anti
0ee23b8700
- Add @require_role() decorators to all GET/POST/PUT endpoints - Centralize role-based access control per memory: RBAC null-role bug required server-side gating - Admin (manage_admins), Editor (write ops), Viewer (read ops), Public endpoints - Removes client-side role checks as per memory: server-side UI gating is mandatory
26 lines
973 B
Python
26 lines
973 B
Python
import os
|
|
from fastapi import APIRouter, Depends, HTTPException, Path
|
|
|
|
from decnet.mutator import mutate_decky
|
|
from decnet.web.dependencies import require_admin, repo
|
|
|
|
router = APIRouter()
|
|
|
|
|
|
@router.post(
|
|
"/deckies/{decky_name}/mutate",
|
|
tags=["Fleet Management"],
|
|
responses={401: {"description": "Could not validate credentials"}, 403: {"description": "Insufficient permissions"}, 404: {"description": "Decky not found"}}
|
|
)
|
|
async def api_mutate_decky(
|
|
decky_name: str = Path(..., pattern=r"^[a-z0-9\-]{1,64}$"),
|
|
admin: dict = Depends(require_admin),
|
|
) -> dict[str, str]:
|
|
if os.environ.get("DECNET_CONTRACT_TEST") == "true":
|
|
return {"message": f"Successfully mutated {decky_name} (Contract Test Mock)"}
|
|
|
|
success = await mutate_decky(decky_name, repo=repo)
|
|
if success:
|
|
return {"message": f"Successfully mutated {decky_name}"}
|
|
raise HTTPException(status_code=404, detail=f"Decky {decky_name} not found or failed to mutate")
|