Skip to content

Commit 0adbfcf

Browse files
fullenifulleni
committed
fix(authorization): update permissions and model names
- Rename 'category' to 'topic' in model registry - Update permission names for consistency - Correct permission type for remote config read access - Update user preference permissions to content preference - Rename 'app_config' to 'remote_config' for clarity
1 parent ef5ee16 commit 0adbfcf

File tree

1 file changed

+16
-16
lines changed

1 file changed

+16
-16
lines changed

lib/src/registry/model_registry.dart

Lines changed: 16 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -141,17 +141,17 @@ final modelRegistry = <String, ModelConfig<dynamic>>{
141141
type: RequiredPermissionType.adminOnly,
142142
),
143143
),
144-
'category': ModelConfig<Category>(
145-
fromJson: Category.fromJson,
146-
getId: (c) => c.id,
147-
// Categories: Admin-owned, read allowed by standard/guest users
144+
'topic': ModelConfig<Topic>(
145+
fromJson: Topic.fromJson,
146+
getId: (t) => t.id,
147+
// Topics: Admin-owned, read allowed by standard/guest users
148148
getCollectionPermission: const ModelActionPermission(
149149
type: RequiredPermissionType.specificPermission,
150-
permission: Permissions.categoryRead,
150+
permission: Permissions.topicRead,
151151
),
152152
getItemPermission: const ModelActionPermission(
153153
type: RequiredPermissionType.specificPermission,
154-
permission: Permissions.categoryRead,
154+
permission: Permissions.topicRead,
155155
),
156156
postPermission: const ModelActionPermission(
157157
type: RequiredPermissionType.adminOnly,
@@ -231,7 +231,7 @@ final modelRegistry = <String, ModelConfig<dynamic>>{
231231
),
232232
deletePermission: const ModelActionPermission(
233233
type: RequiredPermissionType.specificPermission,
234-
permission: Permissions.userReadOwned, // User can delete their own
234+
permission: Permissions.userDeleteOwned, // User can delete their own
235235
requiresOwnershipCheck: true, // Must be the owner
236236
),
237237
),
@@ -245,7 +245,7 @@ final modelRegistry = <String, ModelConfig<dynamic>>{
245245
),
246246
getItemPermission: const ModelActionPermission(
247247
type: RequiredPermissionType.specificPermission,
248-
permission: Permissions.appSettingsReadOwned,
248+
permission: Permissions.userAppSettingsReadOwned,
249249
requiresOwnershipCheck: true,
250250
),
251251
postPermission: const ModelActionPermission(
@@ -255,7 +255,7 @@ final modelRegistry = <String, ModelConfig<dynamic>>{
255255
),
256256
putPermission: const ModelActionPermission(
257257
type: RequiredPermissionType.specificPermission,
258-
permission: Permissions.appSettingsUpdateOwned,
258+
permission: Permissions.userAppSettingsUpdateOwned,
259259
requiresOwnershipCheck: true,
260260
),
261261
deletePermission: const ModelActionPermission(
@@ -275,7 +275,7 @@ final modelRegistry = <String, ModelConfig<dynamic>>{
275275
),
276276
getItemPermission: const ModelActionPermission(
277277
type: RequiredPermissionType.specificPermission,
278-
permission: Permissions.userPreferencesReadOwned,
278+
permission: Permissions.userContentPreferencesReadOwned,
279279
requiresOwnershipCheck: true,
280280
),
281281
postPermission: const ModelActionPermission(
@@ -285,7 +285,7 @@ final modelRegistry = <String, ModelConfig<dynamic>>{
285285
),
286286
putPermission: const ModelActionPermission(
287287
type: RequiredPermissionType.specificPermission,
288-
permission: Permissions.userPreferencesUpdateOwned,
288+
permission: Permissions.userContentPreferencesUpdateOwned,
289289
requiresOwnershipCheck: true,
290290
),
291291
deletePermission: const ModelActionPermission(
@@ -294,16 +294,16 @@ final modelRegistry = <String, ModelConfig<dynamic>>{
294294
// service during account deletion, not via a direct DELETE to /api/v1/data.
295295
),
296296
),
297-
'app_config': ModelConfig<AppConfig>(
298-
fromJson: AppConfig.fromJson,
297+
'remote_config': ModelConfig<RemoteConfig>(
298+
fromJson: RemoteConfig.fromJson,
299299
getId: (config) => config.id,
300-
getOwnerId: null, // AppConfig is a global resource, not user-owned
300+
getOwnerId: null, // RemoteConfig is a global resource, not user-owned
301301
getCollectionPermission: const ModelActionPermission(
302302
type: RequiredPermissionType.unsupported, // Not accessible via collection
303303
),
304304
getItemPermission: const ModelActionPermission(
305-
type: RequiredPermissionType
306-
.none, // Readable by any authenticated user via /api/v1/data/[id]
305+
type: RequiredPermissionType.specificPermission,
306+
permission: Permissions.remoteConfigRead,
307307
),
308308
postPermission: const ModelActionPermission(
309309
type: RequiredPermissionType.adminOnly, // Only administrators can create

0 commit comments

Comments
 (0)