updated permissions

2025-09-14 21:26:29 +03:00
parent 87938e7459
commit 8a7aa193dc
7 changed files with 957 additions and 794 deletions
--- a/py_app/app/settings.py
+++ b/py_app/app/settings.py
@@ -491,3 +491,116 @@ def reset_role_permissions_handler():
        
    except Exception as e:
        return jsonify({'success': False, 'error': str(e)})
+
+
+def save_all_role_permissions_handler():
+    """Save all role permissions at once"""
+    if not is_superadmin():
+        return jsonify({'success': False, 'error': 'Access denied: Superadmin only.'})
+    
+    try:
+        data = request.get_json()
+        permissions_data = data.get('permissions', {})
+        
+        if not permissions_data:
+            return jsonify({'success': False, 'error': 'No permissions data provided'})
+        
+        conn = get_external_db_connection()
+        cursor = conn.cursor()
+        
+        current_user = session.get('username', 'system')
+        total_updated = 0
+        
+        # Process each role's permissions
+        for role, role_permissions in permissions_data.items():
+            # Clear existing permissions for this role
+            cursor.execute("DELETE FROM role_permissions WHERE role = %s", (role,))
+            
+            # Convert nested permissions to flat permission keys
+            permission_keys = []
+            for page_key, page_perms in role_permissions.items():
+                for section_key, actions in page_perms.items():
+                    for action in actions:
+                        permission_key = f"{page_key}.{section_key}.{action}"
+                        permission_keys.append(permission_key)
+            
+            # Insert new permissions
+            for permission_key in permission_keys:
+                cursor.execute("""
+                    INSERT INTO role_permissions (role, permission_key, granted, granted_by)
+                    VALUES (%s, %s, TRUE, %s)
+                """, (role, permission_key, current_user))
+                total_updated += 1
+            
+            # Log the change
+            cursor.execute("""
+                INSERT INTO permission_audit_log (role, permission_key, action, changed_by, reason)
+                VALUES (%s, %s, 'bulk_update', %s, %s)
+            """, (role, f"Updated {len(permission_keys)} permissions", current_user, "Bulk permission update"))
+        
+        conn.commit()
+        conn.close()
+        
+        # Clear permission cache since permissions changed
+        clear_permission_cache()
+        
+        return jsonify({
+            'success': True, 
+            'message': f'Successfully updated {total_updated} permissions across {len(permissions_data)} roles'
+        })
+        
+    except Exception as e:
+        return jsonify({'success': False, 'error': str(e)})
+
+
+def reset_all_role_permissions_handler():
+    """Reset all role permissions to defaults"""
+    if not is_superadmin():
+        return jsonify({'success': False, 'error': 'Access denied: Superadmin only.'})
+    
+    try:
+        # Get all roles
+        conn = get_external_db_connection()
+        cursor = conn.cursor()
+        
+        cursor.execute("SELECT role_name FROM role_hierarchy")
+        roles = [row[0] for row in cursor.fetchall()]
+        
+        current_user = session.get('username', 'system')
+        total_reset = 0
+        
+        # Reset each role to defaults
+        for role in roles:
+            # Clear existing permissions
+            cursor.execute("DELETE FROM role_permissions WHERE role = %s", (role,))
+            
+            # Get default permissions for the role
+            default_permissions = get_default_permissions_for_role(role)
+            
+            # Add default permissions
+            for permission_key in default_permissions:
+                cursor.execute("""
+                    INSERT INTO role_permissions (role, permission_key, granted, granted_by)
+                    VALUES (%s, %s, TRUE, %s)
+                """, (role, permission_key, current_user))
+                total_reset += 1
+            
+            # Log the change
+            cursor.execute("""
+                INSERT INTO permission_audit_log (role, permission_key, action, changed_by, reason)
+                VALUES (%s, %s, 'reset_all_defaults', %s, %s)
+            """, (role, f"Reset {len(default_permissions)} permissions", current_user, "Reset all to default permissions"))
+        
+        conn.commit()
+        conn.close()
+        
+        # Clear permission cache since permissions changed
+        clear_permission_cache()
+        
+        return jsonify({
+            'success': True, 
+            'message': f'Successfully reset {total_reset} permissions across {len(roles)} roles to defaults'
+        })
+        
+    except Exception as e:
+        return jsonify({'success': False, 'error': str(e)})