feat(knowledge-base): KnowledgeBase feature — models, CRUD API, RBAC

New entities mirroring the Project shape: - knowledge_bases (human code, title, description, created_by, timestamps) - knowledge_topics (UNIQUE(topic, knowledge_base_id)) - knowledge_categories (self-referential parent; UNIQUE(topic_id, parent, name), with an app-level check for the NULL-parent case MySQL can't enforce) - knowledge_facts (category_id NULL → fact lives directly on the topic) - project_knowledge_bases (M2M project ↔ knowledge base) Adds full CRUD for KB/topic/category/fact, a nested /tree aggregate, project link/unlink/list, KB-code generation (same algorithm as project codes), and category cycle-prevention. Four global permissions (knowledge-base.create/read/update/delete) seeded in init_bootstrap and granted to admin/mgr/dev/general-agent/guest as appropriate. New tables auto-create via Base.metadata.create_all; router wired in main.py. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-31 15:03:14 +01:00
parent 88779d2db0
commit 9feff8e008
6 changed files with 1160 additions and 1 deletions
--- a/app/init_bootstrap.py
+++ b/app/init_bootstrap.py
@@ -39,6 +39,11 @@ DEFAULT_PERMISSIONS = [
    ("project.create", "Create a project", "project"),
    ("project.delete", "Delete project", "project"),
    ("project.manage_members", "Manage project members", "project"),
+    # Knowledge base permissions
+    ("knowledge-base.read", "View knowledge bases", "knowledge-base"),
+    ("knowledge-base.create", "Create a knowledge base", "knowledge-base"),
+    ("knowledge-base.update", "Edit a knowledge base and its structure", "knowledge-base"),
+    ("knowledge-base.delete", "Delete a knowledge base", "knowledge-base"),
    # Task/Milestone permissions
    ("task.create", "Create tasks", "task"),
    ("task.read", "View tasks", "task"),
@@ -106,6 +111,7 @@ def init_default_permissions(db: Session) -> list[Permission]:
 # ---------------------------------------------------------------------------
 _MGR_PERMISSIONS = {
    "project.read", "project.write", "project.create", "project.manage_members",
+    "knowledge-base.read", "knowledge-base.create", "knowledge-base.update", "knowledge-base.delete",
    "task.create", "task.read", "task.write", "task.delete",
    "milestone.create", "milestone.read", "milestone.write", "milestone.delete",
    "milestone.freeze", "milestone.start", "milestone.close",
@@ -118,6 +124,7 @@ _MGR_PERMISSIONS = {

 _DEV_PERMISSIONS = {
    "project.read",
+    "knowledge-base.read", "knowledge-base.update",
    "task.create", "task.read", "task.write",
    "milestone.read",
    "task.close", "task.reopen_closed", "task.reopen_completed",
@@ -138,6 +145,7 @@ _ACCOUNT_MANAGER_PERMISSIONS = {
 # without admin intervention.
 _GENERAL_AGENT_PERMISSIONS = {
    "project.read",
+    "knowledge-base.read",
    "task.read",
    "milestone.read",
    "monitor.read",