ske087/quality_recticel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
87469ecb8ea317626f61dfe0ede9f07a50a5cba2
quality_recticel/py_app/app/permissions_simple.py
Quality System Admin 87469ecb8e starting daily mirror
2025-10-25 02:15:54 +03:00

240 lines
8.5 KiB
Python
Raw Blame History

"""
Simplified 4-Tier Role-Based Access Control System
Clear hierarchy: Superadmin → Admin → Manager → Worker
Module-based permissions: Quality, Labels, Warehouse
"""
# APPLICATION MODULES
MODULES = {
'quality': {
'name': 'Quality Control',
'scan_pages': ['quality', 'fg_quality'],
'management_pages': ['quality_reports', 'quality_settings'],
'worker_access': ['scan_only'] # Workers can only scan, no reports
},
'labels': {
'name': 'Label Management',
'scan_pages': ['label_scan'],
'management_pages': ['label_creation', 'label_reports'],
'worker_access': ['scan_only']
},
'warehouse': {
'name': 'Warehouse Management',
'scan_pages': ['move_orders'],
'management_pages': ['create_locations', 'warehouse_reports', 'inventory_management'],
'worker_access': ['move_orders_only'] # Workers can move orders but not create locations
},
'daily_mirror': {
'name': 'Daily Mirror',
'scan_pages': [], # No scanning, purely reporting/analytics
'management_pages': ['daily_mirror_main', 'daily_mirror_report', 'daily_mirror_history', 'daily_mirror_analytics'],
'worker_access': ['view_only'], # Workers can view daily reports but cannot generate or export
'description': 'Business Intelligence and Production Reporting Module'
}
}
# 4-TIER ROLE STRUCTURE
ROLES = {
'superadmin': {
'name': 'Super Administrator',
'level': 100,
'description': 'Full system access - complete control over all modules and system settings',
'access': {
'all_modules': True,
'all_pages': True,
'restricted_pages': [] # No restrictions
}
},
'admin': {
'name': 'Administrator',
'level': 90,
'description': 'Full app access except role permissions and extension download',
'access': {
'all_modules': True,
'all_pages': True,
'restricted_pages': ['role_permissions', 'download_extension']
}
},
'manager': {
'name': 'Manager',
'level': 70,
'description': 'Complete module access - can manage one or more modules (quality/labels/warehouse)',
'access': {
'all_modules': False, # Only assigned modules
'module_access': 'full', # Full access to assigned modules
'can_cumulate': True, # Can have multiple modules
'restricted_pages': ['role_permissions', 'download_extension', 'system_settings']
}
},
'worker': {
'name': 'Worker',
'level': 50,
'description': 'Limited module access - can perform basic operations in assigned modules',
'access': {
'all_modules': False, # Only assigned modules
'module_access': 'limited', # Limited access (scan pages only)
'can_cumulate': True, # Can have multiple modules
'restricted_pages': ['role_permissions', 'download_extension', 'system_settings', 'reports']
}
}
}
# PAGE ACCESS RULES
PAGE_ACCESS = {
# System pages accessible by role level
'dashboard': {'min_level': 50, 'modules': []},
'settings': {'min_level': 90, 'modules': []},
'role_permissions': {'min_level': 100, 'modules': []}, # Superadmin only
'download_extension': {'min_level': 100, 'modules': []}, # Superadmin only
# Quality module pages
'quality': {'min_level': 50, 'modules': ['quality']},
'fg_quality': {'min_level': 50, 'modules': ['quality']},
'quality_reports': {'min_level': 70, 'modules': ['quality']}, # Manager+ only
'reports': {'min_level': 70, 'modules': ['quality']}, # Manager+ only for quality reports
# Warehouse module pages
'warehouse': {'min_level': 50, 'modules': ['warehouse']},
'move_orders': {'min_level': 50, 'modules': ['warehouse']},
'create_locations': {'min_level': 70, 'modules': ['warehouse']}, # Manager+ only
'warehouse_reports': {'min_level': 70, 'modules': ['warehouse']}, # Manager+ only
# Labels module pages
'labels': {'min_level': 50, 'modules': ['labels']},
