hzhang/HangmanLab.Backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add 'agent' API key role (content CRUD + backup)

Browse Source 
- ALLOWED_API_KEY_ROLES (+ apikey_cli ALLOWED_ROLES) gain 'agent'.
- 'agent' added to require_auth on markdown/patch/path create/update/
  delete/move and backup get/load. apikey mint, /backup/convert, logs,
  config, webhook and permission/template settings stay admin-only.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
h z
2026-05-17 15:06:17 +01:00
parent 9383f8cb03
commit b31480bf25
6 changed files with 18 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
api/patch.py
View File

@@ -51,7 +51,7 @@ def get_patches(markdown_id):
@patch_bp.route('/', methods=['POST'])
@require_auth(roles=['admin', 'creator'])
@require_auth(roles=['admin', 'creator', 'agent'])
@limiter.limit(api.get_rate_limit)
def create_patch():
"""Create a patch card. Body: markdown_id, content, title?, order?"""
@@ -89,7 +89,7 @@ def create_patch():
@patch_bp.route('/<int:patch_id>', methods=['PUT', 'PATCH'])
@require_auth(roles=['admin', 'creator'])
@require_auth(roles=['admin', 'creator', 'agent'])
@limiter.limit(api.get_rate_limit)
def update_patch(patch_id):
"""Update a patch card (title/content/order)."""
@@ -118,7 +118,7 @@ def update_patch(patch_id):
@patch_bp.route('/<int:patch_id>', methods=['DELETE'])
@require_auth(roles=['admin'])
@require_auth(roles=['admin', 'agent'])
@limiter.limit(api.get_rate_limit)
def delete_patch(patch_id):
"""Delete a patch card."""