adminmpmcz/patchcenter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity
a19281a771
patchcenter/app/services/profile_service.py
Admin MPCZ 8479d7280e Users/Contacts: workflow profils + LDAP + sync iTop + etat aligne 
- Users: 4 profils (admin/coordinator/operator/viewer) remplacent la matrix
- /users/add: picker contacts iTop (plus de creation libre)
- /me/change-password: flow force_password_change
- LDAP: service + section settings + option login
- Sync iTop contacts: filtre par teams (SecOps/iPOP/Externe/DSI/Admin DSI)
- Auto-desactivation users si contact inactif
- etat: alignement sur enum iTop (production/implementation/stock/obsolete)
- Menu: Contacts dans Administration, Serveurs en groupe repliable
- Audit bases: demo/prod via JWT mode

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-12 18:50:43 +02:00

59 lines
2.2 KiB
Python
Raw Blame History

"""Profils utilisateurs PatchCenter — mapping role → permissions pré-définies.
4 profils :
- admin : tout (view/edit/admin sur tous les modules)
- coordinator : SecOps + coordination (Patcheur + gestion campagnes/planning)
- operator : Patcheur (intervenant SecOps — exécution patching)
- viewer : Invité (view-only : dashboard, servers, qualys, audit)
"""
# Matrix profil → {module: level}
# level: "view" | "edit" | "admin"
PROFILES = {
"admin": {
"dashboard": "admin", "servers": "admin", "campaigns": "admin",
"planning": "admin", "specifics": "admin", "audit": "admin",
"contacts": "admin", "qualys": "admin", "quickwin": "admin",
"users": "admin", "settings": "admin", "referentiel": "admin",
},
# Coordinateur = SecOps + gestion campagnes/planning
"coordinator": {
"dashboard": "view", "servers": "edit", "campaigns": "admin",
"planning": "edit", "specifics": "edit", "audit": "edit",
"contacts": "view", "qualys": "edit", "quickwin": "admin",
"users": "view", "referentiel": "view",
},
# Patcheur = intervenant SecOps
"operator": {
"dashboard": "view", "servers": "view", "campaigns": "view",
"planning": "view", "audit": "edit", "qualys": "view",
"quickwin": "edit", "contacts": "view",
},
# Invité = view-only (pas d'accès à l'audit)
"viewer": {
"dashboard": "view", "servers": "view", "qualys": "view",
"contacts": "view", "planning": "view", "quickwin": "view",
},
}
def get_profile_perms(role: str) -> dict:
"""Retourne les permissions pour un profil donné."""
return dict(PROFILES.get(role, {}))
PROFILE_LABELS = {
"admin": "Admin",
"coordinator": "Coordinateur",
"operator": "Patcheur",
"viewer": "Invité",
}
PROFILE_DESCRIPTIONS = {
"admin": "Accès complet : gestion des utilisateurs, paramètres, tous les modules en admin",
"coordinator": "SecOps + coordination : gestion des campagnes, planning, exécution patching",
"operator": "Patcheur (intervenant SecOps) : exécution du patching, audit des serveurs",
"viewer": "Invité : consultation en lecture seule (dashboard, serveurs, Qualys, audit)",
}
Reference in New Issue View Git Blame Copy Permalink