71ba0b95a5
Phase B addresses 7 high-severity gaps from the permissions audit: - B1: Enforce tree access check on session start via can_access_tree - B2: Replace all inline permission helpers with centralized permissions.py - B3: Fix require_engineer_or_admin to check is_team_admin before role - B4: Add is_active field on User with enforcement in get_current_active_user - B5: Add admin user management endpoints (list, get, role, team-admin, deactivate, activate) - B6: Add rate limiting on auth/invite endpoints via slowapi (disabled in DEBUG) - B7: Implement refresh token rotation with JTI-based revocation and meaningful logout Also reduces access token TTL from 15 to 5 minutes and updates CLAUDE.md with SaaS/MSP context for future planning sessions. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
32 lines
750 B
Python
32 lines
750 B
Python
from .user import User
|
|
from .team import Team
|
|
from .tree import Tree
|
|
from .session import Session
|
|
from .attachment import Attachment
|
|
from .invite_code import InviteCode
|
|
from .category import TreeCategory
|
|
from .tag import TreeTag, tree_tag_assignments
|
|
from .folder import UserFolder, user_folder_trees
|
|
from .step_category import StepCategory
|
|
from .step_library import StepLibrary, StepRating, StepUsageLog
|
|
from .refresh_token import RefreshToken
|
|
|
|
__all__ = [
|
|
"User",
|
|
"Team",
|
|
"Tree",
|
|
"Session",
|
|
"Attachment",
|
|
"InviteCode",
|
|
"TreeCategory",
|
|
"TreeTag",
|
|
"tree_tag_assignments",
|
|
"UserFolder",
|
|
"user_folder_trees",
|
|
"StepCategory",
|
|
"StepLibrary",
|
|
"StepRating",
|
|
"StepUsageLog",
|
|
"RefreshToken",
|
|
]
|