Oliver/ai_qc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ai_qc/backend/client_config.py
nickviljoen 6592c38b0a Add per-user client access control and admin management 
Default-deny access model with admin grant/revoke via new User Access
tab. /api/clients filters by user grants; client-scoped endpoints
enforce access server-side. Admin role and client grants persist in
user_access.json with audit trail in usage logs.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-22 12:33:09 +02:00

129 lines
4.6 KiB
Python
Raw Permalink Blame History

#!/usr/bin/env python3
"""
Client configuration module for managing client-profile relationships
"""
CLIENT_PROFILES = {
'diageo': {
'name': 'Diageo',
'profiles': ['diageo_key_visual', 'diageo_packaging', 'static_general', 'video_general'],
'display_name': 'Diageo',
'description': 'Diageo brand profiles for key visuals and packaging'
},
'unilever': {
'name': 'Unilever',
'profiles': ['unilever_key_visual', 'unilever_packaging', 'static_general', 'video_general'],
'display_name': 'Unilever',
'description': 'Unilever brand profiles for key visuals and packaging'
},
'loreal': {
'name': "L'Oreal",
'profiles': ['loreal_static', 'static_general', 'video_general'],
'display_name': "L'Oreal",
'description': "L'Oreal brand profiles with focused and comprehensive static QC checks"
},
'amazon': {
'name': 'Amazon',
'profiles': ['amazon_static', 'static_general', 'video_general'],
'display_name': 'Amazon',
'description': 'Amazon brand profiles with design guideline QC checks'
},
'boots': {
'name': 'Boots',
'profiles': ['boots_static', 'static_general', 'video_general'],
'display_name': 'Boots',
'description': 'Boots retail promotional artwork compliance checks'
},
'dow_jones': {
'name': 'Dow Jones',
'profiles': ['dow_jones_static', 'marketwatch_static', 'wsj_static', 'static_general', 'video_general'],
'display_name': 'Dow Jones',
'description': 'Dow Jones brand profiles for corporate, MarketWatch, and WSJ sub-brands'
},
'honda': {
'name': 'Honda',
'profiles': ['static_general', 'video_general'],
'display_name': 'Honda',
'description': 'Honda brand profiles for automotive marketing QC checks'
},
'general': {
'name': 'General',
'profiles': ['static_general', 'video_general', 'inclusive_accessibility'],
'display_name': 'General / Other',
'description': 'General purpose profiles and accessibility checks'
}
}
def get_client_profiles(client_id):
"""Get profiles available for a specific client"""
return CLIENT_PROFILES.get(client_id, {}).get('profiles', [])
def get_all_clients():
"""Get all available clients"""
return CLIENT_PROFILES
def validate_client_profile(client_id, profile_id):
"""Validate that a profile belongs to a client"""
client_profiles = get_client_profiles(client_id)
return profile_id in client_profiles
def get_profiles_with_visibility(client_id):
"""
Get all profiles available to a client considering visibility settings
Args:
client_id: Client ID to get profiles for
Returns:
List of profile IDs available to this client
"""
import os
import json
import glob
available_profiles = []
# First, get the profiles assigned to this client in CLIENT_PROFILES
# This is our baseline for backward compatibility
baseline_profiles = get_client_profiles(client_id)
# Get profiles directory
profiles_dir = os.path.join(os.path.dirname(__file__), 'profiles')
profile_files = glob.glob(os.path.join(profiles_dir, '*.json'))
for profile_file in profile_files:
try:
with open(profile_file, 'r') as f:
profile_data = json.load(f)
profile_id = os.path.basename(profile_file).replace('.json', '')
# Check if profile has visibility settings
has_visibility_settings = 'visibility' in profile_data
if has_visibility_settings:
# Use new visibility system if configured
visibility = profile_data.get('visibility', 'all')
visible_to_clients = profile_data.get('visible_to_clients', [])
if visibility == 'all':
available_profiles.append(profile_id)
elif visibility == 'client_specific' and client_id in visible_to_clients:
available_profiles.append(profile_id)
else:
# Fall back to CLIENT_PROFILES mapping for backward compatibility
if profile_id in baseline_profiles:
available_profiles.append(profile_id)
except (json.JSONDecodeError, FileNotFoundError):
continue
return available_profiles
# Admin membership now lives in backend/user_access.json.
# Kept as a thin shim so any older callers keep working.
def is_admin(email):
"""Deprecated — delegates to user_access.is_admin()."""
from user_access import is_admin as _is_admin
return _is_admin(email)
Reference in a new issue View git blame Copy permalink