Added Roles and Permissions. Some minor UI fixes

2026-02-18 13:12:55 +02:00
parent f54cdd525d
commit dbd15c00f8
31 changed files with 1825 additions and 331 deletions
--- a/backend/devices/router.py
+++ b/backend/devices/router.py
@@ -1,7 +1,7 @@
 from fastapi import APIRouter, Depends, Query
 from typing import Optional
 from auth.models import TokenPayload
-from auth.dependencies import require_device_access, require_viewer
+from auth.dependencies import require_permission
 from devices.models import (
    DeviceCreate, DeviceUpdate, DeviceInDB, DeviceListResponse,
    DeviceUsersResponse, DeviceUserInfo,
@@ -16,7 +16,7 @@ async def list_devices(
    search: Optional[str] = Query(None),
    online: Optional[bool] = Query(None),
    tier: Optional[str] = Query(None),
-    _user: TokenPayload = Depends(require_viewer),
+    _user: TokenPayload = Depends(require_permission("devices", "view")),
 ):
    devices = service.list_devices(
        search=search,
@@ -29,7 +29,7 @@ async def list_devices(
@router.get("/{device_id}", response_model=DeviceInDB)
 async def get_device(
    device_id: str,
-    _user: TokenPayload = Depends(require_viewer),
+    _user: TokenPayload = Depends(require_permission("devices", "view")),
 ):
    return service.get_device(device_id)

@@ -37,7 +37,7 @@ async def get_device(
@router.get("/{device_id}/users", response_model=DeviceUsersResponse)
 async def get_device_users(
    device_id: str,
-    _user: TokenPayload = Depends(require_viewer),
+    _user: TokenPayload = Depends(require_permission("devices", "view")),
 ):
    users_data = service.get_device_users(device_id)
    users = [DeviceUserInfo(**u) for u in users_data]
@@ -47,7 +47,7 @@ async def get_device_users(
@router.post("", response_model=DeviceInDB, status_code=201)
 async def create_device(
    body: DeviceCreate,
-    _user: TokenPayload = Depends(require_device_access),
+    _user: TokenPayload = Depends(require_permission("devices", "add")),
 ):
    return service.create_device(body)

@@ -56,7 +56,7 @@ async def create_device(
 async def update_device(
    device_id: str,
    body: DeviceUpdate,
-    _user: TokenPayload = Depends(require_device_access),
+    _user: TokenPayload = Depends(require_permission("devices", "edit")),
 ):
    return service.update_device(device_id, body)

@@ -64,6 +64,6 @@ async def update_device(
@router.delete("/{device_id}", status_code=204)
 async def delete_device(
    device_id: str,
-    _user: TokenPayload = Depends(require_device_access),
+    _user: TokenPayload = Depends(require_permission("devices", "delete")),
 ):
    service.delete_device(device_id)