feat(realestate): RBAC catalog, template roles sync, instance role access rules
This commit is contained in:
Stephan Schellworth
parent
c2f2ed3b14
commit
3ff3cfd51c
2 changed files with 6 additions and 15 deletions
11
app.py
11
app.py
|
|
@ -286,16 +286,6 @@ instanceLabel = APP_CONFIG.get("APP_ENV_LABEL")
|
||||||
async def lifespan(app: FastAPI):
|
async def lifespan(app: FastAPI):
|
||||||
logger.info("Application is starting up")
|
logger.info("Application is starting up")
|
||||||
|
|
||||||
<<<<<<< HEAD
|
|
||||||
# --- Register RBAC catalog for features (moved here from loadFeatureRouters for single-pass loading) ---
|
|
||||||
try:
|
|
||||||
from modules.security.rbacCatalog import getCatalogService
|
|
||||||
from modules.system.registry import registerAllFeaturesInCatalog
|
|
||||||
catalogService = getCatalogService()
|
|
||||||
registerAllFeaturesInCatalog(catalogService)
|
|
||||||
except Exception as e:
|
|
||||||
logger.warning(f"Could not register feature RBAC catalog: {e}")
|
|
||||||
=======
|
|
||||||
# Bootstrap database if needed (creates initial users, mandates, roles, etc.)
|
# Bootstrap database if needed (creates initial users, mandates, roles, etc.)
|
||||||
# This must happen before getting root interface
|
# This must happen before getting root interface
|
||||||
from modules.security.rootAccess import getRootDbAppConnector
|
from modules.security.rootAccess import getRootDbAppConnector
|
||||||
|
|
@ -306,7 +296,6 @@ async def lifespan(app: FastAPI):
|
||||||
logger.info("Bootstrap check completed")
|
logger.info("Bootstrap check completed")
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
logger.warning(f"Bootstrap check failed (may already be initialized): {str(e)}")
|
logger.warning(f"Bootstrap check failed (may already be initialized): {str(e)}")
|
||||||
>>>>>>> f6f41e2 (feat: extract bzo information)
|
|
||||||
|
|
||||||
# Get event user for feature lifecycle (system-level user for background operations)
|
# Get event user for feature lifecycle (system-level user for background operations)
|
||||||
rootInterface = getRootInterface()
|
rootInterface = getRootInterface()
|
||||||
|
|
|
||||||
|
|
@ -165,11 +165,13 @@ def _syncTemplateRolesToDb() -> int:
|
||||||
from modules.datamodels.datamodelRbac import Role, AccessRule, AccessRuleContext
|
from modules.datamodels.datamodelRbac import Role, AccessRule, AccessRuleContext
|
||||||
|
|
||||||
rootInterface = getRootInterface()
|
rootInterface = getRootInterface()
|
||||||
|
db = rootInterface.db
|
||||||
|
|
||||||
# Get existing template roles (Pydantic models)
|
existingRoles = db.getRecordset(
|
||||||
existingRoles = rootInterface.getRolesByFeatureCode(FEATURE_CODE)
|
Role,
|
||||||
templateRoles = [r for r in existingRoles if r.mandateId is None]
|
recordFilter={"featureCode": FEATURE_CODE, "mandateId": None}
|
||||||
existingRoleLabels = {r.roleLabel: str(r.id) for r in templateRoles}
|
)
|
||||||
|
existingRoleLabels = {r.get("roleLabel"): r.get("id") for r in existingRoles}
|
||||||
|
|
||||||
createdCount = 0
|
createdCount = 0
|
||||||
for roleTemplate in TEMPLATE_ROLES:
|
for roleTemplate in TEMPLATE_ROLES:
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue