feat(rbac): hide unauthorized menu sections and enforce route guards

2026-03-06 10:50:28 +03:00
parent 6a68770a8e
commit 535095d31c
43 changed files with 4071 additions and 245 deletions
--- a/backend/src/core/auth/repository.py
+++ b/backend/src/core/auth/repository.py
@@ -12,6 +12,7 @@
 from typing import Optional, List
 from sqlalchemy.orm import Session
 from ...models.auth import User, Role, Permission
+from ...models.profile import UserDashboardPreference
 from ..logger import belief_scope
 # [/SECTION]

@@ -109,6 +110,38 @@ class AuthRepository:
            ).first()
    # [/DEF:get_permission_by_resource_action:Function]

+    # [DEF:get_user_dashboard_preference:Function]
+    # @PURPOSE: Retrieves dashboard preference by owner user ID.
+    # @PRE:     user_id is a string.
+    # @POST:    Returns UserDashboardPreference if found, else None.
+    # @PARAM:   user_id (str) - Preference owner identifier.
+    # @RETURN:  Optional[UserDashboardPreference] - Found preference or None.
+    def get_user_dashboard_preference(self, user_id: str) -> Optional[UserDashboardPreference]:
+        with belief_scope("AuthRepository.get_user_dashboard_preference"):
+            return (
+                self.db.query(UserDashboardPreference)
+                .filter(UserDashboardPreference.user_id == user_id)
+                .first()
+            )
+    # [/DEF:get_user_dashboard_preference:Function]
+
+    # [DEF:save_user_dashboard_preference:Function]
+    # @PURPOSE: Persists dashboard preference entity and returns refreshed row.
+    # @PRE:     preference is a valid UserDashboardPreference entity.
+    # @POST:    Preference is committed and refreshed in database.
+    # @PARAM:   preference (UserDashboardPreference) - Preference entity to persist.
+    # @RETURN:  UserDashboardPreference - Persisted preference row.
+    def save_user_dashboard_preference(
+        self,
+        preference: UserDashboardPreference,
+    ) -> UserDashboardPreference:
+        with belief_scope("AuthRepository.save_user_dashboard_preference"):
+            self.db.add(preference)
+            self.db.commit()
+            self.db.refresh(preference)
+            return preference
+    # [/DEF:save_user_dashboard_preference:Function]
+
    # [DEF:list_permissions:Function]
    # @PURPOSE: Lists all available permissions.
    # @POST:    Returns a list of all Permission objects.