aljaz/enclava
1
0
Fork 0
mirror of https://github.com/aljazceru/enclava.git synced 2025-12-17 23:44:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

mega changes

Browse Source
This commit is contained in:
Aljaz Ceru
2025-11-20 11:11:18 +01:00
parent e070c95190
commit 841d79f26b
138 changed files with 21499 additions and 8844 deletions
Download Patch File Download Diff File Expand all files Collapse all files

153
backend/app/api/v1/platform.py
View File

@@ -7,7 +7,11 @@ from typing import List, Dict, Any, Optional
from fastapi import APIRouter, Depends, HTTPException, status
from pydantic import BaseModel
from app.services.permission_manager import permission_registry, Permission, PermissionScope
from app.services.permission_manager import (
permission_registry,
Permission,
PermissionScope,
)
from app.core.logging import get_logger
from app.core.security import get_current_user
@@ -77,7 +81,7 @@ async def get_available_permissions(namespace: Optional[str] = None):
"""Get all available permissions, optionally filtered by namespace"""
try:
permissions = permission_registry.get_available_permissions(namespace)
# Convert to response format
result = {}
for ns, perms in permissions.items():
@@ -86,18 +90,18 @@ async def get_available_permissions(namespace: Optional[str] = None):
resource=perm.resource,
action=perm.action,
description=perm.description,
conditions=getattr(perm, 'conditions', None)
conditions=getattr(perm, "conditions", None),
)
for perm in perms
]
return result
except Exception as e:
logger.error(f"Error getting permissions: {str(e)}")
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail=f"Failed to get permissions: {str(e)}"
detail=f"Failed to get permissions: {str(e)}",
)
@@ -107,12 +111,12 @@ async def get_permission_hierarchy():
try:
hierarchy = permission_registry.get_permission_hierarchy()
return PermissionHierarchyResponse(hierarchy=hierarchy)
except Exception as e:
logger.error(f"Error getting permission hierarchy: {str(e)}")
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail=f"Failed to get permission hierarchy: {str(e)}"
detail=f"Failed to get permission hierarchy: {str(e)}",
)
@@ -120,44 +124,43 @@ async def get_permission_hierarchy():
async def validate_permissions(request: PermissionValidationRequest):
"""Validate a list of permissions"""
try:
validation_result = permission_registry.validate_permissions(request.permissions)
validation_result = permission_registry.validate_permissions(
request.permissions
)
return PermissionValidationResponse(**validation_result)
except Exception as e:
logger.error(f"Error validating permissions: {str(e)}")
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail=f"Failed to validate permissions: {str(e)}"
detail=f"Failed to validate permissions: {str(e)}",
)
@router.post("/permissions/check", response_model=PermissionCheckResponse)
async def check_permission(
request: PermissionCheckRequest,
current_user: Dict[str, Any] = Depends(get_current_user)
current_user: Dict[str, Any] = Depends(get_current_user),
):
"""Check if user has a specific permission"""
try:
has_permission = permission_registry.check_permission(
request.user_permissions,
request.required_permission,
request.context
request.user_permissions, request.required_permission, request.context
)
matching_permissions = list(permission_registry.tree.get_matching_permissions(
request.user_permissions
))
matching_permissions = list(
permission_registry.tree.get_matching_permissions(request.user_permissions)
)
return PermissionCheckResponse(
has_permission=has_permission,
matching_permissions=matching_permissions
has_permission=has_permission, matching_permissions=matching_permissions
)
except Exception as e:
logger.error(f"Error checking permission: {str(e)}")
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail=f"Failed to check permission: {str(e)}"
detail=f"Failed to check permission: {str(e)}",
)
@@ -166,22 +169,22 @@ async def get_module_permissions(module_id: str):
"""Get permissions for a specific module"""
try:
permissions = permission_registry.get_module_permissions(module_id)
return [
PermissionResponse(
resource=perm.resource,
action=perm.action,
description=perm.description,
conditions=getattr(perm, 'conditions', None)
conditions=getattr(perm, "conditions", None),
)
for perm in permissions
]
except Exception as e:
logger.error(f"Error getting module permissions: {str(e)}")
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail=f"Failed to get module permissions: {str(e)}"
detail=f"Failed to get module permissions: {str(e)}",
)
@@ -191,27 +194,28 @@ async def create_role(request: RoleRequest):
"""Create a custom role with specific permissions"""
try:
# Validate permissions first
validation_result = permission_registry.validate_permissions(request.permissions)
validation_result = permission_registry.validate_permissions(
request.permissions
)
