PowerOn/gateway
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

access rules editor fixed

Browse source
This commit is contained in:
ValueOn AG 2026-01-24 09:58:15 +01:00
parent efc28879c3
commit 4de962d7d6
2 changed files with 32 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
modules/features/trustee/routeFeatureTrustee.py
View file

@ -1280,11 +1280,13 @@ async def getInstanceRole(
mandateId = await _validateInstanceAdmin(instanceId, context)
rootInterface = getRootInterface()
role = rootInterface.db.getRecord(Role, roleId)
roles = rootInterface.db.getRecordset(Role, recordFilter={"id": roleId})
if not role:
if not roles:
raise HTTPException(status_code=404, detail=f"Role {roleId} not found")
role = roles[0]
# Verify role belongs to this instance
if role.get("featureInstanceId") != instanceId:
raise HTTPException(status_code=404, detail=f"Role {roleId} not found in this instance")
@ -1309,8 +1311,8 @@ async def getInstanceRoleRules(
rootInterface = getRootInterface()
# Verify role belongs to this instance
role = rootInterface.db.getRecord(Role, roleId)
if not role or role.get("featureInstanceId") != instanceId:
roles = rootInterface.db.getRecordset(Role, recordFilter={"id": roleId})
if not roles or roles[0].get("featureInstanceId") != instanceId:
raise HTTPException(status_code=404, detail=f"Role {roleId} not found in this instance")
# Get AccessRules for this role
@ -1343,8 +1345,8 @@ async def createInstanceRoleRule(
rootInterface = getRootInterface()
# Verify role belongs to this instance
role = rootInterface.db.getRecord(Role, roleId)
if not role or role.get("featureInstanceId") != instanceId:
roles = rootInterface.db.getRecordset(Role, recordFilter={"id": roleId})
if not roles or roles[0].get("featureInstanceId") != instanceId:
raise HTTPException(status_code=404, detail=f"Role {roleId} not found in this instance")
# Create the rule
@ -1394,13 +1396,13 @@ async def updateInstanceRoleRule(
rootInterface = getRootInterface()
# Verify role belongs to this instance
role = rootInterface.db.getRecord(Role, roleId)
if not role or role.get("featureInstanceId") != instanceId:
roles = rootInterface.db.getRecordset(Role, recordFilter={"id": roleId})
if not roles or roles[0].get("featureInstanceId") != instanceId:
raise HTTPException(status_code=404, detail=f"Role {roleId} not found in this instance")
# Verify rule belongs to role
existingRule = rootInterface.db.getRecord(AccessRule, ruleId)
if not existingRule or existingRule.get("roleId") != roleId:
existingRules = rootInterface.db.getRecordset(AccessRule, recordFilter={"id": ruleId})
if not existingRules or existingRules[0].get("roleId") != roleId:
raise HTTPException(status_code=404, detail=f"Rule {ruleId} not found for this role")
# Update only allowed fields
@ -1445,13 +1447,13 @@ async def deleteInstanceRoleRule(
rootInterface = getRootInterface()
# Verify role belongs to this instance
role = rootInterface.db.getRecord(Role, roleId)
if not role or role.get("featureInstanceId") != instanceId:
roles = rootInterface.db.getRecordset(Role, recordFilter={"id": roleId})
if not roles or roles[0].get("featureInstanceId") != instanceId:
raise HTTPException(status_code=404, detail=f"Role {roleId} not found in this instance")
# Verify rule belongs to role
existingRule = rootInterface.db.getRecord(AccessRule, ruleId)
if not existingRule or existingRule.get("roleId") != roleId:
existingRules = rootInterface.db.getRecordset(AccessRule, recordFilter={"id": ruleId})
if not existingRules or existingRules[0].get("roleId") != roleId:
raise HTTPException(status_code=404, detail=f"Rule {ruleId} not found for this role")
try:

28
modules/routes/routeAdminFeatures.py
View file

@ -164,8 +164,8 @@ async def getMyFeatureInstances(
"_mandateId": mandateId # Temporary for grouping
}
# Get user's role in this instance
userRole = _getUserRoleInInstance(rootInterface, str(context.user.id), str(instance.id))
# Get user's roles in this instance (can have multiple)
userRoles = _getUserRolesInInstance(rootInterface, str(context.user.id), str(instance.id))
# Get permissions for this instance
permissions = _getInstancePermissions(rootInterface, str(context.user.id), str(instance.id))
@ -177,7 +177,7 @@ async def getMyFeatureInstances(
"mandateId": mandateId,
"mandateName": mandatesMap[mandateId]["name"],
"instanceLabel": instance.label,
"userRole": userRole,
"userRoles": userRoles,
"permissions": permissions
})
@ -196,8 +196,8 @@ async def getMyFeatureInstances(
)
def _getUserRoleInInstance(rootInterface, userId: str, instanceId: str) -> str:
"""Get the user's primary role label in a feature instance."""
def _getUserRolesInInstance(rootInterface, userId: str, instanceId: str) -> List[str]:
"""Get all role labels for a user in a feature instance."""
try:
from modules.datamodels.datamodelRbac import Role
from modules.datamodels.datamodelMembership import FeatureAccess, FeatureAccessRole
@ -218,15 +218,19 @@ def _getUserRoleInInstance(rootInterface, userId: str, instanceId: str) -> str:
)
if featureAccessRoles:
roleId = featureAccessRoles[0].get("roleId")
roles = rootInterface.db.getRecordset(Role, recordFilter={"id": roleId})
if roles:
return roles[0].get("roleLabel", "user")
# Get ALL roles, not just the first one
roleLabels = []
for far in featureAccessRoles:
roleId = far.get("roleId")
roles = rootInterface.db.getRecordset(Role, recordFilter={"id": roleId})
if roles:
roleLabels.append(roles[0].get("roleLabel", "user"))
return roleLabels if roleLabels else ["user"]
return "user" # Default
return ["user"] # Default
except Exception as e:
logger.debug(f"Error getting user role: {e}")
return "user"
logger.debug(f"Error getting user roles: {e}")
return ["user"]
def _getInstancePermissions(rootInterface, userId: str, instanceId: str) -> Dict[str, Any]: