feat: add granular user permissions (balance, subscription, promo_group, referral, send_offer)

Split users:edit into fine-grained permissions for balance management, subscription actions, promo group editing, referral commission, and sending promo offers.
2026-03-05 05:13:21 +00:00 · 2026-02-25 04:42:32 +03:00
parent c1da8a4dba
commit 60c4fe2e23
2 changed files with 7 additions and 7 deletions
--- a/app/cabinet/routes/admin_users.py
+++ b/app/cabinet/routes/admin_users.py
@@ -829,7 +829,7 @@ async def get_user_node_usage(
 async def update_user_balance(
    user_id: int,
    request: UpdateBalanceRequest,
-    admin: User = Depends(require_permission('users:edit')),
+    admin: User = Depends(require_permission('users:balance')),
    db: AsyncSession = Depends(get_cabinet_db),
 ):
    """
@@ -906,7 +906,7 @@ async def update_user_balance(
 async def update_user_subscription(
    user_id: int,
    request: UpdateSubscriptionRequest,
-    admin: User = Depends(require_permission('users:edit')),
+    admin: User = Depends(require_permission('users:subscription')),
    db: AsyncSession = Depends(get_cabinet_db),
 ):
    """
@@ -1490,7 +1490,7 @@ async def update_user_restrictions(
 async def update_user_promo_group(
    user_id: int,
    request: UpdatePromoGroupRequest,
-    admin: User = Depends(require_permission('users:edit')),
+    admin: User = Depends(require_permission('users:promo_group')),
    db: AsyncSession = Depends(get_cabinet_db),
 ):
    """Update user promo group."""
@@ -1545,7 +1545,7 @@ async def update_user_promo_group(
 async def update_user_referral_commission(
    user_id: int,
    request: UpdateReferralCommissionRequest,
-    admin: User = Depends(require_permission('users:edit')),
+    admin: User = Depends(require_permission('users:referral')),
    db: AsyncSession = Depends(get_cabinet_db),
 ):
    """Update user's individual referral commission percentage."""
@@ -1803,7 +1803,7 @@ async def full_delete_user(
 async def reset_user_trial(
    user_id: int,
    request: ResetTrialRequest = ResetTrialRequest(),
-    admin: User = Depends(require_permission('users:edit')),
+    admin: User = Depends(require_permission('users:subscription')),
    db: AsyncSession = Depends(get_cabinet_db),
 ):
    """
@@ -1874,7 +1874,7 @@ async def reset_user_trial(
 async def reset_user_subscription(
    user_id: int,
    request: ResetSubscriptionRequest = ResetSubscriptionRequest(),
-    admin: User = Depends(require_permission('users:edit')),
+    admin: User = Depends(require_permission('users:subscription')),
    db: AsyncSession = Depends(get_cabinet_db),
 ):
    """
--- a/app/services/permission_service.py
+++ b/app/services/permission_service.py
@@ -41,7 +41,7 @@ def _is_legacy_admin(user: User) -> bool:
 # ---------------------------------------------------------------------------

 PERMISSION_REGISTRY: dict[str, list[str]] = {
-    'users': ['read', 'edit', 'block', 'delete', 'sync'],
+    'users': ['read', 'edit', 'block', 'delete', 'sync', 'promo_group', 'balance', 'subscription', 'send_offer', 'referral'],
    'tickets': ['read', 'reply', 'close', 'settings'],
    'stats': ['read', 'export'],
    'broadcasts': ['read', 'create', 'edit', 'delete', 'send'],