Closed
Conversation
Owner
diamond2016
commented
Dec 6, 2025
diamond2016
commented
- Docs: expand Phase 2 auth-roles spec
- new role stage for user and amin
- black formatted
- added relations user/proposal and user/stream_analysys
- user created_by managed in routes
- confest.py and tests adjusted for fixtures
- test_proposal_update ok
- test_analysis_route ok- unit test
- preserve nested transaction — use flush() in tests and correct passing parameters of fixtures in unit and integration tests
…g parameters of fixtures in unit and integration tests
Owner
Author
|
feat/auth-layer-apply-roles - rationale of roles - for some detail |
There was a problem hiding this comment.
Pull request overview
This PR implements Phase 2 of the authentication layer by adding role-based authorization (user vs admin), tracking proposal/analysis creators, applying black code formatting, and updating tests to work with the new auth fixtures and nested transaction patterns.
Key changes:
- Added
is_adminproperty to User model andadmin_required/login_requireddecorators to protect admin-only and authenticated endpoints - Added
created_byforeign key toproposalsandstream_analysistables with corresponding relationships - Updated test fixtures in conftest.py to provide
test_user,admin_user, and login helpers for authenticated test flows
Reviewed changes
Copilot reviewed 52 out of 55 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/unit/test_stream_type_service.py | Black formatting applied (line wrapping for function signatures and data structures) |
| tests/unit/test_stream_analysis_service.py | Black formatting applied throughout |
| tests/unit/test_radio_source_service.py | Black formatting applied throughout |
| tests/unit/test_proposal_validation_service.py | Black formatting applied throughout |
| tests/unit/test_proposal_update.py | Updated to use test_user fixture and login_helper for authenticated POST request |
| tests/unit/test_auth_service.py | Black formatting applied (quote style) |
| tests/unit/test_analysis_routes.py | Updated to use test_user fixture and login_helper for authenticated routes, added stream_user relationship |
| tests/integration/test_validate_and_add_workflow.py | Updated to use test_user fixture and flush() instead of commit() for nested transactions |
| tests/integration/test_smoke_auth_pages.py | Black formatting applied |
| tests/integration/test_auth_flow.py | Black formatting applied |
| tests/conftest.py | Added test_user, admin_user, login_helper, login_admin_helper fixtures and entity imports for db.create_all() |
| service/stream_type_service.py | Black formatting applied |
| service/stream_analysis_service.py | Added created_by parameter to save_analysis_as_proposal method |
| service/radio_source_service.py | Black formatting applied |
| service/proposal_validation_service.py | Black formatting applied |
| service/proposal_service.py | Black formatting applied |
| service/authorization.py | NEW: admin_required decorator for role-based access control |
| service/auth_service.py | Black formatting applied |
| route/radio_source_route.py | Added admin_required decorator to edit_source and delete_source endpoints |
| route/proposal_route.py | Added admin_required to approve_proposal, login_required to propose and proposal_detail |
| route/analysis_route.py | Added login_required to analyze_url, approve_analysis, delete_analysis; tracks created_by |
| model/entity/user.py | Added is_admin property and relationships to StreamAnalysis and Proposal |
| model/entity/stream_analysis.py | Added created_by foreign key and stream_user relationship |
| model/entity/proposal.py | Added created_by foreign key and proposal_user relationship |
| model/repository/stream_analysis_repository.py | Added find_by_creator and find_by_created_by methods |
| model/repository/proposal_repository.py | Added find_by_creator and find_by_created_by methods |
| templates/source_detail.html | Wrapped Edit/Delete buttons in is_admin check |
| templates/proposals.html | Added authorization checks for Review and Approve buttons |
| templates/proposal_detail.html | Changed user_name to proposal_user.name, wrapped Update button in is_authenticated check |
| templates/index.html | Reordered navbar links, added CSS for radio cards, changed source.name to source.title |
| templates/database.html | Wrapped Delete button in is_admin check |
| migrate_db/migrations/V6_0__add_created_by_fields.sql | NEW: Migration to add created_by columns to proposals and stream_analysis |
| app.py | Black formatting applied |
Owner
Author
|
@copilot I have accepted suggestions and ready to merge |
|
@diamond2016 I've opened a new pull request, #6, to work on those changes. Once the pull request is ready, I'll request review from you. |
feat/auth layer apply roles al ok proceed to merge
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.