ligbox/ligbox-ops-platform
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ligbox-ops-platform/api/app/permissions.py
Ligbox Spec Hub 3a2c64834b Initial import: ligbox-ops-platform + specs + LAPTOP + obsidian merge (CT130) 
Source: VM122 /opt + obsidian-infra + LAPTOP
Hub: CT130 spec-hub 10.10.10.130
2026-06-19 17:26:41 +00:00

108 lines
2.7 KiB
Python
Raw Blame History

"""RBAC helpers for Ligbox Ops Desk."""
from __future__ import annotations
ROLES = frozenset({"super_admin", "ops_lead", "technician", "noc"})
ROLE_LABELS = {
"super_admin": "Super Admin",
"ops_lead": "Chefe Ops",
"technician": "Suporte",
"noc": "NOC",
}
def can_read_tickets(role: str) -> bool:
return role in ROLES
def can_patch_ticket(role: str, ticket: dict, username: str) -> bool:
if role in ("super_admin", "ops_lead"):
return True
if role == "technician":
assignee = ticket.get("assigned_to")
return assignee is None or assignee == username
return False
def can_assign_ticket(role: str, assignee: str | None, username: str) -> bool:
if role in ("super_admin", "ops_lead"):
return True
if role == "technician":
return assignee in (None, username)
return False
def can_run_audit(role: str) -> bool:
return role in ("super_admin", "ops_lead")
def can_read_audit_overview(role: str) -> bool:
return role in ("super_admin", "ops_lead", "noc")
def can_read_audit_scorecard(role: str) -> bool:
return role in ("super_admin", "ops_lead", "noc")
def can_read_cloudflare_dns(role: str) -> bool:
return role in ("super_admin", "ops_lead", "technician", "noc")
def can_read_funnel(role: str) -> bool:
return role in ROLES
def can_read_session_timeline(role: str) -> bool:
return role in ("super_admin", "ops_lead", "technician")
def can_list_webhook_events(role: str, source: str | None = None) -> bool:
if role == "noc":
return source in (None, "wazuh", "vm112-security")
return role in ROLES
def can_read_crm_leads(role: str) -> bool:
return role in ("super_admin", "ops_lead", "technician")
def can_read_assist(role: str) -> bool:
return role in ROLES
def can_assist_takeover(role: str) -> bool:
return role in ("super_admin", "ops_lead", "technician")
def can_assist_handoff(role: str, username: str) -> bool:
return role in ("super_admin", "ops_lead", "technician")
def can_manage_users(role: str) -> bool:
return role == "super_admin"
def can_manage_vm112_domains(role: str) -> bool:
"""Admin Desk — domínios orquestrados VM112 (Spec 017)."""
return role in ("super_admin", "ops_lead")
def should_mask_sensitive(role: str) -> bool:
return role == "noc"
def can_read_migration(role: str) -> bool:
return role in ("super_admin", "ops_lead", "technician", "noc")
def can_manage_migration(role: str) -> bool:
return role in ("super_admin", "ops_lead", "technician")
def can_read_billing(role: str) -> bool:
return role in ROLES
def can_manage_billing(role: str) -> bool:
return role in ("super_admin", "ops_lead")
Reference in a new issue View git blame Copy permalink