"""Profils utilisateurs PatchCenter — mapping role → permissions pré-définies. 4 profils : - admin : tout (view/edit/admin sur tous les modules) - coordinator : SecOps + coordination (Patcheur + gestion campagnes/planning) - operator : Patcheur (intervenant SecOps — exécution patching) - viewer : Invité (view-only : dashboard, servers, qualys, audit) """ # Matrix profil → {module: level} # level: "view" | "edit" | "admin" PROFILES = { "admin": { "dashboard": "admin", "servers": "admin", "campaigns": "admin", "planning": "admin", "specifics": "admin", "audit": "admin", "contacts": "admin", "qualys": "admin", "quickwin": "admin", "users": "admin", "settings": "admin", "referentiel": "admin", }, # Coordinateur = SecOps + gestion campagnes/planning "coordinator": { "dashboard": "view", "servers": "edit", "campaigns": "admin", "planning": "edit", "specifics": "edit", "audit": "edit", "contacts": "view", "qualys": "edit", "quickwin": "admin", "users": "view", "referentiel": "view", }, # Patcheur = intervenant SecOps "operator": { "dashboard": "view", "servers": "view", "campaigns": "view", "planning": "view", "audit": "edit", "qualys": "view", "quickwin": "edit", "contacts": "view", }, # Invité = view-only (pas d'accès à l'audit) "viewer": { "dashboard": "view", "servers": "view", "qualys": "view", "contacts": "view", "planning": "view", "quickwin": "view", }, } def get_profile_perms(role: str) -> dict: """Retourne les permissions pour un profil donné.""" return dict(PROFILES.get(role, {})) PROFILE_LABELS = { "admin": "Admin", "coordinator": "Coordinateur", "operator": "Patcheur", "viewer": "Invité", } PROFILE_DESCRIPTIONS = { "admin": "Accès complet : gestion des utilisateurs, paramètres, tous les modules en admin", "coordinator": "SecOps + coordination : gestion des campagnes, planning, exécution patching", "operator": "Patcheur (intervenant SecOps) : exécution du patching, audit des serveurs", "viewer": "Invité : consultation en lecture seule (dashboard, serveurs, Qualys, audit)", }