feature/rbac permisos y roles implementados

2026-05-21 07:54:59 -06:00
parent 9bbed42cf3
commit a318b70324
38 changed files with 2596 additions and 901 deletions
--- a/api/rbac/migrations/0004_auditoria_permissions.py
+++ b/api/rbac/migrations/0004_auditoria_permissions.py
@@ -0,0 +1,57 @@
+"""
+Agrega los permisos auditoria.view y auditoria.process al catálogo y los asigna
+a los roles admin, developer (ambos) y Agente Aduanal (solo view).
+"""
+from django.db import migrations
+
+NUEVOS_PERMISOS = [
+    ('auditoria.view',    'Ver estado y resultados de auditoría VUCEM', 'auditoria'),
+    ('auditoria.process', 'Lanzar procesos de auditoría y reauditoría',  'auditoria'),
+]
+
+ROLES_AUDITORIA_FULL  = ['admin', 'developer']
+ROLES_AUDITORIA_VIEW  = ['Agente Aduanal']
+
+
+def agregar_auditoria(apps, schema_editor):
+    RolePermission   = apps.get_model('rbac', 'RolePermission')
+    OrganizationRole = apps.get_model('rbac', 'OrganizationRole')
+
+    perms = {}
+    for codename, descripcion, modulo in NUEVOS_PERMISOS:
+        perm, _ = RolePermission.objects.get_or_create(
+            codename=codename,
+            defaults={'descripcion': descripcion, 'modulo': modulo},
+        )
+        perms[codename] = perm
+
+    for role in OrganizationRole.objects.filter(nombre__in=ROLES_AUDITORIA_FULL):
+        role.permissions.add(perms['auditoria.view'], perms['auditoria.process'])
+
+    for role in OrganizationRole.objects.filter(nombre__in=ROLES_AUDITORIA_VIEW):
+        role.permissions.add(perms['auditoria.view'])
+
+
+def revertir(apps, schema_editor):
+    RolePermission   = apps.get_model('rbac', 'RolePermission')
+    OrganizationRole = apps.get_model('rbac', 'OrganizationRole')
+
+    for codename, _, _ in NUEVOS_PERMISOS:
+        try:
+            perm = RolePermission.objects.get(codename=codename)
+        except RolePermission.DoesNotExist:
+            continue
+        for role in OrganizationRole.objects.all():
+            role.permissions.remove(perm)
+        perm.delete()
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('rbac', '0003_notificaciones_receive'),
+    ]
+
+    operations = [
+        migrations.RunPython(agregar_auditoria, reverse_code=revertir),
+    ]