diff --git a/Repo-docs-ACCESS-EXTRACTION-PLAN.-.md b/Repo-docs-ACCESS-EXTRACTION-PLAN.-.md index 5bca52c..6ecdbe8 100644 --- a/Repo-docs-ACCESS-EXTRACTION-PLAN.-.md +++ b/Repo-docs-ACCESS-EXTRACTION-PLAN.-.md @@ -1,4 +1,4 @@ - + > Mirrored from `/mnt/DATA/git/govoplan-core/docs/ACCESS_EXTRACTION_PLAN.md`. > Origin: `repository`. @@ -83,25 +83,11 @@ WebUI contributions without changing the core shell route wiring again. ### Current Module Consumers -Feature modules currently depend on core compatibility access surfaces: - -- `govoplan-files` - - imports `govoplan_core.auth.dependencies` - - imports `Group` and `UserGroupMembership` for ACL decisions - - imports `Group`, `Tenant`, and `User` for file storage ownership/audit -- `govoplan-mail` - - imports `govoplan_core.auth.dependencies` - - imports `Group`, `Tenant`, `User`, and `UserGroupMembership` for mail - profile policy resolution - - imports core settings and secret helpers -- `govoplan-campaign` - - imports `govoplan_core.auth.dependencies` - - imports `Group`, `Tenant`, `User`, and `UserGroupMembership` for ownership - relationships and access decisions - - imports `govoplan_core.security.time.utc_now` - -These imports are valid compatibility dependencies today. They are also the -main extraction debt to remove. +Feature modules no longer import core auth dependency wrappers or access-owned +ORM models. Backend routers import the access-published FastAPI dependency API +from `govoplan_access.backend.auth.dependencies`; runtime cooperation uses +kernel capabilities such as `access.directory`, `campaigns.access`, +`campaigns.mailPolicyContext`, and `campaigns.deliveryTasks`. ## Target Ownership @@ -286,15 +272,17 @@ Tasks: - Move `/api/v1/auth/*` implementation to access. - Move session/API-key services to access. - Keep core route compatibility only if required by clients. -- Replace feature-module imports of core auth dependencies with stable kernel - contracts or access-provided capabilities. +- Replace feature-module imports of core auth dependencies with the + access-published FastAPI dependency API. - Add tests for login, session refresh, tenant selection, API-key auth, and missing access capability failures. Acceptance criteria: - Auth behavior works through the access module. -- Feature modules do not import access internals. +- Feature modules do not import access internals except the published + `govoplan_access.backend.auth.dependencies` dependency API used by FastAPI + routers. - Core can explain startup failure clearly if auth-required routes are enabled without the access capability. @@ -391,12 +379,15 @@ Acceptance criteria: - [x] Move `govoplan_core/access` seed package into `govoplan-access`. - [x] Add compatibility wrappers in core for old import paths. - [x] Route existing auth dependency wrappers through access principal/evaluator capabilities. +- [x] Move FastAPI auth dependency wrappers out of core and into + `govoplan-access`. - [x] Move session, API-key, and password helper services into `govoplan-access`. - [x] Move interactive auth/session routes behind access module manifest. - [x] Move legacy admin/API-key routes behind access module manifest. - [x] Move access-owned legacy admin service helpers into `govoplan-access`. -- [x] Move governance-template CRUD/materialization helpers and routes into - `govoplan-admin`. +- [x] Move governance-template CRUD helpers and routes into `govoplan-admin`. +- [x] Move governance-template materialization of access-owned groups and roles + behind the `access.governanceMaterializer` capability. - [x] Replace legacy access-to-files/campaign admin lookups with module tenant-summary and group-delete veto providers. - [x] Split legacy admin route contribution across `govoplan-admin`, @@ -424,6 +415,10 @@ Acceptance criteria: depends on `govoplan-tenancy`, and the registry inserts tenancy before access. - [x] Replace tenancy-to-access default role seeding with an access tenant-provisioner capability. +- [x] Replace tenancy-to-access owner candidate and owner membership handling + with the access tenant-provisioner capability. +- [x] Replace admin overview counts and audit actor lookup/filtering with the + `access.administration` capability. - [x] Replace feature-module direct user/group/tenant model imports. - [x] `govoplan-files` - [x] `govoplan-mail`