mirror/TimeTracker
1
0
Fork 0
mirror of https://github.com/DRYTRIX/TimeTracker.git synced 2026-01-21 20:09:57 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
dae25edece461d2bb9f37334dde81045230e99af
TimeTracker/app/models/__init__.py
Dries Peeters 944b69a7fc feat: implement full permission enforcement and enhanced UI visibility 
BREAKING CHANGE: Permission system now actively enforced across all routes

## Summary
Complete implementation of advanced role-based access control (RBAC) system
with full route protection, UI conditionals, and enhanced management interface.

## Route Protection
- Updated all admin routes to use @admin_or_permission_required decorator
- Replaced inline admin checks with granular permission checks in:
  * Admin routes: user management, settings, backups, telemetry, OIDC
  * Project routes: create, edit, delete, archive, bulk operations
  * Client routes: create, edit, delete, archive, bulk operations
- Maintained backward compatibility with existing @admin_required decorator

## UI Permission Integration
- Added template helpers (has_permission, has_any_permission) to all templates
- Navigation conditionally shows admin/OIDC links based on permissions
- Action buttons (Edit, Delete, Archive) conditional on user permissions
- Project and client pages respect permission requirements
- Create buttons visible only with appropriate permissions

## Enhanced Roles & Permissions UI
- Added statistics dashboard showing:
  * Total roles, system roles, custom roles, assigned users
- Implemented expandable permission details in roles list
  * Click to view all permissions grouped by category
  * Visual checkmarks for assigned permissions
- Enhanced user list with role visibility:
  * Shows all assigned roles as color-coded badges
  * Blue badges for system roles, gray for custom roles
  * Yellow badges for legacy roles with migration prompt
  * Merged legacy role column into unified "Roles & Permissions"
- User count per role now clickable and accurate

## Security Improvements
- Added CSRF tokens to all new permission system forms:
  * Role creation/edit form
  * Role deletion form
  * User role assignment form
- All POST requests now protected against CSRF attacks

## Technical Details
- Fixed SQLAlchemy relationship query issues (AppenderQuery)
- Proper use of .count() for relationship aggregation
- Jinja2 namespace for accumulating counts in templates
- Responsive grid layouts for statistics and permission cards

## Documentation
- Created comprehensive implementation guides
- Added permission enforcement documentation
- Documented UI enhancements and features
- Included CSRF protection review

## Impact
- Permissions are now actively enforced, not just defined
- Admins can easily see who has what access
- Clear visual indicators of permission assignments
- Secure forms with CSRF protection
- Production-ready permission system
2025-10-24 12:49:54 +02:00

65 lines
1.7 KiB
Python
Raw Blame History

from .user import User
from .project import Project
from .time_entry import TimeEntry
from .task import Task
from .settings import Settings
from .invoice import Invoice, InvoiceItem
from .invoice_template import InvoiceTemplate
from .currency import Currency, ExchangeRate
from .tax_rule import TaxRule
from .payments import Payment, CreditNote, InvoiceReminderSchedule
from .reporting import SavedReportView, ReportEmailSchedule
from .client import Client
from .task_activity import TaskActivity
from .extra_good import ExtraGood
from .comment import Comment
from .focus_session import FocusSession
from .recurring_block import RecurringBlock
from .rate_override import RateOverride
from .saved_filter import SavedFilter
from .project_cost import ProjectCost
from .kanban_column import KanbanColumn
from .time_entry_template import TimeEntryTemplate
from .activity import Activity
from .user_favorite_project import UserFavoriteProject
from .client_note import ClientNote
from .weekly_time_goal import WeeklyTimeGoal
from .expense import Expense
from .permission import Permission, Role
__all__ = [
"User",
"Project",
"TimeEntry",
"Task",
"Settings",
"Invoice",
"InvoiceItem",
"Client",
"TaskActivity",
"Comment",
"FocusSession",
"RecurringBlock",
"RateOverride",
"SavedFilter",
"ProjectCost",
"InvoiceTemplate",
"Currency",
"ExchangeRate",
"TaxRule",
"Payment",
"CreditNote",
"InvoiceReminderSchedule",
"SavedReportView",
"ReportEmailSchedule",
"KanbanColumn",
"TimeEntryTemplate",
"Activity",
"UserFavoriteProject",
"ClientNote",
"WeeklyTimeGoal",
"Expense",
"Permission",
"Role",
]
Reference in New Issue View Git Blame Copy Permalink