From 50486aae891462eb1f6210e0e2bc7829c0cb63be Mon Sep 17 00:00:00 2001
From: Michael Chihlas <michael@chihlas.com>
Date: Sat, 14 Mar 2026 01:30:58 -0400
Subject: [PATCH] feat: add can_manage_script_template permission check

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 backend/app/core/permissions.py | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/backend/app/core/permissions.py b/backend/app/core/permissions.py
index ba34dd62..639c4af6 100644
--- a/backend/app/core/permissions.py
+++ b/backend/app/core/permissions.py
@@ -169,3 +169,19 @@ def can_create_step_category(user: User, account_id: Optional[UUID]) -> bool:
     if user.account_role == "owner" and account_id == user.account_id and user.account_id is not None:
         return True
     return False
+
+
+def can_manage_script_template(user: User, template_created_by: Optional[UUID], template_account_id: Optional[UUID] = None) -> bool:
+    """Can the user edit/delete this script template?
+
+    - Super admins can manage any template
+    - Account owners can manage any template in their account
+    - Engineers can manage templates they created
+    """
+    if user.is_super_admin:
+        return True
+    if user.account_role == "owner" and template_account_id == user.account_id and user.account_id is not None:
+        return True
+    if template_created_by == user.id:
+        return True
+    return False