lockbot 2.3.2__tar.gz → 2.3.3__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {lockbot-2.3.2/python/lockbot.egg-info → lockbot-2.3.3}/PKG-INFO +1 -1
- {lockbot-2.3.2 → lockbot-2.3.3}/pyproject.toml +1 -1
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/backend/app/auth/dependencies.py +11 -3
- {lockbot-2.3.2 → lockbot-2.3.3/python/lockbot.egg-info}/PKG-INFO +1 -1
- {lockbot-2.3.2 → lockbot-2.3.3}/LICENSE +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/MANIFEST.in +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/README.md +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/__init__.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/backend/__init__.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/backend/app/__init__.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/backend/app/admin/__init__.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/backend/app/admin/router.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/backend/app/auth/__init__.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/backend/app/auth/models.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/backend/app/auth/router.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/backend/app/auth/schemas.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/backend/app/bots/__init__.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/backend/app/bots/encryption.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/backend/app/bots/manager.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/backend/app/bots/models.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/backend/app/bots/router.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/backend/app/bots/schemas.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/backend/app/bots/webhook_handler.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/backend/app/config.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/backend/app/database.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/backend/app/logs/__init__.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/backend/app/main.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/backend/app/settings/__init__.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/backend/app/settings/models.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/backend/app/settings/router.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/core/__init__.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/core/base_bot.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/core/bot_instance.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/core/config.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/core/device_bot.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/core/device_usage_alert.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/core/device_usage_utils.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/core/entry.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/core/env.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/core/handler.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/core/i18n/__init__.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/core/i18n/en.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/core/i18n/zh.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/core/io.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/core/message_adapter.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/core/msg_utils.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/core/node_bot.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/core/platforms/__init__.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/core/platforms/infoflow.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/core/queue_bot.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/core/request.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot/core/utils.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot.egg-info/SOURCES.txt +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot.egg-info/dependency_links.txt +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot.egg-info/requires.txt +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/python/lockbot.egg-info/top_level.txt +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/setup.cfg +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/tools/create_super_admin.py +0 -0
- {lockbot-2.3.2 → lockbot-2.3.3}/tools/gen_keys.py +0 -0
|
@@ -85,9 +85,17 @@ def can_assign_role(operator: User, target: User, new_role: str) -> tuple[bool,
|
|
|
85
85
|
|
|
86
86
|
Returns (allowed, http_status_code, error_message).
|
|
87
87
|
This consolidates all role assignment permission checks in one place.
|
|
88
|
+
|
|
89
|
+
NOTE: super_admin can only be created/promoted via CLI tool (create_super_admin),
|
|
90
|
+
not through the web API, to prevent permission escalation and ensure a single
|
|
91
|
+
source of truth for the highest privilege level.
|
|
88
92
|
"""
|
|
93
|
+
# super_admin cannot be assigned via API
|
|
94
|
+
if new_role == "super_admin":
|
|
95
|
+
return False, 403, "Super admin can only be managed via CLI tool"
|
|
96
|
+
|
|
89
97
|
# Validate role
|
|
90
|
-
valid_roles = ("
|
|
98
|
+
valid_roles = ("admin", "user")
|
|
91
99
|
if new_role not in valid_roles:
|
|
92
100
|
return False, 400, f"Invalid role, must be one of {valid_roles}"
|
|
93
101
|
|
|
@@ -95,8 +103,8 @@ def can_assign_role(operator: User, target: User, new_role: str) -> tuple[bool,
|
|
|
95
103
|
if not can_manage_user(operator, target.role):
|
|
96
104
|
return False, 403, "Cannot manage this user"
|
|
97
105
|
|
|
98
|
-
# Only super_admin can assign admin
|
|
99
|
-
if new_role
|
|
106
|
+
# Only super_admin can assign admin role
|
|
107
|
+
if new_role == "admin" and operator.role != "super_admin":
|
|
100
108
|
return False, 403, "Only super admin can assign this role"
|
|
101
109
|
|
|
102
110
|
return True, 200, ""
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|