin.common import AdminConflictError, AdminValidationError
|
||||||
@@ -75,8 +75,8 @@ from govoplan_core.privacy.retention import privacy_policy_from_settings, set_pr
|
|||||||
from govoplan_core.security.permissions import ALL_PERMISSIONS, effective_permission_count
|
from govoplan_core.security.permissions import ALL_PERMISSIONS, effective_permission_count
|
||||||
from govoplan_core.server.registry import available_module_manifests
|
from govoplan_core.server.registry import available_module_manifests
|
||||||
from govoplan_core.settings import settings as core_settings
|
from govoplan_core.settings import settings as core_settings
|
||||||
|
from govoplan_core.tenancy.scope import Tenant
|
||||||
from govoplan_core.tenancy.service import tenant_counts
|
from govoplan_core.tenancy.service import tenant_counts
|
||||||
from govoplan_tenancy.backend.db.models import Tenant
|
|
||||||
|
|
||||||
from .schemas import (
|
from .schemas import (
|
||||||
AdminOverviewResponse,
|
AdminOverviewResponse,
|
||||||
|
|||||||
@@ -31,7 +31,7 @@ class GovernanceTemplateAssignment(Base, TimestampMixin):
|
|||||||
|
|
||||||
id: Mapped[str] = mapped_column(String(36), primary_key=True, default=new_uuid)
|
id: Mapped[str] = mapped_column(String(36), primary_key=True, default=new_uuid)
|
||||||
template_id: Mapped[str] = mapped_column(ForeignKey("admin_governance_templates.id", ondelete="CASCADE"), nullable=False, index=True)
|
template_id: Mapped[str] = mapped_column(ForeignKey("admin_governance_templates.id", ondelete="CASCADE"), nullable=False, index=True)
|
||||||
tenant_id: Mapped[str] = mapped_column(ForeignKey("tenancy_tenants.id", ondelete="CASCADE"), nullable=False, index=True)
|
tenant_id: Mapped[str] = mapped_column(String(36), nullable=False, index=True)
|
||||||
mode: Mapped[str] = mapped_column(String(20), default="available", nullable=False)
|
mode: Mapped[str] = mapped_column(String(20), default="available", nullable=False)
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -11,7 +11,7 @@ from govoplan_core.core.access import (
|
|||||||
)
|
)
|
||||||
from govoplan_core.core.runtime import get_registry
|
from govoplan_core.core.runtime import get_registry
|
||||||
from govoplan_core.security.permissions import validate_tenant_permissions
|
from govoplan_core.security.permissions import validate_tenant_permissions
|
||||||
from govoplan_tenancy.backend.db.models import Tenant
|
from govoplan_core.tenancy.scope import Tenant
|
||||||
|
|
||||||
TEMPLATE_KINDS = {"group", "role"}
|
TEMPLATE_KINDS = {"group", "role"}
|
||||||
ASSIGNMENT_MODES = {"available", "required"}
|
ASSIGNMENT_MODES = {"available", "required"}
|
||||||
|
|||||||
@@ -1,6 +1,7 @@
|
|||||||
from __future__ import annotations
|
from __future__ import annotations
|
||||||
|
|
||||||
from govoplan_admin.backend.db import models as admin_models # noqa: F401 - populate Admin ORM metadata
|
from govoplan_admin.backend.db import models as admin_models # noqa: F401 - populate Admin ORM metadata
|
||||||
|
from govoplan_core.core.access import CAPABILITY_AUTH_PERMISSION_EVALUATOR, CAPABILITY_AUTH_PRINCIPAL_RESOLVER
|
||||||
from govoplan_core.core.module_guards import persistent_table_uninstall_guard
|
from govoplan_core.core.module_guards import persistent_table_uninstall_guard
|
||||||
from govoplan_core.core.modules import MigrationSpec, ModuleContext, ModuleManifest
|
from govoplan_core.core.modules import MigrationSpec, ModuleContext, ModuleManifest
|
||||||
from govoplan_core.db.base import Base
|
from govoplan_core.db.base import Base
|
||||||
@@ -17,7 +18,7 @@ manifest = ModuleManifest(
|
|||||||
id="admin",
|
id="admin",
|
||||||
name="Admin",
|
name="Admin",
|
||||||
version="0.1.6",
|
version="0.1.6",
|
||||||
dependencies=("access",),
|
required_capabilities=(CAPABILITY_AUTH_PRINCIPAL_RESOLVER, CAPABILITY_AUTH_PERMISSION_EVALUATOR),
|
||||||
route_factory=_route_factory,
|
route_factory=_route_factory,
|
||||||
migration_spec=MigrationSpec(module_id="admin", metadata=Base.metadata),
|
migration_spec=MigrationSpec(module_id="admin", metadata=Base.metadata),
|
||||||
uninstall_guard_providers=(
|
uninstall_guard_providers=(
|
||||||
|
|||||||
Reference in New Issue
Block a user