feat: permission permissions

Orgs can only grant permissions to groups that they themselves have been granted access to. Super admin bypasses not added, flagged as todos.
2026-06-16 13:51:31 +01:00 · 2026-06-16 13:51:31 +01:00 · 662b9c8e26
commit 662b9c8e26
parent 0a867c9c90
6 changed files with 71 additions and 4 deletions
--- a/.alembic/versions/2026-06-16_org_perm_perms_join_table.py
+++ b/.alembic/versions/2026-06-16_org_perm_perms_join_table.py
@ -0,0 +1,38 @@
+"""org perm perms join table
+
+Revision ID: 85edbf9a176c
+Revises: 98e20aae555c
+Create Date: 2026-06-16 13:31:57.427953
+
+"""
+from typing import Sequence, Union
+
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision: str = '85edbf9a176c'
+down_revision: Union[str, Sequence[str], None] = '98e20aae555c'
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    """Upgrade schema."""
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.create_table('org_permissions',
+    sa.Column('org_id', sa.Integer(), nullable=False),
+    sa.Column('permission_id', sa.Integer(), nullable=False),
+    sa.ForeignKeyConstraint(['org_id'], ['organisation.id'], ondelete='CASCADE'),
+    sa.ForeignKeyConstraint(['permission_id'], ['permission.id'], ondelete='CASCADE'),
+    sa.PrimaryKeyConstraint('org_id', 'permission_id')
+    )
+    # ### end Alembic commands ###
+
+
+def downgrade() -> None:
+    """Downgrade schema."""
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_table('org_permissions')
+    # ### end Alembic commands ###