feat: add FETCH_PRICE permission for manual price fetch endpoint
The POST /api/audit/price-history/fetch endpoint now requires FETCH_PRICE permission instead of VIEW_AUDIT, which is more semantically correct since it's a write operation.
This commit is contained in:
parent
54709888e1
commit
3806361fac
GPG key ID:
883EDBAA726BD96C
4 changed files with 5 additions and 2 deletions
|
|
@ -39,6 +39,7 @@ class Permission(str, PyEnum):
|
|||
|
||||
# Audit permissions
|
||||
VIEW_AUDIT = "view_audit"
|
||||
FETCH_PRICE = "fetch_price"
|
||||
|
||||
# Profile permissions
|
||||
MANAGE_OWN_PROFILE = "manage_own_profile"
|
||||
|
|
@ -84,6 +85,7 @@ ROLE_DEFINITIONS: dict[str, RoleConfig] = {
|
|||
"description": "Administrator with audit/invite/appointment access",
|
||||
"permissions": [
|
||||
Permission.VIEW_AUDIT,
|
||||
Permission.FETCH_PRICE,
|
||||
Permission.MANAGE_INVITES,
|
||||
Permission.MANAGE_AVAILABILITY,
|
||||
Permission.VIEW_ALL_APPOINTMENTS,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue