Use core auth and scope contracts

This commit is contained in:
2026-07-10 17:54:14 +02:00
parent 970625edff
commit 30a0281c66
4 changed files with 6 additions and 5 deletions

View File

@@ -9,7 +9,7 @@ from sqlalchemy.orm import Session
from govoplan_admin.backend.governance import create_template, delete_template, update_template from govoplan_admin.backend.governance import create_template, delete_template, update_template
from govoplan_core.admin.settings import get_system_settings from govoplan_core.admin.settings import get_system_settings
from govoplan_access.auth import ApiPrincipal, has_scope, require_any_scope, require_scope from govoplan_core.auth import ApiPrincipal, has_scope, require_any_scope, require_scope
from govoplan_core.audit.logging import audit_from_principal, audit_operation_context from govoplan_core.audit.logging import audit_from_principal, audit_operation_context
from govoplan_admin.backend.db.models import GovernanceTemplate, GovernanceTemplateAssignment from govoplan_admin.backend.db.models import GovernanceTemplate, GovernanceTemplateAssignment
from govoplan_core.admin.common import AdminConflictError, AdminValidationError from govoplan_core.admin.common import AdminConflictError, AdminValidationError
@@ -75,8 +75,8 @@ from govoplan_core.privacy.retention import privacy_policy_from_settings, set_pr
from govoplan_core.security.permissions import ALL_PERMISSIONS, effective_permission_count from govoplan_core.security.permissions import ALL_PERMISSIONS, effective_permission_count
from govoplan_core.server.registry import available_module_manifests from govoplan_core.server.registry import available_module_manifests
from govoplan_core.settings import settings as core_settings from govoplan_core.settings import settings as core_settings
from govoplan_core.tenancy.scope import Tenant
from govoplan_core.tenancy.service import tenant_counts from govoplan_core.tenancy.service import tenant_counts
from govoplan_tenancy.backend.db.models import Tenant
from .schemas import ( from .schemas import (
AdminOverviewResponse, AdminOverviewResponse,

View File

@@ -31,7 +31,7 @@ class GovernanceTemplateAssignment(Base, TimestampMixin):
id: Mapped[str] = mapped_column(String(36), primary_key=True, default=new_uuid) id: Mapped[str] = mapped_column(String(36), primary_key=True, default=new_uuid)
template_id: Mapped[str] = mapped_column(ForeignKey("admin_governance_templates.id", ondelete="CASCADE"), nullable=False, index=True) template_id: Mapped[str] = mapped_column(ForeignKey("admin_governance_templates.id", ondelete="CASCADE"), nullable=False, index=True)
tenant_id: Mapped[str] = mapped_column(ForeignKey("tenancy_tenants.id", ondelete="CASCADE"), nullable=False, index=True) tenant_id: Mapped[str] = mapped_column(String(36), nullable=False, index=True)
mode: Mapped[str] = mapped_column(String(20), default="available", nullable=False) mode: Mapped[str] = mapped_column(String(20), default="available", nullable=False)

View File

@@ -11,7 +11,7 @@ from govoplan_core.core.access import (
) )
from govoplan_core.core.runtime import get_registry from govoplan_core.core.runtime import get_registry
from govoplan_core.security.permissions import validate_tenant_permissions from govoplan_core.security.permissions import validate_tenant_permissions
from govoplan_tenancy.backend.db.models import Tenant from govoplan_core.tenancy.scope import Tenant
TEMPLATE_KINDS = {"group", "role"} TEMPLATE_KINDS = {"group", "role"}
ASSIGNMENT_MODES = {"available", "required"} ASSIGNMENT_MODES = {"available", "required"}

View File

@@ -1,6 +1,7 @@
from __future__ import annotations from __future__ import annotations
from govoplan_admin.backend.db import models as admin_models # noqa: F401 - populate Admin ORM metadata from govoplan_admin.backend.db import models as admin_models # noqa: F401 - populate Admin ORM metadata
from govoplan_core.core.access import CAPABILITY_AUTH_PERMISSION_EVALUATOR, CAPABILITY_AUTH_PRINCIPAL_RESOLVER
from govoplan_core.core.module_guards import persistent_table_uninstall_guard from govoplan_core.core.module_guards import persistent_table_uninstall_guard
from govoplan_core.core.modules import MigrationSpec, ModuleContext, ModuleManifest from govoplan_core.core.modules import MigrationSpec, ModuleContext, ModuleManifest
from govoplan_core.db.base import Base from govoplan_core.db.base import Base
@@ -17,7 +18,7 @@ manifest = ModuleManifest(
id="admin", id="admin",
name="Admin", name="Admin",
version="0.1.6", version="0.1.6",
dependencies=("access",), required_capabilities=(CAPABILITY_AUTH_PRINCIPAL_RESOLVER, CAPABILITY_AUTH_PERMISSION_EVALUATOR),
route_factory=_route_factory, route_factory=_route_factory,
migration_spec=MigrationSpec(module_id="admin", metadata=Base.metadata), migration_spec=MigrationSpec(module_id="admin", metadata=Base.metadata),
uninstall_guard_providers=( uninstall_guard_providers=(