if not validation_result["is_valid"]:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=f"Invalid permissions: {validation_result['invalid']}"
detail=f"Invalid permissions: {validation_result['invalid']}",
)
permission_registry.create_role(request.role_name, request.permissions)
return RoleResponse(
role_name=request.role_name,
permissions=request.permissions
role_name=request.role_name, permissions=request.permissions
)
except HTTPException:
raise
except Exception as e:
logger.error(f"Error creating role: {str(e)}")
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail=f"Failed to create role: {str(e)}"
detail=f"Failed to create role: {str(e)}",
)
@@ -220,14 +224,17 @@ async def get_roles():
"""Get all available roles and their permissions"""
try:
# Combine default roles and custom roles
all_roles = {**permission_registry.default_roles, **permission_registry.role_permissions}
all_roles = {
**permission_registry.default_roles,
**permission_registry.role_permissions,
}
return all_roles
except Exception as e:
logger.error(f"Error getting roles: {str(e)}")
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail=f"Failed to get roles: {str(e)}"
detail=f"Failed to get roles: {str(e)}",
)
@@ -236,28 +243,25 @@ async def get_role(role_name: str):
"""Get a specific role and its permissions"""
try:
# Check default roles first, then custom roles
permissions = (permission_registry.role_permissions.get(role_name) or
permission_registry.default_roles.get(role_name))
permissions = permission_registry.role_permissions.get(
role_name
) or permission_registry.default_roles.get(role_name)
if permissions is None:
raise HTTPException(
status_code=status.HTTP_404_NOT_FOUND,
detail=f"Role '{role_name}' not found"
detail=f"Role '{role_name}' not found",
)
return RoleResponse(
role_name=role_name,
permissions=permissions,
created=True
)
return RoleResponse(role_name=role_name, permissions=permissions, created=True)
except HTTPException:
raise
except Exception as e:
logger.error(f"Error getting role: {str(e)}")
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail=f"Failed to get role: {str(e)}"
detail=f"Failed to get role: {str(e)}",
)
@@ -267,21 +271,20 @@ async def calculate_user_permissions(request: UserPermissionsRequest):
"""Calculate effective permissions for a user based on roles and custom permissions"""
try:
effective_permissions = permission_registry.get_user_permissions(
request.roles,
request.custom_permissions
request.roles, request.custom_permissions
)
return UserPermissionsResponse(
effective_permissions=effective_permissions,
roles=request.roles,
custom_permissions=request.custom_permissions or []
custom_permissions=request.custom_permissions or [],
)
except Exception as e:
logger.error(f"Error calculating user permissions: {str(e)}")
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail=f"Failed to calculate user permissions: {str(e)}"
detail=f"Failed to calculate user permissions: {str(e)}",
)
@@ -293,8 +296,10 @@ async def platform_health():
# Get permission system status
total_permissions = len(permission_registry.tree.permissions)
total_modules = len(permission_registry.module_permissions)
total_roles = len(permission_registry.default_roles) + len(permission_registry.role_permissions)
total_roles = len(permission_registry.default_roles) + len(
permission_registry.role_permissions
)
return {
"status": "healthy",
"service": "Confidential Empire Platform API",
@@ -302,16 +307,13 @@ async def platform_health():
"permission_system": {
"total_permissions": total_permissions,
"registered_modules": total_modules,
"available_roles": total_roles
}
"available_roles": total_roles,
},
}
except Exception as e:
logger.error(f"Error checking platform health: {str(e)}")
return {
"status": "unhealthy",
"error": str(e)
}
return {"status": "unhealthy", "error": str(e)}
@router.get("/metrics")
@@ -320,28 +322,29 @@ async def platform_metrics():
try:
# Get permission system metrics
namespaces = permission_registry.get_available_permissions()
metrics = {
"permissions": {
"total": len(permission_registry.tree.permissions),
"by_namespace": {ns: len(perms) for ns, perms in namespaces.items()}
"by_namespace": {ns: len(perms) for ns, perms in namespaces.items()},
},
"modules": {
"registered": len(permission_registry.module_permissions),
"names": list(permission_registry.module_permissions.keys())
"names": list(permission_registry.module_permissions.keys()),
},
"roles": {
"default": len(permission_registry.default_roles),
"custom": len(permission_registry.role_permissions),
"total": len(permission_registry.default_roles) + len(permission_registry.role_permissions)
}
"total": len(permission_registry.default_roles)
+ len(permission_registry.role_permissions),
},
}
return metrics
except Exception as e:
logger.error(f"Error getting platform metrics: {str(e)}")
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail=f"Failed to get platform metrics: {str(e)}"
)
detail=f"Failed to get platform metrics: {str(e)}",
)