counterweight/arbret
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor(auth): unify authorization patterns with MANAGE_OWN_PROFILE permission

Browse source 
Issue #2: The profile route used a custom role-based check instead
of the permission-based pattern used everywhere else.

Changes:
- Add MANAGE_OWN_PROFILE permission to backend Permission enum
- Add permission to ROLE_REGULAR role definition
- Update profile routes to use require_permission(MANAGE_OWN_PROFILE)
- Remove custom require_regular_user dependency
- Update frontend Permission constant and profile page
- Update invites page to use permission instead of role check
- Update profile tests with proper permission mocking

This ensures consistent authorization patterns across all routes.
This commit is contained in:
counterweight 2025-12-21 23:50:06 +01:00
parent 81cd34b0e7
commit 21698203fe
Signed by: counterweight
GPG key ID: 883EDBAA726BD96C
7 changed files with 40 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

4
backend/models.py
View file

@ -40,6 +40,9 @@ class Permission(str, PyEnum):
# Audit permissions
VIEW_AUDIT = "view_audit"
# Profile permissions
MANAGE_OWN_PROFILE = "manage_own_profile"
# Invite permissions
MANAGE_INVITES = "manage_invites"
VIEW_OWN_INVITES = "view_own_invites"
@ -93,6 +96,7 @@ ROLE_DEFINITIONS: dict[str, RoleConfig] = {
Permission.VIEW_COUNTER,
Permission.INCREMENT_COUNTER,
Permission.USE_SUM,
Permission.MANAGE_OWN_PROFILE,
Permission.VIEW_OWN_INVITES,
Permission.BOOK_APPOINTMENT,
Permission.VIEW_OWN_APPOINTMENTS,