Idra-Informatica/PecHub
1
0
Fork 0
mirror of https://github.com/idrainformatica/PecFlow.git synced 2026-06-16 12:45:42 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

Ruolo supervisor

Browse Source
This commit is contained in:
Matteo Giustini
2026-03-27 14:43:42 +01:00
parent ab6db28449
commit d7ae840ac6
9 changed files with 166 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/app/api/v1/mailboxes.py
+6 -4
View File
@@ -77,15 +77,15 @@ async def list_mailboxes(
"""
svc = _svc(db)
if current_user.is_admin:
# Admin: tutte le caselle del tenant
if current_user.is_supervisor_or_admin:
# Admin e supervisor: tutte le caselle del tenant
items, total = await svc.list_mailboxes(
tenant_id=current_user.tenant_id,
page=page,
page_size=page_size,
)
else:
# Operatori: caselle con permesso
# Operator e readonly: caselle con permesso esplicito
from app.services.permission_service import PermissionService
perm_svc = PermissionService(db)
visible_ids = await perm_svc.get_visible_mailboxes(current_user)
@@ -140,7 +140,9 @@ async def get_unread_counts(
from app.models.message import Message
# Determina le caselle visibili
if current_user.is_admin:
# Admin e supervisor: nessun filtro (accesso a tutto il tenant)
# Operator e readonly: solo caselle con permesso esplicito can_read
if current_user.is_supervisor_or_admin:
visible_ids = None # nessun filtro
else:
from app.services.permission_service import PermissionService
backend/app/api/v1/messages.py
+7 -4
View File
@@ -96,11 +96,14 @@ async def _get_visible_mailbox_ids(
user, db: AsyncSession
) -> Optional[list[uuid.UUID]]:
"""
Per utenti non-admin restituisce la lista di mailbox_id accessibili.
Restituisce None se l'utente e admin (accesso illimitato al tenant).
Per utenti non-admin/supervisor restituisce la lista di mailbox_id accessibili.
Restituisce None se l'utente e' admin o supervisor (accesso illimitato al tenant).
Admin e supervisor: None (nessun filtro, query diretta sull'intero tenant).
Operator e readonly: lista esplicita di caselle con can_read=True.
"""
if user.is_admin:
return None # nessun filtro per admin
if user.is_supervisor_or_admin:
return None # nessun filtro per admin e supervisor
from app.services.permission_service import PermissionService
perm_svc = PermissionService(db)