chihlasm/resolutionflow
1
0
Fork 0
Code Issues 23 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
34daa26a6756bf670131f6a779a3ce02b8d529af
resolutionflow/backend/alembic/versions/010_add_is_super_admin.py
chihlasm 34daa26a67 feat: implement RBAC permissions system 
Add role-based access control with hierarchy: super_admin > team_admin >
engineer > viewer. Adds is_super_admin boolean to User model (migration 010),
centralized backend permissions module, frontend usePermissions hook, and
UI enforcement (conditional Create/Edit buttons, editor redirect for viewers,
role badge in header). All endpoint admin checks updated from role=="admin"
to is_super_admin.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-05 02:42:44 -05:00

34 lines
962 B
Python
Raw Blame History

"""add is_super_admin to users
Revision ID: 010
Revises: 009
Create Date: 2026-02-05
"""
from typing import Sequence, Union
from alembic import op
import sqlalchemy as sa
# revision identifiers, used by Alembic.
revision: str = '010'
down_revision: Union[str, None] = '009'
branch_labels: Union[str, Sequence[str], None] = None
depends_on: Union[str, Sequence[str], None] = None
def upgrade() -> None:
# Add is_super_admin flag
op.add_column('users',
sa.Column('is_super_admin', sa.Boolean(), nullable=False, server_default=sa.text('false'))
)
# Migrate existing admin users: promote to super admin AND normalize role
op.execute("UPDATE users SET is_super_admin = TRUE, role = 'engineer' WHERE role = 'admin'")
def downgrade() -> None:
# Restore admin role for super admins before dropping column
op.execute("UPDATE users SET role = 'admin' WHERE is_super_admin = TRUE")
op.drop_column('users', 'is_super_admin')
Reference in New Issue View Git Blame Copy Permalink