PowerOn/gateway
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

access rules editor fixed

Browse source
This commit is contained in:
ValueOn AG 2026-01-24 09:58:15 +01:00
parent efc28879c3
commit 4de962d7d6
2 changed files with 32 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
modules/features/trustee/routeFeatureTrustee.py
View file

@ -1280,11 +1280,13 @@ async def getInstanceRole(
mandateId = await _validateInstanceAdmin(instanceId, context) mandateId = await _validateInstanceAdmin(instanceId, context)
rootInterface = getRootInterface() rootInterface = getRootInterface()
role = rootInterface.db.getRecord(Role, roleId) roles = rootInterface.db.getRecordset(Role, recordFilter={"id": roleId})
if not role: if not roles:
raise HTTPException(status_code=404, detail=f"Role {roleId} not found") raise HTTPException(status_code=404, detail=f"Role {roleId} not found")
role = roles[0]
# Verify role belongs to this instance # Verify role belongs to this instance
if role.get("featureInstanceId") != instanceId: if role.get("featureInstanceId") != instanceId:
raise HTTPException(status_code=404, detail=f"Role {roleId} not found in this instance") raise HTTPException(status_code=404, detail=f"Role {roleId} not found in this instance")
@ -1309,8 +1311,8 @@ async def getInstanceRoleRules(
rootInterface = getRootInterface() rootInterface = getRootInterface()
# Verify role belongs to this instance # Verify role belongs to this instance
role = rootInterface.db.getRecord(Role, roleId) roles = rootInterface.db.getRecordset(Role, recordFilter={"id": roleId})
if not role or role.get("featureInstanceId") != instanceId: if not roles or roles[0].get("featureInstanceId") != instanceId:
raise HTTPException(status_code=404, detail=f"Role {roleId} not found in this instance") raise HTTPException(status_code=404, detail=f"Role {roleId} not found in this instance")
# Get AccessRules for this role # Get AccessRules for this role
@ -1343,8 +1345,8 @@ async def createInstanceRoleRule(
rootInterface = getRootInterface() rootInterface = getRootInterface()
# Verify role belongs to this instance # Verify role belongs to this instance
role = rootInterface.db.getRecord(Role, roleId) roles = rootInterface.db.getRecordset(Role, recordFilter={"id": roleId})
if not role or role.get("featureInstanceId") != instanceId: if not roles or roles[0].get("featureInstanceId") != instanceId:
raise HTTPException(status_code=404, detail=f"Role {roleId} not found in this instance") raise HTTPException(status_code=404, detail=f"Role {roleId} not found in this instance")
# Create the rule # Create the rule
@ -1394,13 +1396,13 @@ async def updateInstanceRoleRule(
rootInterface = getRootInterface() rootInterface = getRootInterface()
# Verify role belongs to this instance # Verify role belongs to this instance
role = rootInterface.db.getRecord(Role, roleId) roles = rootInterface.db.getRecordset(Role, recordFilter={"id": roleId})
if not role or role.get("featureInstanceId") != instanceId: if not roles or roles[0].get("featureInstanceId") != instanceId:
raise HTTPException(status_code=404, detail=f"Role {roleId} not found in this instance") raise HTTPException(status_code=404, detail=f"Role {roleId} not found in this instance")
# Verify rule belongs to role # Verify rule belongs to role
existingRule = rootInterface.db.getRecord(AccessRule, ruleId) existingRules = rootInterface.db.getRecordset(AccessRule, recordFilter={"id": ruleId})
if not existingRule or existingRule.get("roleId") != roleId: if not existingRules or existingRules[0].get("roleId") != roleId:
raise HTTPException(status_code=404, detail=f"Rule {ruleId} not found for this role") raise HTTPException(status_code=404, detail=f"Rule {ruleId} not found for this role")
# Update only allowed fields # Update only allowed fields
@ -1445,13 +1447,13 @@ async def deleteInstanceRoleRule(
rootInterface = getRootInterface() rootInterface = getRootInterface()
# Verify role belongs to this instance # Verify role belongs to this instance
role = rootInterface.db.getRecord(Role, roleId) roles = rootInterface.db.getRecordset(Role, recordFilter={"id": roleId})
if not role or role.get("featureInstanceId") != instanceId: if not roles or roles[0].get("featureInstanceId") != instanceId:
raise HTTPException(status_code=404, detail=f"Role {roleId} not found in this instance") raise HTTPException(status_code=404, detail=f"Role {roleId} not found in this instance")
# Verify rule belongs to role # Verify rule belongs to role
existingRule = rootInterface.db.getRecord(AccessRule, ruleId) existingRules = rootInterface.db.getRecordset(AccessRule, recordFilter={"id": ruleId})
if not existingRule or existingRule.get("roleId") != roleId: if not existingRules or existingRules[0].get("roleId") != roleId:
raise HTTPException(status_code=404, detail=f"Rule {ruleId} not found for this role") raise HTTPException(status_code=404, detail=f"Rule {ruleId} not found for this role")
try: try:

28
modules/routes/routeAdminFeatures.py
View file

@ -164,8 +164,8 @@ async def getMyFeatureInstances(
"_mandateId": mandateId # Temporary for grouping "_mandateId": mandateId # Temporary for grouping
} }
# Get user's role in this instance # Get user's roles in this instance (can have multiple)
userRole = _getUserRoleInInstance(rootInterface, str(context.user.id), str(instance.id)) userRoles = _getUserRolesInInstance(rootInterface, str(context.user.id), str(instance.id))
# Get permissions for this instance # Get permissions for this instance
permissions = _getInstancePermissions(rootInterface, str(context.user.id), str(instance.id)) permissions = _getInstancePermissions(rootInterface, str(context.user.id), str(instance.id))
@ -177,7 +177,7 @@ async def getMyFeatureInstances(
"mandateId": mandateId, "mandateId": mandateId,
"mandateName": mandatesMap[mandateId]["name"], "mandateName": mandatesMap[mandateId]["name"],
"instanceLabel": instance.label, "instanceLabel": instance.label,
"userRole": userRole, "userRoles": userRoles,
"permissions": permissions "permissions": permissions
}) })
@ -196,8 +196,8 @@ async def getMyFeatureInstances(
) )
def _getUserRoleInInstance(rootInterface, userId: str, instanceId: str) -> str: def _getUserRolesInInstance(rootInterface, userId: str, instanceId: str) -> List[str]:
"""Get the user's primary role label in a feature instance.""" """Get all role labels for a user in a feature instance."""
try: try:
from modules.datamodels.datamodelRbac import Role from modules.datamodels.datamodelRbac import Role
from modules.datamodels.datamodelMembership import FeatureAccess, FeatureAccessRole from modules.datamodels.datamodelMembership import FeatureAccess, FeatureAccessRole
@ -218,15 +218,19 @@ def _getUserRoleInInstance(rootInterface, userId: str, instanceId: str) -> str:
) )
if featureAccessRoles: if featureAccessRoles:
roleId = featureAccessRoles[0].get("roleId") # Get ALL roles, not just the first one
roles = rootInterface.db.getRecordset(Role, recordFilter={"id": roleId}) roleLabels = []
if roles: for far in featureAccessRoles:
return roles[0].get("roleLabel", "user") roleId = far.get("roleId")
roles = rootInterface.db.getRecordset(Role, recordFilter={"id": roleId})
if roles:
roleLabels.append(roles[0].get("roleLabel", "user"))
return roleLabels if roleLabels else ["user"]
return "user" # Default return ["user"] # Default
except Exception as e: except Exception as e:
logger.debug(f"Error getting user role: {e}") logger.debug(f"Error getting user roles: {e}")
return "user" return ["user"]
def _getInstancePermissions(rootInterface, userId: str, instanceId: str) -> Dict[str, Any]: def _getInstancePermissions(rootInterface, userId: str, instanceId: str) -> Dict[str, Any]: