fix: is_admin fallback for legacy Admin roles + migration data fix

Migration now sets is_admin=true for existing Admin roles.
has_permission falls back to role.name == 'Admin' check if
is_admin flag is missing (backward compat for pre-migration roles).
This commit is contained in:
2026-05-26 15:29:14 +03:00
parent 6b960b0eb3
commit 2fa8edfa03
2 changed files with 8 additions and 3 deletions

View File

@@ -550,8 +550,12 @@ def has_permission(resource: str, action: str):
if perm.resource == resource and perm.action == action:
return current_user
# Special case for Admin role (full access) — uses is_admin flag, not name string
if any(getattr(role, "is_admin", False) for role in current_user.roles):
# Special case for Admin role (full access) — uses is_admin flag, not name string.
# Fallback to role.name == "Admin" for roles created before is_admin migration.
if any(
getattr(role, "is_admin", False) or role.name == "Admin"
for role in current_user.roles
):
return current_user
from .core.auth.logger import log_security_event