Sync Repo-docs-ACCESS-EXTRACTION-PLAN from project files

2026-07-07 02:52:53 +02:00
parent 5d11027117
commit 2938fd22ed

@@ -1,4 +1,4 @@
<!-- codex-wiki-sync:eb135ed3ebf2894e28841e36 --> <!-- codex-wiki-sync:db830bc22c5217ad6fedc13a -->
> Mirrored from `/mnt/DATA/git/govoplan-core/docs/ACCESS_EXTRACTION_PLAN.md`. > Mirrored from `/mnt/DATA/git/govoplan-core/docs/ACCESS_EXTRACTION_PLAN.md`.
> Origin: `repository`. > Origin: `repository`.
@@ -83,25 +83,11 @@ WebUI contributions without changing the core shell route wiring again.
### Current Module Consumers ### Current Module Consumers
Feature modules currently depend on core compatibility access surfaces: Feature modules no longer import core auth dependency wrappers or access-owned
ORM models. Backend routers import the access-published FastAPI dependency API
- `govoplan-files` from `govoplan_access.backend.auth.dependencies`; runtime cooperation uses
- imports `govoplan_core.auth.dependencies` kernel capabilities such as `access.directory`, `campaigns.access`,
- imports `Group` and `UserGroupMembership` for ACL decisions `campaigns.mailPolicyContext`, and `campaigns.deliveryTasks`.
- imports `Group`, `Tenant`, and `User` for file storage ownership/audit
- `govoplan-mail`
- imports `govoplan_core.auth.dependencies`
- imports `Group`, `Tenant`, `User`, and `UserGroupMembership` for mail
profile policy resolution
- imports core settings and secret helpers
- `govoplan-campaign`
- imports `govoplan_core.auth.dependencies`
- imports `Group`, `Tenant`, `User`, and `UserGroupMembership` for ownership
relationships and access decisions
- imports `govoplan_core.security.time.utc_now`
These imports are valid compatibility dependencies today. They are also the
main extraction debt to remove.
## Target Ownership ## Target Ownership
@@ -286,15 +272,17 @@ Tasks:
- Move `/api/v1/auth/*` implementation to access. - Move `/api/v1/auth/*` implementation to access.
- Move session/API-key services to access. - Move session/API-key services to access.
- Keep core route compatibility only if required by clients. - Keep core route compatibility only if required by clients.
- Replace feature-module imports of core auth dependencies with stable kernel - Replace feature-module imports of core auth dependencies with the
contracts or access-provided capabilities. access-published FastAPI dependency API.
- Add tests for login, session refresh, tenant selection, API-key auth, and - Add tests for login, session refresh, tenant selection, API-key auth, and
missing access capability failures. missing access capability failures.
Acceptance criteria: Acceptance criteria:
- Auth behavior works through the access module. - Auth behavior works through the access module.
- Feature modules do not import access internals. - Feature modules do not import access internals except the published
`govoplan_access.backend.auth.dependencies` dependency API used by FastAPI
routers.
- Core can explain startup failure clearly if auth-required routes are enabled - Core can explain startup failure clearly if auth-required routes are enabled
without the access capability. without the access capability.
@@ -391,12 +379,15 @@ Acceptance criteria:
- [x] Move `govoplan_core/access` seed package into `govoplan-access`. - [x] Move `govoplan_core/access` seed package into `govoplan-access`.
- [x] Add compatibility wrappers in core for old import paths. - [x] Add compatibility wrappers in core for old import paths.
- [x] Route existing auth dependency wrappers through access principal/evaluator capabilities. - [x] Route existing auth dependency wrappers through access principal/evaluator capabilities.
- [x] Move FastAPI auth dependency wrappers out of core and into
`govoplan-access`.
- [x] Move session, API-key, and password helper services into `govoplan-access`. - [x] Move session, API-key, and password helper services into `govoplan-access`.
- [x] Move interactive auth/session routes behind access module manifest. - [x] Move interactive auth/session routes behind access module manifest.
- [x] Move legacy admin/API-key routes behind access module manifest. - [x] Move legacy admin/API-key routes behind access module manifest.
- [x] Move access-owned legacy admin service helpers into `govoplan-access`. - [x] Move access-owned legacy admin service helpers into `govoplan-access`.
- [x] Move governance-template CRUD/materialization helpers and routes into - [x] Move governance-template CRUD helpers and routes into `govoplan-admin`.
`govoplan-admin`. - [x] Move governance-template materialization of access-owned groups and roles
behind the `access.governanceMaterializer` capability.
- [x] Replace legacy access-to-files/campaign admin lookups with module - [x] Replace legacy access-to-files/campaign admin lookups with module
tenant-summary and group-delete veto providers. tenant-summary and group-delete veto providers.
- [x] Split legacy admin route contribution across `govoplan-admin`, - [x] Split legacy admin route contribution across `govoplan-admin`,
@@ -424,6 +415,10 @@ Acceptance criteria:
depends on `govoplan-tenancy`, and the registry inserts tenancy before access. depends on `govoplan-tenancy`, and the registry inserts tenancy before access.
- [x] Replace tenancy-to-access default role seeding with an access - [x] Replace tenancy-to-access default role seeding with an access
tenant-provisioner capability. tenant-provisioner capability.
- [x] Replace tenancy-to-access owner candidate and owner membership handling
with the access tenant-provisioner capability.
- [x] Replace admin overview counts and audit actor lookup/filtering with the
`access.administration` capability.
- [x] Replace feature-module direct user/group/tenant model imports. - [x] Replace feature-module direct user/group/tenant model imports.
- [x] `govoplan-files` - [x] `govoplan-files`
- [x] `govoplan-mail` - [x] `govoplan-mail`