refactor: rebuild backend around role-site authorization model

2026-04-02 23:58:13 +08:00
parent 0bc667847d
commit 2f92b94f59
43 changed files with 1593 additions and 2257 deletions
--- a/README.md
+++ b/README.md
@@ -8,6 +8,7 @@ python -m venv .venv
 source .venv/bin/activate
 pip install -e .
 cp .env.example .env
+psql "$DATABASE_URL" -f scripts/init_schema.sql
 ./scripts/start_dev.sh
 ```

@@ -36,6 +37,25 @@ cp .env.example .env
 - `POST /auth/oidc/exchange`
 - `GET /me` (Bearer token required)
 - `GET /me/permissions/snapshot` (Bearer token required)
+
+### Admin APIs (Bearer + admin group required)
+- `GET/POST/PATCH/DELETE /admin/companies`
+- `GET/POST/PATCH/DELETE /admin/sites`
+- `GET/POST/PATCH/DELETE /admin/systems`
+- `GET/POST/PATCH/DELETE /admin/roles`
+- `GET/POST/PATCH/DELETE /admin/members`
+- `PUT /admin/sites/{site_key}/roles`
+- `PUT /admin/members/{user_sub}/sites`
+- `GET /admin/members/{user_sub}/roles`
+- `GET/POST/PATCH/DELETE /admin/api-clients`
+
+### Internal APIs (`X-Client-Key` + `X-API-Key`)
+- `GET /internal/companies`
+- `GET /internal/sites`
+- `GET /internal/systems`
+- `GET /internal/roles`
+- `GET /internal/members`
 - `POST /internal/users/upsert-by-sub`
+- `GET /internal/users/{user_sub}/roles`
 - `GET /internal/permissions/{user_sub}/snapshot`
 - `POST /internal/idp/users/ensure`