andika/membership-be
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ed5526e27b5d1517ed889b355706c2df5c6187b5
membership-be/update_permissions.py
Koncept Kit ed5526e27b RBAC, Permissions, and Export/Import
2025-12-16 20:03:50 +07:00

116 lines
4.2 KiB
Python
Raw Blame History

"""
Script to update admin endpoints with permission checks
Replaces get_current_admin_user with require_permission calls
"""
import re
# Mapping of endpoint patterns to permissions
ENDPOINT_PERMISSIONS = {
# Calendar
r'POST /admin/calendar/sync': 'events.edit',
r'DELETE /admin/calendar/unsync': 'events.edit',
# Event Gallery
r'POST /admin/events/\{event_id\}/gallery': 'gallery.upload',
r'DELETE /admin/event-gallery': 'gallery.delete',
r'PUT /admin/event-gallery': 'gallery.edit',
# Storage
r'GET /admin/storage/usage': 'settings.storage',
r'GET /admin/storage/breakdown': 'settings.storage',
# User Management (remaining)
r'PUT /admin/users/\{user_id\}/reset-password': 'users.reset_password',
r'POST /admin/users/\{user_id\}/resend-verification': 'users.resend_verification',
# Events
r'POST /admin/events(?!/)': 'events.create', # Not followed by /
r'PUT /admin/events/\{event_id\}': 'events.edit',
r'GET /admin/events/\{event_id\}/rsvps': 'events.rsvps',
r'PUT /admin/events/\{event_id\}/attendance': 'events.attendance',
r'GET /admin/events(?!/)': 'events.view', # Not followed by /
r'DELETE /admin/events': 'events.delete',
# Subscriptions
r'GET /admin/subscriptions/plans(?!/)': 'subscriptions.view',
r'GET /admin/subscriptions/plans/\{plan_id\}': 'subscriptions.view',
r'POST /admin/subscriptions/plans': 'subscriptions.plans',
r'PUT /admin/subscriptions/plans': 'subscriptions.plans',
r'DELETE /admin/subscriptions/plans': 'subscriptions.plans',
r'GET /admin/subscriptions/stats': 'subscriptions.view',
r'GET /admin/subscriptions(?!/)': 'subscriptions.view',
r'PUT /admin/subscriptions/\{subscription_id\}': 'subscriptions.edit',
r'POST /admin/subscriptions/\{subscription_id\}/cancel': 'subscriptions.cancel',
# Newsletters
r'POST /admin/newsletters': 'newsletters.create',
r'PUT /admin/newsletters': 'newsletters.edit',
r'DELETE /admin/newsletters': 'newsletters.delete',
# Financials
r'POST /admin/financials': 'financials.create',
r'PUT /admin/financials': 'financials.edit',
r'DELETE /admin/financials': 'financials.delete',
# Bylaws
r'POST /admin/bylaws': 'bylaws.create',
r'PUT /admin/bylaws': 'bylaws.edit',
r'DELETE /admin/bylaws': 'bylaws.delete',
}
def update_server_file():
"""Read server.py, update permissions, write back"""
with open('server.py', 'r') as f:
content = f.read()
# Track changes
changes_made = 0
# Find all admin endpoints that still use get_current_admin_user
pattern = r'(@api_router\.(get|post|put|delete)\("(/admin/[^"]+)"\)[^@]+?)current_user: User = Depends\(get_current_admin_user\)'
def replace_permission(match):
nonlocal changes_made
full_match = match.group(0)
method = match.group(2).upper()
route = match.group(3)
endpoint_pattern = f'{method} {route}'
# Find matching permission
permission = None
for pattern_key, perm_value in ENDPOINT_PERMISSIONS.items():
if re.search(pattern_key, endpoint_pattern):
permission = perm_value
break
if permission:
changes_made += 1
replacement = full_match.replace(
'current_user: User = Depends(get_current_admin_user)',
f'current_user: User = Depends(require_permission("{permission}"))'
)
print(f'✓ Updated {endpoint_pattern}{permission}')
return replacement
else:
print(f'⚠ No permission mapping for: {endpoint_pattern}')
return full_match
# Perform replacements
new_content = re.sub(pattern, replace_permission, content, flags=re.DOTALL)
if changes_made > 0:
with open('server.py', 'w') as f:
f.write(new_content)
print(f'\n✅ Updated {changes_made} endpoints with permission checks')
else:
print('\n⚠ No changes made')
return changes_made
if __name__ == '__main__':
print('🔧 Updating admin endpoints with permission checks...\n')
changes = update_server_file()
print(f'\nDone! Updated {changes} endpoints.')
Reference in New Issue View Git Blame Copy Permalink