From 8f29e2eee2e0c78f7f7e87a322eaf4bd4221069c Mon Sep 17 00:00:00 2001 From: Fringg Date: Thu, 5 Mar 2026 05:46:01 +0300 Subject: [PATCH] feat: add dedicated sales_stats RBAC permission section Separate sales statistics permissions from general stats: - Add sales_stats section to PERMISSION_REGISTRY (read, export) - Update all 6 sales-stats endpoints to require sales_stats:read - Add sales_stats:* to Admin preset, sales_stats:read to Marketer preset --- app/cabinet/routes/admin_sales_stats.py | 12 ++++++------ app/services/permission_service.py | 1 + app/services/rbac_bootstrap_service.py | 2 ++ 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/app/cabinet/routes/admin_sales_stats.py b/app/cabinet/routes/admin_sales_stats.py index c871f06e..5d66d056 100644 --- a/app/cabinet/routes/admin_sales_stats.py +++ b/app/cabinet/routes/admin_sales_stats.py @@ -103,7 +103,7 @@ async def get_sales_summary( days: int | None = Query(default=30, description='Preset period in days (7, 30, 90, 0=all)'), start_date: str | None = Query(default=None, description='Custom start date ISO format'), end_date: str | None = Query(default=None, description='Custom end date ISO format'), - admin: User = Depends(require_permission('stats:read')), + admin: User = Depends(require_permission('sales_stats:read')), db: AsyncSession = Depends(get_cabinet_db), ) -> SalesSummary: """Get summary statistics for sales dashboard cards.""" @@ -272,7 +272,7 @@ async def get_trials_stats( days: int | None = Query(default=30), start_date: str | None = Query(default=None), end_date: str | None = Query(default=None), - admin: User = Depends(require_permission('stats:read')), + admin: User = Depends(require_permission('sales_stats:read')), db: AsyncSession = Depends(get_cabinet_db), ) -> TrialsStatsResponse: """Get trial registration statistics with provider breakdown.""" @@ -465,7 +465,7 @@ async def get_sales_stats( days: int | None = Query(default=30), start_date: str | None = Query(default=None), end_date: str | None = Query(default=None), - admin: User = Depends(require_permission('stats:read')), + admin: User = Depends(require_permission('sales_stats:read')), db: AsyncSession = Depends(get_cabinet_db), ) -> SalesStatsResponse: """Get subscription sales statistics.""" @@ -644,7 +644,7 @@ async def get_renewals_stats( days: int | None = Query(default=30), start_date: str | None = Query(default=None), end_date: str | None = Query(default=None), - admin: User = Depends(require_permission('stats:read')), + admin: User = Depends(require_permission('sales_stats:read')), db: AsyncSession = Depends(get_cabinet_db), ) -> RenewalsStatsResponse: """Get renewal statistics with period comparison.""" @@ -859,7 +859,7 @@ async def get_addons_stats( days: int | None = Query(default=30), start_date: str | None = Query(default=None), end_date: str | None = Query(default=None), - admin: User = Depends(require_permission('stats:read')), + admin: User = Depends(require_permission('sales_stats:read')), db: AsyncSession = Depends(get_cabinet_db), ) -> AddonsStatsResponse: """Get add-on purchase statistics.""" @@ -1015,7 +1015,7 @@ async def get_deposits_stats( days: int | None = Query(default=30), start_date: str | None = Query(default=None), end_date: str | None = Query(default=None), - admin: User = Depends(require_permission('stats:read')), + admin: User = Depends(require_permission('sales_stats:read')), db: AsyncSession = Depends(get_cabinet_db), ) -> DepositsStatsResponse: """Get deposit statistics with payment method breakdown.""" diff --git a/app/services/permission_service.py b/app/services/permission_service.py index 775687a3..a00faf41 100644 --- a/app/services/permission_service.py +++ b/app/services/permission_service.py @@ -55,6 +55,7 @@ PERMISSION_REGISTRY: dict[str, list[str]] = { ], 'tickets': ['read', 'reply', 'close', 'settings'], 'stats': ['read', 'export'], + 'sales_stats': ['read', 'export'], 'broadcasts': ['read', 'create', 'edit', 'delete', 'send'], 'tariffs': ['read', 'create', 'edit', 'delete'], 'promocodes': ['read', 'create', 'edit', 'delete', 'stats'], diff --git a/app/services/rbac_bootstrap_service.py b/app/services/rbac_bootstrap_service.py index e55066ba..0f42e391 100644 --- a/app/services/rbac_bootstrap_service.py +++ b/app/services/rbac_bootstrap_service.py @@ -39,6 +39,7 @@ _PRESET_ROLES: list[dict] = [ 'users:*', 'tickets:*', 'stats:*', + 'sales_stats:*', 'broadcasts:*', 'tariffs:*', 'promocodes:*', @@ -90,6 +91,7 @@ _PRESET_ROLES: list[dict] = [ 'promo_offers:*', 'promo_groups:*', 'stats:read', + 'sales_stats:read', 'pinned_messages:*', 'wheel:*', ],