chris/mkt.ose.tw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
Chris
2026-03-23 20:23:58 +08:00
commit 74d612aca1
3193 changed files with 692056 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
backend/app/domain/permissions.py Normal file
View File

@@ -0,0 +1,35 @@
from __future__ import annotations
from app.domain.auth import PermissionContext
def build_permission_context(
role_name: str | None,
domain_permissions: list[str],
) -> PermissionContext:
"""Translate Directus role/group permissions into product capabilities.
We keep the first version intentionally explicit instead of clever:
reviewers can see exactly which strings unlock which capabilities.
"""
normalized = {permission.strip().lower() for permission in domain_permissions if permission}
role_normalized = (role_name or "").strip().lower()
is_admin = role_normalized in {"administrator", "admin"}
def has_any(*values: str) -> bool:
return is_admin or any(value in normalized for value in values)
return PermissionContext(
is_admin=is_admin,
can_manage_sites=has_any("sites.manage", "sites.write"),
can_manage_experiments=has_any("experiments.manage", "experiments.write"),
can_manage_variants=has_any("variants.manage", "variants.write"),
can_manage_releases=has_any("releases.manage", "releases.write"),
can_manage_goals=has_any("goals.manage", "goals.write"),
can_manage_sdk_configs=has_any("sdk_configs.manage", "sdk_configs.write"),
can_use_editor=has_any("editor.manage", "editor.use"),
can_read_runtime=has_any("runtime.read", "runtime.manage"),
raw_permissions=sorted(normalized),
)