Xj ddlmZddlmZmZmZddlmZddlm Z ddl m Z ddl mZeeZdeded efd Zded efd Zded efd Zded efd Zded efdZded efdZded efdZd efdZd efdZd efdZdS))Callable)Depends HTTPExceptionstatus) get_logger)get_current_user)check_permission)Userresourceactionreturnc\ttfdtdtffd }|S)N current_userr cK|j}|s{ddlm}||jd}d|D}t d|Ds=t d|jttj dd}t|j|}|sIt d |jd d ttj d d |S)Nrget_user_rolescg|] }|d S role_code.0roles ;/lsinfo/ai/hellotax_ai/base_platform/app/api/permissions.py zBrequire_permission..permission_checker..sCCC${+CCCc3K|]}|dvV dS))platform_admin platform_userNrrcodes r zArequire_permission..permission_checker..s(ZZttBBZZZZZZrz*Non-platform user without tenant_id: user=z(Non-platform users must have a tenant_id status_codedetail)user_id tenant_idr r zPermission denied: user=z , resource=z , action=zPermission denied: z on ) r'app.core.permissionsridanyloggerwarningrrHTTP_403_FORBIDDENcasbin_check_permission)rr'r user_roles role_codeshas_permissionr r s rpermission_checkerz.require_permission..permission_checkersC *   ; ; ; ; ; ;' ;;JCC CCCJZZzZZZZZ ]LO]]^^^# & 9EI0 Oy8TZ     NNmlommRZmmekmm n n n"5CVCCCC rrrr )r r r2s`` rrequire_permissionr4 sO6=>N6O6OtTX2 rc"t|dS)Nreadr4r s r require_readr9+s h / //rc"t|dS)Ncreater7r8s rrequire_creater</ h 1 11rc"t|dSNupdater7r8s rrequire_updaterA3r=rc"t|dS)Ndeleter7r8s rrequire_deleterD7r=rc"t|dS)Nexecuter7r8s rrequire_executerG;s h 2 22rc"t|dSr?r7r8s r require_writerI?r=rcRttfdtdtfd}|S)Nrr cKddlm}|jpd}||j|}d|D}t d|Dst t jd|S)Nrrcg|] }|d Srrrs rrz8require_admin..admin_checker..J???Dd;'???rc3K|]}|dvV dS))rcustomer_adminNrr s rr"z7require_admin..admin_checker..Ks(WWD4??WWWWWWrzAdmin access requiredr#)r(rr'r)r*rrr-rrr'r/r0s r admin_checkerz$require_admin..admin_checkerEs777777 */a #^LOY?? ??J??? WWJWWWWW "5>U rr3)rQs r require_adminrRCs=189I1J1J  $ t     rcRttfdtdtfd}|S)Nrr cKddlm}|jpd}||j|}d|D}d|vrt t jd|S)Nrrcg|] }|d Srrrs rrzJrequire_platform_admin..platform_admin_checker..[rMrrzPlatform admin access requiredr#r(rr'r)rrr-rPs rplatform_admin_checkerz6require_platform_admin..platform_admin_checkerVs~777777 */a #^LOY?? ??J??? : - -"5>^ rr3)rWs rrequire_platform_adminrXTs>:ABR:S:S  4 X\     "!rcRttfdtdtfd}|S)Nrr cKddlm}|jpd}||j|}d|D}d|vrt t jd|S)Nrrcg|] }|d Srrrs rrzFrequire_tenant_admin..tenant_admin_checker..lrMrrOzTenant admin access requiredr#rVrPs rtenant_admin_checkerz2require_tenant_admin..tenant_admin_checkergs~777777 */a #^LOY?? ??J??? : - -"5>\ rr3)r\s rrequire_tenant_adminr]es>8?@P8Q8Q   VZ     rN)collections.abcrfastapirrrcommon_loggingr app.api.depsrr(r r.app.models.userr __name__r+strr4r9r<rArDrGrIrRrXr]rrrres$$$$$$2222222222%%%%%%))))))LLLLLL H  ch<030800002S2X22222S2X22222S2X22223c3h33332C2H2222x""""""" h      r