greebo/svg-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(backend): enforce admin-only ops endpoints and cover destructive cleanup smoke

Browse Source 
restrict ops endpoints to admin-only access

block operator and viewer keys from admin maintenance routes
cover destructive pricing cleanup in smoke execution, not only preview

extend orchestration without regressing existing smoke stages
This commit is contained in:
greebo
2026-03-20 16:02:38 +03:00
parent 210981c953
commit 5aa35b1d04
10 changed files with 1090 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
backend/app/api/routes/admin_cleanup.py
View File

@@ -6,7 +6,7 @@ from app.schemas.admin_cleanup import (
PricingCleanupExecuteResponse,
PricingCleanupPreviewResponse,
)
from app.security.auth import require_api_key
from app.security.auth import require_admin_api_key
from app.services.pricing_cleanup import (
build_pricing_cleanup_preview,
execute_pricing_cleanup,
@@ -25,7 +25,7 @@ async def get_pricing_cleanup_preview(
name_prefix: list[str] = Query(default_factory=list),
pricing_category_id: list[str] = Query(default_factory=list),
delete_only_without_rules: bool = Query(default=True),
role: str = Depends(require_api_key),
role: str = Depends(require_admin_api_key),
):
return await build_pricing_cleanup_preview(
scheme_id=scheme_id,
@@ -43,7 +43,7 @@ async def get_pricing_cleanup_preview(
async def post_pricing_cleanup(
scheme_id: str,
payload: PricingCleanupExecuteRequest,
role: str = Depends(require_api_key),
role: str = Depends(require_admin_api_key),
):
return await execute_pricing_cleanup(
scheme_id=scheme_id,