mirror of
https://github.com/idrainformatica/PecFlow.git
synced 2026-06-16 12:45:42 +02:00
mgiustini
58a233236c
- docker-compose.yml: PostgreSQL 16, Redis 7, MinIO, Nginx - backend FastAPI: struttura monorepo, config pydantic-settings - modelli SQLAlchemy: tutti i modelli (tenants, users, mailboxes, messages, archival, permissions, labels, audit_log) - migrazione Alembic 0001: schema completo in pure SQL - auth API: login JWT, refresh token rotation, logout, 2FA TOTP (setup/verify/disable) - CRUD utenti: lista, crea, modifica, reset password, soft delete - permessi granulari (Fase 1-A): mailbox_permissions, assegna/revoca/lista - CRUD tenant: gestione super-admin - sicurezza: AES-256-GCM cifratura credenziali IMAP/SMTP, bcrypt password - RLS PostgreSQL: isolamento multi-tenant per request - seed sviluppo: tenant demo + admin + operator - test unit: security (bcrypt, JWT, AES), auth_service - test integration: auth endpoints, users endpoints - CI GitHub Actions: lint (ruff), test (pytest), build Docker, security scan - infra: nginx.conf, redis.conf - Makefile con comandi make dev/test/migrate/seed Definition of Done: ✅ Login, refresh token e TOTP funzionanti ✅ make dev porta in piedi tutto lo stack locale ✅ CI configurata
113 lines
3.3 KiB
Python
113 lines
3.3 KiB
Python
"""
|
|
Router permessi granulari casella (Fase 1-A).
|
|
|
|
Endpoint:
|
|
POST /api/v1/permissions/mailboxes/{mailbox_id}/users/{user_id} → assegna permesso
|
|
DELETE /api/v1/permissions/mailboxes/{mailbox_id}/users/{user_id} → revoca permesso
|
|
GET /api/v1/permissions/mailboxes/{mailbox_id}/users → utenti con accesso
|
|
GET /api/v1/permissions/users/{user_id}/mailboxes → caselle accessibili
|
|
"""
|
|
|
|
import uuid
|
|
|
|
from fastapi import APIRouter
|
|
|
|
from app.dependencies import AdminUser, CurrentUser, DB
|
|
from app.schemas.permission import (
|
|
MailboxUserPermissionResponse,
|
|
PermissionGrantRequest,
|
|
PermissionResponse,
|
|
UserMailboxPermissionResponse,
|
|
)
|
|
from app.services.permission_service import PermissionService
|
|
|
|
router = APIRouter(prefix="/permissions", tags=["Permessi casella"])
|
|
|
|
|
|
@router.post(
|
|
"/mailboxes/{mailbox_id}/users/{user_id}",
|
|
response_model=PermissionResponse,
|
|
status_code=201,
|
|
summary="Assegna permesso utente su casella",
|
|
description="Crea o aggiorna i permessi di un utente su una specifica casella PEC.",
|
|
)
|
|
async def grant_permission(
|
|
mailbox_id: uuid.UUID,
|
|
user_id: uuid.UUID,
|
|
body: PermissionGrantRequest,
|
|
current_user: AdminUser,
|
|
db: DB,
|
|
) -> PermissionResponse:
|
|
service = PermissionService(db)
|
|
perm = await service.grant_permission(
|
|
tenant_id=current_user.tenant_id,
|
|
mailbox_id=mailbox_id,
|
|
user_id=user_id,
|
|
data=body,
|
|
granted_by=current_user,
|
|
)
|
|
return PermissionResponse.model_validate(perm)
|
|
|
|
|
|
@router.delete(
|
|
"/mailboxes/{mailbox_id}/users/{user_id}",
|
|
status_code=204,
|
|
summary="Revoca permesso utente su casella",
|
|
)
|
|
async def revoke_permission(
|
|
mailbox_id: uuid.UUID,
|
|
user_id: uuid.UUID,
|
|
current_user: AdminUser,
|
|
db: DB,
|
|
) -> None:
|
|
service = PermissionService(db)
|
|
await service.revoke_permission(
|
|
mailbox_id=mailbox_id,
|
|
user_id=user_id,
|
|
revoked_by=current_user,
|
|
)
|
|
|
|
|
|
@router.get(
|
|
"/mailboxes/{mailbox_id}/users",
|
|
response_model=list[MailboxUserPermissionResponse],
|
|
summary="Utenti con accesso a una casella",
|
|
)
|
|
async def list_mailbox_users(
|
|
mailbox_id: uuid.UUID,
|
|
current_user: AdminUser,
|
|
db: DB,
|
|
) -> list[MailboxUserPermissionResponse]:
|
|
service = PermissionService(db)
|
|
rows = await service.list_mailbox_users(mailbox_id, current_user.tenant_id)
|
|
return [MailboxUserPermissionResponse(**row) for row in rows]
|
|
|
|
|
|
@router.get(
|
|
"/users/{user_id}/mailboxes",
|
|
response_model=list[UserMailboxPermissionResponse],
|
|
summary="Caselle accessibili a un utente",
|
|
)
|
|
async def list_user_mailboxes(
|
|
user_id: uuid.UUID,
|
|
current_user: AdminUser,
|
|
db: DB,
|
|
) -> list[UserMailboxPermissionResponse]:
|
|
service = PermissionService(db)
|
|
rows = await service.list_user_mailboxes(user_id, current_user.tenant_id)
|
|
return [UserMailboxPermissionResponse(**row) for row in rows]
|
|
|
|
|
|
@router.get(
|
|
"/my/mailboxes",
|
|
response_model=list[UserMailboxPermissionResponse],
|
|
summary="Caselle accessibili all'utente corrente",
|
|
)
|
|
async def my_mailboxes(
|
|
current_user: CurrentUser,
|
|
db: DB,
|
|
) -> list[UserMailboxPermissionResponse]:
|
|
service = PermissionService(db)
|
|
rows = await service.list_user_mailboxes(current_user.id, current_user.tenant_id)
|
|
return [UserMailboxPermissionResponse(**row) for row in rows]
|