review

backend/auth.py

@@ -128,31 +128,6 @@ def require_permission(*required_permissions: Permission):
     return permission_checker
 
 
-def require_any_permission(*required_permissions: Permission):
-    """
-    Dependency factory that checks if user has ANY of the required permissions.
-    
-    Usage:
-        @app.get("/api/resource")
-        async def get_resource(user: User = Depends(require_any_permission(Permission.VIEW, Permission.ADMIN))):
-            ...
-    """
-    async def permission_checker(
-        request: Request,
-        db: AsyncSession = Depends(get_db),
-    ) -> User:
-        user = await get_current_user(request, db)
-        user_permissions = await user.get_permissions(db)
-        
-        if not any(p in user_permissions for p in required_permissions):
-            raise HTTPException(
-                status_code=status.HTTP_403_FORBIDDEN,
-                detail=f"Requires one of: {', '.join(p.value for p in required_permissions)}",
-            )
-        return user
-    return permission_checker
-
-
 async def build_user_response(user: User, db: AsyncSession) -> UserResponse:
     """Build a UserResponse with roles and permissions."""
     permissions = await user.get_permissions(db)