backend/app/core/rbac.py

"""Role-based access control."""
from enum import Enum

from fastapi import Depends, HTTPException, status

from app.models.user import User


class Role(str, Enum):
    """User roles."""

    ADMIN = "admin"
    MEMBER = "member"


def require_admin(current_user: User) -> User:
    """Dependency that requires admin role."""
    if current_user.role != Role.ADMIN:
        raise HTTPException(
            status_code=status.HTTP_403_FORBIDDEN,
            detail="Admin privileges required",
        )
    return current_user


def has_permission(user: User, required_role: Role) -> bool:
    """Check if user has required role."""
    if user.role == Role.ADMIN:
        return True
    return user.role == required_role
Initial commit: RSS platform phase 1 skeleton with code review fixes 2026-06-15 17:01:57 +08:00			`"""Role-based access control."""`
			`from enum import Enum`

			`from fastapi import Depends, HTTPException, status`

			`from app.models.user import User`


			`class Role(str, Enum):`
			`"""User roles."""`

			`ADMIN = "admin"`
			`MEMBER = "member"`


			`def require_admin(current_user: User) -> User:`
			`"""Dependency that requires admin role."""`
			`if current_user.role != Role.ADMIN:`
			`raise HTTPException(`
			`status_code=status.HTTP_403_FORBIDDEN,`
			`detail="Admin privileges required",`
			`)`
			`return current_user`


			`def has_permission(user: User, required_role: Role) -> bool:`
			`"""Check if user has required role."""`
			`if user.role == Role.ADMIN:`
			`return True`
			`return user.role == required_role`