fix: grant full permissions to MANAGER+ roles in get_or_create
Some checks are pending
NordaBiz Tests / Unit & Integration Tests (push) Waiting to run
NordaBiz Tests / E2E Tests (Playwright) (push) Blocked by required conditions
NordaBiz Tests / Smoke Tests (Production) (push) Blocked by required conditions
NordaBiz Tests / Send Failure Notification (push) Blocked by required conditions
Some checks are pending
NordaBiz Tests / Unit & Integration Tests (push) Waiting to run
NordaBiz Tests / E2E Tests (Playwright) (push) Blocked by required conditions
NordaBiz Tests / Smoke Tests (Production) (push) Blocked by required conditions
NordaBiz Tests / Send Failure Notification (push) Blocked by required conditions
Previously all new permission records had contacts/social/analytics disabled by default regardless of role. Now MANAGER+ users get full permissions automatically. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
parent
893ccf7551
commit
01f2a29f0b
@ -343,20 +343,10 @@ def admin_users_change_role():
|
||||
|
||||
# Note: company_role is now managed independently via change-company-role endpoint
|
||||
|
||||
# Create default permissions for EMPLOYEE if they have a company
|
||||
# Create default permissions if user has a company
|
||||
if new_role == 'EMPLOYEE' and user.company_id:
|
||||
existing_perms = db.query(UserCompanyPermissions).filter_by(
|
||||
user_id=user.id,
|
||||
company_id=user.company_id
|
||||
).first()
|
||||
|
||||
if not existing_perms:
|
||||
perms = UserCompanyPermissions(
|
||||
user_id=user.id,
|
||||
company_id=user.company_id,
|
||||
granted_by_id=current_user.id
|
||||
)
|
||||
db.add(perms)
|
||||
perms = UserCompanyPermissions.get_or_create(db, user.id, user.company_id)
|
||||
perms.granted_by_id = current_user.id
|
||||
|
||||
db.commit()
|
||||
|
||||
|
||||
21
database.py
21
database.py
@ -613,14 +613,31 @@ class UserCompanyPermissions(Base):
|
||||
|
||||
@classmethod
|
||||
def get_or_create(cls, session, user_id: int, company_id: int) -> 'UserCompanyPermissions':
|
||||
"""Get existing permissions or create default ones."""
|
||||
"""Get existing permissions or create default ones.
|
||||
|
||||
MANAGER+ roles get full permissions automatically.
|
||||
EMPLOYEE gets restricted defaults (no contacts/social/analytics).
|
||||
"""
|
||||
perms = session.query(cls).filter_by(
|
||||
user_id=user_id,
|
||||
company_id=company_id
|
||||
).first()
|
||||
|
||||
if not perms:
|
||||
perms = cls(user_id=user_id, company_id=company_id)
|
||||
# Check if user has MANAGER+ role → grant full permissions
|
||||
user = session.query(User).filter_by(id=user_id).first()
|
||||
is_manager = False
|
||||
if user:
|
||||
role = user.get_company_role(company_id) if company_id else user.company_role_enum
|
||||
is_manager = role >= CompanyRole.MANAGER
|
||||
|
||||
perms = cls(
|
||||
user_id=user_id,
|
||||
company_id=company_id,
|
||||
can_edit_contacts=is_manager,
|
||||
can_edit_social=is_manager,
|
||||
can_view_analytics=is_manager,
|
||||
)
|
||||
session.add(perms)
|
||||
session.flush()
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user