curo1305
c45236651b
- Auto-create {service-id}-admin groups at startup (group_bootstrap.py)
- get_service_admin() dep: grants access to superusers OR service group members
- /api/settings/ai and /api/settings/documents/limits now allow service admins
- AI service exposes /plugin/manifest (ai-service-admin access group)
- DocServiceSettingsPage: combined upload limits + watch directory on one page
- ServiceAdminRoute in frontend guards new /apps/documents/settings and /apps/ai/settings
- Single Settings button per app card (visible to admins and service group members)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
38 lines
1.2 KiB
Python
38 lines
1.2 KiB
Python
"""
|
|
Ensure that every registered service has a corresponding admin group.
|
|
|
|
Called once at startup after register_services(). Idempotent — safe to run
|
|
on every restart, creates nothing if groups already exist.
|
|
|
|
Naming convention: "{service_id}-admin" (e.g. "doc-service-admin")
|
|
"""
|
|
import logging
|
|
|
|
from sqlalchemy import select
|
|
from sqlalchemy.ext.asyncio import AsyncSession
|
|
|
|
from app.models.group import Group
|
|
from app.services.service_health import get_registry
|
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
|
|
async def ensure_service_admin_groups(db: AsyncSession) -> None:
|
|
"""Create a <service-id>-admin group for each registered service if absent."""
|
|
for svc in get_registry():
|
|
group_name = f"{svc.id}-admin"
|
|
result = await db.execute(select(Group).where(Group.name == group_name))
|
|
if result.scalar_one_or_none() is not None:
|
|
continue
|
|
|
|
import uuid
|
|
group = Group(
|
|
id=str(uuid.uuid4()),
|
|
name=group_name,
|
|
description=f"Administrators for the {svc.name} service.",
|
|
)
|
|
db.add(group)
|
|
logger.info("[bootstrap] Created admin group %r for service %r", group_name, svc.id)
|
|
|
|
await db.commit()
|