Add role-based filtering and imporve code

2025-10-15 16:12:49 +02:00
parent 96ad5c6692
commit 8f9e9a7edc
158 changed files with 11033 additions and 1544 deletions
--- a/services/production/app/api/production_batches.py
+++ b/services/production/app/api/production_batches.py
@@ -10,7 +10,9 @@ from uuid import UUID
 import structlog

 from shared.auth.decorators import get_current_user_dep
+from shared.auth.access_control import require_user_role
 from shared.routing import RouteBuilder
+from shared.security import create_audit_logger, AuditSeverity, AuditAction
 from app.core.database import get_db
 from app.services.production_service import ProductionService
 from app.schemas.production import (
@@ -27,6 +29,9 @@ logger = structlog.get_logger()
 route_builder = RouteBuilder('production')
 router = APIRouter(tags=["production-batches"])

+# Initialize audit logger
+audit_logger = create_audit_logger("production-service")
+

 def get_production_service() -> ProductionService:
    """Dependency injection for production service"""
@@ -229,16 +234,33 @@ async def update_production_batch(
@router.delete(
    route_builder.build_resource_detail_route("batches", "batch_id")
 )
+@require_user_role(['admin', 'owner'])
 async def delete_production_batch(
    tenant_id: UUID = Path(...),
    batch_id: UUID = Path(...),
    current_user: dict = Depends(get_current_user_dep),
    production_service: ProductionService = Depends(get_production_service)
 ):
-    """Cancel/delete draft batch (soft delete preferred)"""
+    """Cancel/delete draft batch (Admin+ only, soft delete preferred)"""
    try:
        await production_service.delete_production_batch(tenant_id, batch_id)

+        # Log audit event for batch deletion
+        try:
+            db = next(get_db())
+            await audit_logger.log_deletion(
+                db_session=db,
+                tenant_id=str(tenant_id),
+                user_id=current_user["user_id"],
+                resource_type="production_batch",
+                resource_id=str(batch_id),
+                description=f"Deleted production batch",
+                endpoint=f"/batches/{batch_id}",
+                method="DELETE"
+            )
+        except Exception as audit_error:
+            logger.warning("Failed to log audit event", error=str(audit_error))
+
        logger.info("Deleted production batch",
                   batch_id=str(batch_id), tenant_id=str(tenant_id))