feat: права и инвайты

This commit is contained in:
Artem Tsyrulnikov
2025-12-14 13:49:25 +03:00
parent f3e09a08eb
commit 4c3873c727
43 changed files with 1111 additions and 127 deletions

View File

@@ -0,0 +1,46 @@
from __future__ import annotations
import uuid
from typing import TYPE_CHECKING
from src import domain, dto
from src.usecase.workspace.mappers import workspace_member_to_dto
if TYPE_CHECKING:
from .. import Usecase
async def update_workspace_member_permissions(
self: Usecase,
workspace_id: uuid.UUID,
workspace_user_id: uuid.UUID,
user_id: uuid.UUID,
input: dto.UpdateWorkspaceMemberPermissionsInput,
) -> dto.WorkspaceMemberOutput:
await self.ensure_workspace_permission(workspace_id, user_id, domain.PermissionKey.ADMIN_FULL)
member = await self.database.get_workspace_member(workspace_user_id)
if not member or member.workspace_id != workspace_id:
raise domain.WorkspaceAccessDenied(workspace_id)
global_permissions: set[domain.PermissionKey] = set()
scoped_assignments: set[tuple[domain.PermissionKey, domain.PermissionScopeType, uuid.UUID]] = set()
for permission in input.permissions:
if permission.scopes:
for scope in permission.scopes:
scoped_assignments.add((permission.key, scope.type, scope.id))
else:
global_permissions.add(permission.key)
await self.database.set_workspace_user_permissions(
member.id,
global_permissions=global_permissions,
scoped_permissions=list(scoped_assignments),
)
updated_member = await self.database.get_workspace_member(member.id)
if not updated_member:
raise domain.WorkspaceAccessDenied(workspace_id)
return workspace_member_to_dto(updated_member)