fix: is_admin fallback for legacy Admin roles + migration data fix
Migration now sets is_admin=true for existing Admin roles. has_permission falls back to role.name == 'Admin' check if is_admin flag is missing (backward compat for pre-migration roles).
This commit is contained in:
@@ -550,8 +550,12 @@ def has_permission(resource: str, action: str):
|
||||
if perm.resource == resource and perm.action == action:
|
||||
return current_user
|
||||
|
||||
# Special case for Admin role (full access) — uses is_admin flag, not name string
|
||||
if any(getattr(role, "is_admin", False) for role in current_user.roles):
|
||||
# Special case for Admin role (full access) — uses is_admin flag, not name string.
|
||||
# Fallback to role.name == "Admin" for roles created before is_admin migration.
|
||||
if any(
|
||||
getattr(role, "is_admin", False) or role.name == "Admin"
|
||||
for role in current_user.roles
|
||||
):
|
||||
return current_user
|
||||
|
||||
from .core.auth.logger import log_security_event
|
||||
|
||||
Reference in New Issue
Block a user