Added Roles and Permissions. Some minor UI fixes

2026-02-18 13:12:55 +02:00
parent f54cdd525d
commit dbd15c00f8
31 changed files with 1825 additions and 331 deletions
--- a/backend/melodies/router.py
+++ b/backend/melodies/router.py
@@ -1,7 +1,7 @@
 from fastapi import APIRouter, Depends, UploadFile, File, Query, HTTPException
 from typing import Optional
 from auth.models import TokenPayload
-from auth.dependencies import require_melody_access, require_viewer
+from auth.dependencies import require_permission
 from melodies.models import (
    MelodyCreate, MelodyUpdate, MelodyInDB, MelodyListResponse, MelodyInfo,
 )
@@ -16,7 +16,7 @@ async def list_melodies(
    type: Optional[str] = Query(None),
    tone: Optional[str] = Query(None),
    total_notes: Optional[int] = Query(None),
-    _user: TokenPayload = Depends(require_viewer),
+    _user: TokenPayload = Depends(require_permission("melodies", "view")),
 ):
    melodies = service.list_melodies(
        search=search,
@@ -30,7 +30,7 @@ async def list_melodies(
@router.get("/{melody_id}", response_model=MelodyInDB)
 async def get_melody(
    melody_id: str,
-    _user: TokenPayload = Depends(require_viewer),
+    _user: TokenPayload = Depends(require_permission("melodies", "view")),
 ):
    return service.get_melody(melody_id)

@@ -38,7 +38,7 @@ async def get_melody(
@router.post("", response_model=MelodyInDB, status_code=201)
 async def create_melody(
    body: MelodyCreate,
-    _user: TokenPayload = Depends(require_melody_access),
+    _user: TokenPayload = Depends(require_permission("melodies", "add")),
 ):
    return service.create_melody(body)

@@ -47,7 +47,7 @@ async def create_melody(
 async def update_melody(
    melody_id: str,
    body: MelodyUpdate,
-    _user: TokenPayload = Depends(require_melody_access),
+    _user: TokenPayload = Depends(require_permission("melodies", "edit")),
 ):
    return service.update_melody(melody_id, body)

@@ -55,7 +55,7 @@ async def update_melody(
@router.delete("/{melody_id}", status_code=204)
 async def delete_melody(
    melody_id: str,
-    _user: TokenPayload = Depends(require_melody_access),
+    _user: TokenPayload = Depends(require_permission("melodies", "delete")),
 ):
    service.delete_melody(melody_id)

@@ -65,7 +65,7 @@ async def upload_file(
    melody_id: str,
    file_type: str,
    file: UploadFile = File(...),
-    _user: TokenPayload = Depends(require_melody_access),
+    _user: TokenPayload = Depends(require_permission("melodies", "edit")),
 ):
    """Upload a binary or preview file. file_type must be 'binary' or 'preview'."""
    if file_type not in ("binary", "preview"):
@@ -100,7 +100,7 @@ async def upload_file(
 async def delete_file(
    melody_id: str,
    file_type: str,
-    _user: TokenPayload = Depends(require_melody_access),
+    _user: TokenPayload = Depends(require_permission("melodies", "edit")),
 ):
    """Delete a binary or preview file. file_type must be 'binary' or 'preview'."""
    if file_type not in ("binary", "preview"):
@@ -113,7 +113,7 @@ async def delete_file(
@router.get("/{melody_id}/files")
 async def get_files(
    melody_id: str,
-    _user: TokenPayload = Depends(require_viewer),
+    _user: TokenPayload = Depends(require_permission("melodies", "view")),
 ):
    """Get storage file URLs for a melody."""
    service.get_melody(melody_id)