rssWorkFlow/backend/app/core/rbac.py

"""Role-based access control."""
from enum import Enum

from fastapi import Depends, HTTPException, status

from app.models.user import User


class Role(str, Enum):
    """User roles."""

    ADMIN = "admin"
    MEMBER = "member"


def require_admin(current_user: User) -> User:
    """Dependency that requires admin role."""
    if current_user.role != Role.ADMIN:
        raise HTTPException(
            status_code=status.HTTP_403_FORBIDDEN,
            detail="Admin privileges required",
        )
    return current_user


def has_permission(user: User, required_role: Role) -> bool:
    """Check if user has required role."""
    if user.role == Role.ADMIN:
        return True
    return user.role == required_role