Oliver/ppt-tool
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ppt-tool/backend/api/middlewares/rbac_middleware.py
Vadym Samoilenko cf21ba4516 Phase 1-2: Foundation + Admin Panel & Client Management 
Phase 1 (Foundation):
- Project restructure (presenton-main → backend/ + frontend/)
- Database schema (8 new models, Alembic config, seed script)
- Auth (Azure AD SSO + dev bypass, JWT sessions, AuthMiddleware)
- RBAC (access_service, rbac_middleware, admin routers)
- Audit logging (fire-and-forget, AuditMiddleware, admin router)
- i18n (react-i18next with 5 namespace files)

Phase 2 (Admin Panel & Client Management):
- Admin panel shell (sidebar layout, role guard, 12 pages)
- Redux admin slice with 18 async thunks
- User management (role changes, deactivation)
- Client management (CRUD, brand config, team management)
- Brand config editor (colors, fonts, logos, voice rules)
- Master deck upload & parser (PPTX → HTML → React pipeline)
- Audit log viewer with filters and CSV/JSON export

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-26 15:37:17 +00:00

32 lines
1.2 KiB
Python
Raw Blame History

"""RBAC helper functions for checking client/team access."""
import uuid
from fastapi import HTTPException
from sqlalchemy.ext.asyncio import AsyncSession
from models.sql.user import UserModel
from services.access_service import get_accessible_client_ids
async def check_client_access(
user: UserModel, client_id: uuid.UUID, session: AsyncSession
) -> None:
"""Raise 403 if user cannot access the given client."""
if user.role == "super_admin":
return
accessible = await get_accessible_client_ids(user, session)
if client_id not in accessible:
raise HTTPException(status_code=403, detail="Access denied to this client")
async def check_team_admin(
user: UserModel, client_id: uuid.UUID, session: AsyncSession
) -> None:
"""Raise 403 if user is not an admin for the given client's scope."""
if user.role == "super_admin":
return
if user.role != "client_admin":
raise HTTPException(status_code=403, detail="Admin access required")
accessible = await get_accessible_client_ids(user, session)
if client_id not in accessible:
raise HTTPException(status_code=403, detail="Access denied to this client")
Reference in a new issue View git blame Copy permalink