31 lines
1.3 KiB
Python
31 lines
1.3 KiB
Python
# /opt/docker/dev/service_finder/backend/app/core/rbac.py
|
|
from fastapi import HTTPException, Depends, status
|
|
from app.api.deps import get_current_user
|
|
from app.models.identity import User
|
|
from app.core.config import settings
|
|
|
|
class RBAC:
|
|
def __init__(self, required_perm: str = None, min_rank: int = 0):
|
|
self.required_perm = required_perm
|
|
self.min_rank = min_rank
|
|
|
|
async def __call__(self, current_user: User = Depends(get_current_user)):
|
|
# 1. Superadmin mindent visz (Rank 100)
|
|
if current_user.role == "superadmin":
|
|
return True
|
|
|
|
# 2. Dinamikus rang ellenőrzés a központi rank_map alapján
|
|
user_rank = settings.DEFAULT_RANK_MAP.get(current_user.role.value, 0)
|
|
if user_rank < self.min_rank:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_403_FORBIDDEN,
|
|
detail=f"Elégtelen rang. Szükséges szint: {self.min_rank}"
|
|
)
|
|
|
|
# 3. Egyedi képességek (capabilities) ellenőrzése
|
|
if self.required_perm:
|
|
user_perms = current_user.custom_permissions.get("capabilities", [])
|
|
if self.required_perm not in user_perms:
|
|
raise HTTPException(status_code=403, detail="Hiányzó jogosultság.")
|
|
|
|
return True |