counterweight/arbret
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor(auth): unify authorization patterns with MANAGE_OWN_PROFILE permission

Browse source 
Issue #2: The profile route used a custom role-based check instead
of the permission-based pattern used everywhere else.

Changes:
- Add MANAGE_OWN_PROFILE permission to backend Permission enum
- Add permission to ROLE_REGULAR role definition
- Update profile routes to use require_permission(MANAGE_OWN_PROFILE)
- Remove custom require_regular_user dependency
- Update frontend Permission constant and profile page
- Update invites page to use permission instead of role check
- Update profile tests with proper permission mocking

This ensures consistent authorization patterns across all routes.
This commit is contained in:
counterweight 2025-12-21 23:50:06 +01:00
parent 81cd34b0e7
commit 21698203fe
Signed by: counterweight
GPG key ID: 883EDBAA726BD96C
7 changed files with 40 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

4
backend/tests/test_profile.py
View file

@ -166,12 +166,12 @@ class TestGetProfileEndpoint:
assert data["nostr_npub"] is None
async def test_admin_user_cannot_access_profile(self, client_factory, admin_user):
"""Admin user gets 403 when trying to access profile."""
"""Admin user gets 403 when trying to access profile (lacks MANAGE_OWN_PROFILE)."""
async with client_factory.create(cookies=admin_user["cookies"]) as client:
response = await client.get("/api/profile")
assert response.status_code == 403
assert "regular users" in response.json()["detail"].lower()
assert "manage_own_profile" in response.json()["detail"].lower()
async def test_unauthenticated_user_gets_401(self, client_factory):
"""Unauthenticated user gets 401."""