`h.4SSKJrJrJrJr SSKJrJrJr SSK J r SSK J r SSK Jr SSKJrJrJr SSKJrJrJr SSKJr SS KJrJr \"5r\R;S S /S 9\"\54S j5rS\S\\\\ 44Sjr!S\ S\\"4Sjr#S\S\\"4Sjr$\R;SS/S 9\"\RJ5\"\54S\RL4Sjj5r'\RQSS/S 9\"\RJ5\"\54S\RL4Sjj5r)g)) APIRouterDepends HTTPExceptionstatus)OptionalDictList)jsonable_encoder)ObjectId)database)Role RoleCreate RoleUpdate)create_role_serviceupdate_role_serviceget_role_service)get_current_userdetails) features_list default_rolesz /featuresFeatures)tagscz# URS5nUS:Xa[$US:Xa S[S0$[SSS9e7f)z Returns the list of features. - If current user has role 1 (Superadmin), return both SaaS and Platform features. - If current user has role 100 (Account admin), return only Platform features. rolesdplatformInsufficient permissions status_codedetail)getrr) current_user user_roles FC:\Suresh\moveshuttle\MDcreated\moveengine\app\v1\routers\saas\rbac.py get_featuresr&sJ  )IA~ c M*5664NOOs9;role_idreturnc0nUS::Ga[SnUS:Xa$/SQnUHnUR5XS'M U$US:Xa31Skn/SQnUH#nUSU;dMUR5XS'M% U$US :Xa31S kn/SQnUH#nUSU;dMUR5XS'M% U$US :Xa31S kn/SQnUH#nUSU;dMUR5XS'M% U$US :Xa0S 1n/SQnUH#nUSU;dMUR5XS'M% U$US:Ga[SnUS:Xa3/SQnSS1nUH#nUSU;dMUR5XS'M% U$US:Xa3/SQnSS1nUH#nUSU;dMUR5XS'M% U$US:Xa'UHnUSS;a /SQXS'MS/XS'M! U$US:Xa#SS1nUHnUSU;dM/SQXS'M U$US:Xa#1SknUHnUSU;dM/SQXS'M U$US:XaUHnUSS:XdMS/XS'M U$[R"5HnUH nS/XS'M M U$)ua Generate a permissions mapping for a given system role based on its name, using module IDs as keys. SaaS roles: - Superadmin: Full access (IDs 1-13, all actions). - Sales/Accounts: Access to modules [1,2,3,4,5,6,10,11,12] with actions: create, read, update. - Partner (and Tech Team): Limited access (only IDs [1,2,3,4,5,10,11,12]) with actions: create, read, update. Platform roles: - Admin: Full access to all modules (IDs 21–35). - Manager: All modules with actions: create, read, update, delete. - Finance: For Transactions (ID 32) and Invoices (ID 33), full access; read-only for other modules. - Customer: Only access to modules [22, 23] with actions: create, read, update. - Vendor: Limited access to modules [21, 24, 25, 26, 27] with actions: create, read, update. - Workforce: Only access to the Workforce module (ID 27, read-only). csaasr)createreadupdatedeleteid> rr1 )r,r-r.r2>rr1r2r3r4r6r7r8r3r4r7rref> !r-hi>grE)rcopyvalues)r' permissionsmodulesactionsfeature allowed_ids disabled_idscategorys r%generate_role_permissionsrPs$")+K|' a<.create_default_system_roles..s$&3(=QYCZ CZ ms"$counters_idresequence_valuer'NrTis_global_access is_saas_onlyF)rRrdrIrTrnro)r'rRrdrI account_idrTrnro created_roles)custom_encoder)r"rritemsrG update_onemaxrr\rPrrappendrrr r str)rWr#features_collectionrOrcrL feature_docmax_feature_idcounters_collectionrrrole_defexistingrI update_datarole_update_model updated_role role_createnew_roles r%create_default_system_rolesrs#< A%4deeZ.+113GG+,3FO+"?!)*rsO==''-EEaa<> Kzl+&-.E&F P, P^s^tCcN/C^@PSPXd^PQQ$QIVH%"8#8#8923..&.2Zwi("8#8#8923Z^Z^)Z^rQ