mish/evo-sync
1
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 5 Wiki Activity
Files
5ead89e0cf1db9fa88ac2edc18d40a2f4c59402d
evo-sync/web/auth/rbac.py
mguschin 5ead89e0cf feat: Evotor user lifecycle, RBAC, admin panel 
- Receive Evotor webhooks: POST /user/create, /user/verify, /user/token
- Create users in pending status; match to existing users by email/phone
- Send invite link via Celery notification task; user sets password at /invite
- Abstract EmailProvider/SMSProvider with ConsoleEmailProvider default
- Role-based access control: role enum on users + roles/permissions tables
- Admin panel: /admin/users (list, filter, search, paginate), user detail card
  with activate/suspend/reset-password/send-invite/edit/delete actions
- Admin roles management: /admin/roles with per-role permission assignment
- Extend user profile card: role, status, Evotor ID, email confirmation badge
- Auth routes: register, login, logout, confirm-email, forgot/reset password
- Alembic migrations 0002 (full schema + new fields) and 0003 (RBAC + seeds)
- Port Pico CSS + Bootstrap Icons UI from Node.js commit (854c912)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-28 12:01:36 +03:00

36 lines
1.3 KiB
Python
Raw Blame History

from fastapi import Depends, HTTPException
from sqlalchemy.orm import Session
from starlette.requests import Request
from web.auth.session import get_current_user
from web.database import get_db
from web.models.rbac import Permission, UserRole, role_permissions
from web.models.user import User, UserRoleEnum
def require_role(*roles: str):
def dep(request: Request, db: Session = Depends(get_db)) -> User:
user = get_current_user(request, db)
if user.role.value not in roles:
raise HTTPException(status_code=403, detail="Недостаточно прав")
return user
return Depends(dep)
def require_permission(permission_name: str):
def dep(request: Request, db: Session = Depends(get_db)) -> User:
user = get_current_user(request, db)
if user.role == UserRoleEnum.system:
return user
has = (
db.query(Permission)
.join(role_permissions, Permission.id == role_permissions.c.permission_id)
.join(UserRole, UserRole.role_id == role_permissions.c.role_id)
.filter(UserRole.user_id == user.id, Permission.name == permission_name)
.first()
)
if not has:
raise HTTPException(status_code=403, detail="Недостаточно прав")
return user
return Depends(dep)
Reference in New Issue View Git Blame Copy Permalink