fix(settings): update SQL console access to require any permission instead of superadmin

app/settings/backend/views.py

@@ -12,10 +12,11 @@ from pydantic import BaseModel
 
 from app.core.config import settings
 from app.core.database import get_db_connection, release_db_connection, execute_query_single, execute_query
-from app.core.auth_dependencies import require_superadmin
+from app.core.auth_dependencies import require_any_permission
 
 router = APIRouter()
 templates = Jinja2Templates(directory="app")
+sql_console_access = require_any_permission("users.manage", "system.admin")
 
 CREATE_TABLE_RE = re.compile(
     r"CREATE\s+TABLE\s+(?:IF\s+NOT\s+EXISTS\s+)?([A-Za-z_][A-Za-z0-9_]*)\s*\(",
@@ -329,7 +330,7 @@ def _sanitize_and_validate_sql(sql: str) -> str:
 
 
 @router.get("/settings/sql", response_class=HTMLResponse, tags=["Frontend"])
-async def sql_console_page(request: Request, _current_user: dict = Depends(require_superadmin)):
+async def sql_console_page(request: Request, _current_user: dict = Depends(sql_console_access)):
     return templates.TemplateResponse(
         "settings/frontend/sql_console.html",
         {
@@ -340,7 +341,7 @@ async def sql_console_page(request: Request, _current_user: dict = Depends(requi
 
 
 @router.post("/settings/sql/execute", tags=["Frontend"])
-async def execute_sql_console_query(payload: SqlConsoleRequest, _current_user: dict = Depends(require_superadmin)):
+async def execute_sql_console_query(payload: SqlConsoleRequest, _current_user: dict = Depends(sql_console_access)):
     query = _sanitize_and_validate_sql(payload.query)
     limit = payload.limit if isinstance(payload.limit, int) else 200
     if limit < 1: