member/member-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: sync role CRUD with provider client roles

Browse Source
This commit is contained in:
Chris
2026-04-03 01:17:13 +08:00
parent 224f3d67bd
commit 49949498e0
2 changed files with 179 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
app/api/admin_catalog.py
View File

@@ -424,10 +424,19 @@ def list_roles(
def create_role(payload: RoleCreateRequest, db: Session = Depends(get_db)) -> RoleItem:
systems_repo = SystemsRepository(db)
roles_repo = RolesRepository(db)
idp = ProviderAdminService(get_settings())
system = systems_repo.get_by_key(payload.system_key)
if not system:
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="system_not_found")
if not system.provider_client_id:
raise HTTPException(status_code=status.HTTP_409_CONFLICT, detail="system_provider_client_id_missing")
idp.ensure_client_role(
provider_client_id=system.provider_client_id,
provider_role_name=payload.provider_role_name,
description=payload.description,
)
role_key = _generate_unique_key("RL", lambda key: roles_repo.get_by_key(key) is not None)
try:
@@ -459,17 +468,49 @@ def create_role(payload: RoleCreateRequest, db: Session = Depends(get_db)) -> Ro
def update_role(role_key: str, payload: RoleUpdateRequest, db: Session = Depends(get_db)) -> RoleItem:
systems_repo = SystemsRepository(db)
roles_repo = RolesRepository(db)
idp = ProviderAdminService(get_settings())
role = roles_repo.get_by_key(role_key)
if not role:
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="role_not_found")
old_system = systems_repo.get_by_id(role.system_id)
if not old_system:
raise HTTPException(status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, detail="system_reference_missing")
if not old_system.provider_client_id:
raise HTTPException(status_code=status.HTTP_409_CONFLICT, detail="system_provider_client_id_missing")
target_system = old_system
system_id = None
if payload.system_key:
system = systems_repo.get_by_key(payload.system_key)
if not system:
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="system_not_found")
system_id = system.id
target_system = system
if not target_system.provider_client_id:
raise HTTPException(status_code=status.HTTP_409_CONFLICT, detail="system_provider_client_id_missing")
next_provider_role_name = payload.provider_role_name if payload.provider_role_name is not None else role.provider_role_name
next_description = payload.description if payload.description is not None else role.description
if target_system.id != old_system.id:
idp.ensure_client_role(
provider_client_id=target_system.provider_client_id,
provider_role_name=next_provider_role_name,
description=next_description,
)
idp.delete_client_role(
provider_client_id=old_system.provider_client_id,
provider_role_name=role.provider_role_name,
)
else:
idp.update_client_role(
provider_client_id=target_system.provider_client_id,
old_provider_role_name=role.provider_role_name,
new_provider_role_name=next_provider_role_name,
description=next_description,
)
try:
role = roles_repo.update(
@@ -502,11 +543,24 @@ def update_role(role_key: str, payload: RoleUpdateRequest, db: Session = Depends
@router.delete("/roles/{role_key}")
def delete_role(role_key: str, db: Session = Depends(get_db)) -> dict[str, str]:
repo = RolesRepository(db)
role = repo.get_by_key(role_key)
roles_repo = RolesRepository(db)
systems_repo = SystemsRepository(db)
idp = ProviderAdminService(get_settings())
role = roles_repo.get_by_key(role_key)
if not role:
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="role_not_found")
repo.delete(role)
system = systems_repo.get_by_id(role.system_id)
if not system:
raise HTTPException(status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, detail="system_reference_missing")
if not system.provider_client_id:
raise HTTPException(status_code=status.HTTP_409_CONFLICT, detail="system_provider_client_id_missing")
idp.delete_client_role(
provider_client_id=system.provider_client_id,
provider_role_name=role.provider_role_name,
)
roles_repo.delete(role)
return {"deleted": role_key}