""" Script to update admin endpoints with permission checks Replaces get_current_admin_user with require_permission calls """ import re # Mapping of endpoint patterns to permissions ENDPOINT_PERMISSIONS = { # Calendar r'POST /admin/calendar/sync': 'events.edit', r'DELETE /admin/calendar/unsync': 'events.edit', # Event Gallery r'POST /admin/events/\{event_id\}/gallery': 'gallery.upload', r'DELETE /admin/event-gallery': 'gallery.delete', r'PUT /admin/event-gallery': 'gallery.edit', # Storage r'GET /admin/storage/usage': 'settings.storage', r'GET /admin/storage/breakdown': 'settings.storage', # User Management (remaining) r'PUT /admin/users/\{user_id\}/reset-password': 'users.reset_password', r'POST /admin/users/\{user_id\}/resend-verification': 'users.resend_verification', # Events r'POST /admin/events(?!/)': 'events.create', # Not followed by / r'PUT /admin/events/\{event_id\}': 'events.edit', r'GET /admin/events/\{event_id\}/rsvps': 'events.rsvps', r'PUT /admin/events/\{event_id\}/attendance': 'events.attendance', r'GET /admin/events(?!/)': 'events.view', # Not followed by / r'DELETE /admin/events': 'events.delete', # Subscriptions r'GET /admin/subscriptions/plans(?!/)': 'subscriptions.view', r'GET /admin/subscriptions/plans/\{plan_id\}': 'subscriptions.view', r'POST /admin/subscriptions/plans': 'subscriptions.plans', r'PUT /admin/subscriptions/plans': 'subscriptions.plans', r'DELETE /admin/subscriptions/plans': 'subscriptions.plans', r'GET /admin/subscriptions/stats': 'subscriptions.view', r'GET /admin/subscriptions(?!/)': 'subscriptions.view', r'PUT /admin/subscriptions/\{subscription_id\}': 'subscriptions.edit', r'POST /admin/subscriptions/\{subscription_id\}/cancel': 'subscriptions.cancel', # Newsletters r'POST /admin/newsletters': 'newsletters.create', r'PUT /admin/newsletters': 'newsletters.edit', r'DELETE /admin/newsletters': 'newsletters.delete', # Financials r'POST /admin/financials': 'financials.create', r'PUT /admin/financials': 'financials.edit', r'DELETE /admin/financials': 'financials.delete', # Bylaws r'POST /admin/bylaws': 'bylaws.create', r'PUT /admin/bylaws': 'bylaws.edit', r'DELETE /admin/bylaws': 'bylaws.delete', } def update_server_file(): """Read server.py, update permissions, write back""" with open('server.py', 'r') as f: content = f.read() # Track changes changes_made = 0 # Find all admin endpoints that still use get_current_admin_user pattern = r'(@api_router\.(get|post|put|delete)\("(/admin/[^"]+)"\)[^@]+?)current_user: User = Depends\(get_current_admin_user\)' def replace_permission(match): nonlocal changes_made full_match = match.group(0) method = match.group(2).upper() route = match.group(3) endpoint_pattern = f'{method} {route}' # Find matching permission permission = None for pattern_key, perm_value in ENDPOINT_PERMISSIONS.items(): if re.search(pattern_key, endpoint_pattern): permission = perm_value break if permission: changes_made += 1 replacement = full_match.replace( 'current_user: User = Depends(get_current_admin_user)', f'current_user: User = Depends(require_permission("{permission}"))' ) print(f'✓ Updated {endpoint_pattern} → {permission}') return replacement else: print(f'⚠ No permission mapping for: {endpoint_pattern}') return full_match # Perform replacements new_content = re.sub(pattern, replace_permission, content, flags=re.DOTALL) if changes_made > 0: with open('server.py', 'w') as f: f.write(new_content) print(f'\n✅ Updated {changes_made} endpoints with permission checks') else: print('\n⚠ No changes made') return changes_made if __name__ == '__main__': print('🔧 Updating admin endpoints with permission checks...\n') changes = update_server_file() print(f'\nDone! Updated {changes} endpoints.')