113 lines
3.4 KiB
Python
113 lines
3.4 KiB
Python
"""
|
|
Router permessi granulari casella (Fase 1-A).
|
|
|
|
Endpoint:
|
|
POST /api/v1/permissions/mailboxes/{mailbox_id}/users/{user_id} → assegna permesso
|
|
DELETE /api/v1/permissions/mailboxes/{mailbox_id}/users/{user_id} → revoca permesso
|
|
GET /api/v1/permissions/mailboxes/{mailbox_id}/users → utenti con accesso
|
|
GET /api/v1/permissions/users/{user_id}/mailboxes → caselle accessibili
|
|
"""
|
|
|
|
import uuid
|
|
|
|
from fastapi import APIRouter
|
|
|
|
from app.dependencies import AdminUser, CurrentUser, DB, SupervisorOrAdminUser
|
|
from app.schemas.permission import (
|
|
MailboxUserPermissionResponse,
|
|
PermissionGrantRequest,
|
|
PermissionResponse,
|
|
UserMailboxPermissionResponse,
|
|
)
|
|
from app.services.permission_service import PermissionService
|
|
|
|
router = APIRouter(prefix="/permissions", tags=["Permessi casella"])
|
|
|
|
|
|
@router.post(
|
|
"/mailboxes/{mailbox_id}/users/{user_id}",
|
|
response_model=PermissionResponse,
|
|
status_code=201,
|
|
summary="Assegna permesso utente su casella",
|
|
description="Crea o aggiorna i permessi di un utente su una specifica casella PEC.",
|
|
)
|
|
async def grant_permission(
|
|
mailbox_id: uuid.UUID,
|
|
user_id: uuid.UUID,
|
|
body: PermissionGrantRequest,
|
|
current_user: SupervisorOrAdminUser,
|
|
db: DB,
|
|
) -> PermissionResponse:
|
|
service = PermissionService(db)
|
|
perm = await service.grant_permission(
|
|
tenant_id=current_user.tenant_id,
|
|
mailbox_id=mailbox_id,
|
|
user_id=user_id,
|
|
data=body,
|
|
granted_by=current_user,
|
|
)
|
|
return PermissionResponse.model_validate(perm)
|
|
|
|
|
|
@router.delete(
|
|
"/mailboxes/{mailbox_id}/users/{user_id}",
|
|
status_code=204,
|
|
summary="Revoca permesso utente su casella",
|
|
)
|
|
async def revoke_permission(
|
|
mailbox_id: uuid.UUID,
|
|
user_id: uuid.UUID,
|
|
current_user: SupervisorOrAdminUser,
|
|
db: DB,
|
|
) -> None:
|
|
service = PermissionService(db)
|
|
await service.revoke_permission(
|
|
mailbox_id=mailbox_id,
|
|
user_id=user_id,
|
|
revoked_by=current_user,
|
|
)
|
|
|
|
|
|
@router.get(
|
|
"/mailboxes/{mailbox_id}/users",
|
|
response_model=list[MailboxUserPermissionResponse],
|
|
summary="Utenti con accesso a una casella",
|
|
)
|
|
async def list_mailbox_users(
|
|
mailbox_id: uuid.UUID,
|
|
current_user: SupervisorOrAdminUser,
|
|
db: DB,
|
|
) -> list[MailboxUserPermissionResponse]:
|
|
service = PermissionService(db)
|
|
rows = await service.list_mailbox_users(mailbox_id, current_user.tenant_id)
|
|
return [MailboxUserPermissionResponse(**row) for row in rows]
|
|
|
|
|
|
@router.get(
|
|
"/users/{user_id}/mailboxes",
|
|
response_model=list[UserMailboxPermissionResponse],
|
|
summary="Caselle accessibili a un utente",
|
|
)
|
|
async def list_user_mailboxes(
|
|
user_id: uuid.UUID,
|
|
current_user: SupervisorOrAdminUser,
|
|
db: DB,
|
|
) -> list[UserMailboxPermissionResponse]:
|
|
service = PermissionService(db)
|
|
rows = await service.list_user_mailboxes(user_id, current_user.tenant_id)
|
|
return [UserMailboxPermissionResponse(**row) for row in rows]
|
|
|
|
|
|
@router.get(
|
|
"/my/mailboxes",
|
|
response_model=list[UserMailboxPermissionResponse],
|
|
summary="Caselle accessibili all'utente corrente",
|
|
)
|
|
async def my_mailboxes(
|
|
current_user: CurrentUser,
|
|
db: DB,
|
|
) -> list[UserMailboxPermissionResponse]:
|
|
service = PermissionService(db)
|
|
rows = await service.list_user_mailboxes(current_user.id, current_user.tenant_id)
|
|
return [UserMailboxPermissionResponse(**row) for row in rows]
|