feat(P2.1): register 9 new permissions (milestone/task/propose actions) + wire check_permission in all action endpoints
- Add milestone.freeze/start/close, task.close/reopen_closed/reopen_completed, propose.accept/reject/reopen to DEFAULT_PERMISSIONS - Replace placeholder check_project_role with check_permission in proposes.py accept/reject/reopen - Replace freeform permission strings with dotted names in milestone_actions.py - Add task.close and task.reopen_* permission checks in tasks.py transition endpoint - Admin role auto-inherits all new permissions via init_wizard
This commit is contained in:
@@ -156,7 +156,7 @@ def freeze_milestone(
|
||||
- Caller must have ``freeze milestone`` permission.
|
||||
"""
|
||||
check_project_role(db, current_user.id, project_id, min_role="mgr")
|
||||
check_permission(db, current_user.id, project_id, "freeze milestone")
|
||||
check_permission(db, current_user.id, project_id, "milestone.freeze")
|
||||
|
||||
ms = _get_milestone_or_404(db, project_id, milestone_id)
|
||||
|
||||
@@ -222,7 +222,7 @@ def start_milestone(
|
||||
- Caller must have ``start milestone`` permission.
|
||||
"""
|
||||
check_project_role(db, current_user.id, project_id, min_role="mgr")
|
||||
check_permission(db, current_user.id, project_id, "start milestone")
|
||||
check_permission(db, current_user.id, project_id, "milestone.start")
|
||||
|
||||
ms = _get_milestone_or_404(db, project_id, milestone_id)
|
||||
|
||||
@@ -314,7 +314,7 @@ def close_milestone(
|
||||
- Caller must have ``close milestone`` permission.
|
||||
"""
|
||||
check_project_role(db, current_user.id, project_id, min_role="mgr")
|
||||
check_permission(db, current_user.id, project_id, "close milestone")
|
||||
check_permission(db, current_user.id, project_id, "milestone.close")
|
||||
|
||||
ms = _get_milestone_or_404(db, project_id, milestone_id)
|
||||
current = _ms_status_value(ms)
|
||||
|
||||
Reference in New Issue
Block a user