'label_scan': {'min_level': 50, 'modules': ['labels']},
'label_creation': {'min_level': 70, 'modules': ['labels']}, # Manager+ only
'label_reports': {'min_level': 70, 'modules': ['labels']}, # Manager+ only
# Daily Mirror module pages
'daily_mirror_main': {'min_level': 70, 'modules': ['daily_mirror']}, # Manager+ only
'daily_mirror_report': {'min_level': 70, 'modules': ['daily_mirror']}, # Manager+ only
'daily_mirror_history': {'min_level': 70, 'modules': ['daily_mirror']}, # Manager+ only
'daily_mirror_analytics': {'min_level': 90, 'modules': ['daily_mirror']}, # Admin+ only for advanced analytics
'daily_mirror': {'min_level': 70, 'modules': ['daily_mirror']} # Legacy route support
}
def check_access(user_role, user_modules, page):
"""
Simple access check for the 4-tier system
Args:
user_role (str): User's role (superadmin, admin, manager, worker)
user_modules (list): User's assigned modules ['quality', 'warehouse']
page (str): Page being accessed
Returns:
bool: True if access granted, False otherwise
"""
if user_role not in ROLES:
return False
user_level = ROLES[user_role]['level']
# Check if page exists in our access rules
if page not in PAGE_ACCESS:
return False
page_config = PAGE_ACCESS[page]
# Check minimum level requirement
if user_level < page_config['min_level']:
return False
# Check restricted pages for this role
if page in ROLES[user_role]['access']['restricted_pages']:
return False
# Check module requirements
required_modules = page_config['modules']
if required_modules:
# Page requires specific modules
# Superadmin and admin have access to all modules by default
if ROLES[user_role]['access']['all_modules']:
return True
# Other roles need to have the required module assigned
if not any(module in user_modules for module in required_modules):
return False
return True
def get_user_accessible_pages(user_role, user_modules):
"""
Get list of pages accessible to a user
Args:
user_role (str): User's role
user_modules (list): User's assigned modules
Returns:
list: List of accessible page names
"""
accessible_pages = []
for page in PAGE_ACCESS.keys():
if check_access(user_role, user_modules, page):
accessible_pages.append(page)
return accessible_pages
def validate_user_modules(user_role, user_modules):
"""
Validate that user's module assignment is valid for their role
Args:
user_role (str): User's role
user_modules (list): User's assigned modules
Returns:
tuple: (is_valid, error_message)
"""
if user_role not in ROLES:
return False, "Invalid role"
role_config = ROLES[user_role]
# Superadmin and admin have access to all modules by default
if role_config['access']['all_modules']:
return True, ""
# Manager can have multiple modules
if user_role == 'manager':
if not user_modules:
return False, "Managers must have at least one module assigned"
valid_modules = list(MODULES.keys())
for module in user_modules:
if module not in valid_modules:
return False, f"Invalid module: {module}"
return True, ""
# Worker can have multiple modules now
if user_role == 'worker':
if not user_modules:
return False, "Workers must have at least one module assigned"
valid_modules = list(MODULES.keys())
for module in user_modules:
if module not in valid_modules:
return False, f"Invalid module: {module}"
return True, ""
return True, ""
def get_role_description(role):
"""Get human-readable role description"""
return ROLES.get(role, {}).get('description', 'Unknown role')
def get_available_modules():
"""Get list of available modules"""
return list(MODULES.keys())
def can_access_reports(user_role, user_modules, module):
"""
Check if user can access reports for a specific module
Worker level users cannot access reports
"""
if user_role == 'worker':
return False
if module in user_modules or ROLES[user_role]['access']['all_modules']:
return True
return False
Reference in New Issue View Git Blame Copy Permalink