kitos/Aegis
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix(analytics): restrict operators endpoint to admin [FASE-2.5]

Browse Source 
Align with BI security spec and add flat JSON API tests for coverage, tests, and operators.
This commit is contained in:
Kitos
2026-05-18 14:00:47 +02:00
parent 6ab950ec42
commit b6f23f385d
2 changed files with 89 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
backend/app/routers/analytics.py
View File

@@ -8,7 +8,7 @@ from fastapi import APIRouter, Depends, Query
from sqlalchemy.orm import Session
from app.database import get_db
from app.dependencies.auth import get_current_user, require_any_role
from app.dependencies.auth import get_current_user, require_role
from app.models.user import User
from app.services import analytics_service
@@ -49,7 +49,7 @@ def analytics_trends(
@router.get("/operators")
def analytics_operators(
db: Session = Depends(get_db),
user: User = Depends(require_any_role("red_lead", "blue_lead")),
user: User = Depends(require_role("admin")),
):
"""Per-operator metrics — for workload management dashboards."""
return analytics_service.get_operators_analytics(db)