hzhang/HangmanLab.Backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add 'agent' API key role (content CRUD + backup)

Browse Source 
- ALLOWED_API_KEY_ROLES (+ apikey_cli ALLOWED_ROLES) gain 'agent'.
- 'agent' added to require_auth on markdown/patch/path create/update/
  delete/move and backup get/load. apikey mint, /backup/convert, logs,
  config, webhook and permission/template settings stay admin-only.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
h z
2026-05-17 15:06:17 +01:00
parent 9383f8cb03
commit b31480bf25
6 changed files with 18 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
api/markdown.py
View File

@@ -194,7 +194,7 @@ def get_markdown(markdown_id):
return jsonify(markdown.to_dict()), 200
@markdown_bp.route('/', methods=['POST'])
@require_auth(roles=['admin', 'creator'])
@require_auth(roles=['admin', 'creator', 'agent'])
@limiter.limit(api.get_rate_limit)
def create_markdown():
"""
@@ -250,7 +250,7 @@ def create_markdown():
return jsonify({"error": f"create failed - {errno}"}), 500
@markdown_bp.route('/<int:markdown_id>', methods=['PUT', 'PATCH'])
@require_auth(roles=['admin', 'creator'])
@require_auth(roles=['admin', 'creator', 'agent'])
@limiter.limit(api.get_rate_limit)
def update_markdown(markdown_id):
"""
@@ -315,7 +315,7 @@ def update_markdown(markdown_id):
return jsonify(markdown.to_dict()), 200
@markdown_bp.route('/<int:markdown_id>', methods=['DELETE'])
@require_auth(roles=['admin'])
@require_auth(roles=['admin', 'agent'])
@limiter.limit(api.get_rate_limit)
def delete_markdown(markdown_id):
"""
@@ -391,7 +391,7 @@ def delete_markdown(markdown_id):
@markdown_bp.route('/move_forward/<int:markdown_id>', methods=['PATCH'])
@require_auth(roles=['admin'])
@require_auth(roles=['admin', 'agent'])
@limiter.limit(api.get_rate_limit)
def move_forward(markdown_id):
"""
@@ -428,7 +428,7 @@ def move_forward(markdown_id):
@markdown_bp.route('/move_backward/<int:markdown_id>', methods=['PATCH'])
@require_auth(roles=['admin'])
@require_auth(roles=['admin', 'agent'])
@limiter.limit(api.get_rate_limit)
def move_backward(markdown_id):
"""