bakery-admin/bakery-ia
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b931a5c45e7dbe3734367cc8a4fffdb418cd386e
bakery-ia/services/tenant/app/repositories/tenant_member_repository.py

589 lines
24 KiB
Python
Raw Normal View History

REFACTOR - Database logic
2025-08-08 09:08:41 +02:00
"""
Tenant Member Repository
Repository for tenant membership operations
"""
from typing import Optional, List, Dict, Any
from sqlalchemy.ext.asyncio import AsyncSession
from sqlalchemy import select, text, and_
from datetime import datetime, timedelta
import structlog
import json
from .base import TenantBaseRepository
from app.models.tenants import TenantMember
from shared.database.exceptions import DatabaseError, ValidationError, DuplicateRecordError
Improve the frontend and repository layer
2025-10-23 07:44:54 +02:00
from shared.config.base import is_internal_service
REFACTOR - Database logic
2025-08-08 09:08:41 +02:00
logger = structlog.get_logger()
class TenantMemberRepository(TenantBaseRepository):
"""Repository for tenant member operations"""
def __init__(self, model_class, session: AsyncSession, cache_ttl: Optional[int] = 300):
# Member data changes more frequently, shorter cache time (5 minutes)
super().__init__(model_class, session, cache_ttl)
async def create_membership(self, membership_data: Dict[str, Any]) -> TenantMember:
"""Create a new tenant membership with validation"""
try:
# Validate membership data
validation_result = self._validate_tenant_data(
membership_data,
["tenant_id", "user_id", "role"]
)
if not validation_result["is_valid"]:
raise ValidationError(f"Invalid membership data: {validation_result['errors']}")
# Check for existing membership
existing_membership = await self.get_membership(
membership_data["tenant_id"],
membership_data["user_id"]
)
if existing_membership and existing_membership.is_active:
raise DuplicateRecordError(f"User is already an active member of this tenant")
# Set default values
if "is_active" not in membership_data:
membership_data["is_active"] = True
if "joined_at" not in membership_data:
membership_data["joined_at"] = datetime.utcnow()
# Set permissions based on role
if "permissions" not in membership_data:
membership_data["permissions"] = self._get_default_permissions(
membership_data["role"]
)
# If reactivating existing membership
if existing_membership and not existing_membership.is_active:
# Update existing membership
update_data = {
key: value for key, value in membership_data.items()
if key not in ["tenant_id", "user_id"]
}
membership = await self.update(existing_membership.id, update_data)
else:
# Create new membership
membership = await self.create(membership_data)
logger.info("Tenant membership created",
membership_id=membership.id,
tenant_id=membership.tenant_id,
user_id=membership.user_id,
role=membership.role)
return membership
except (ValidationError, DuplicateRecordError):
raise
except Exception as e:
logger.error("Failed to create membership",
tenant_id=membership_data.get("tenant_id"),
user_id=membership_data.get("user_id"),
error=str(e))
raise DatabaseError(f"Failed to create membership: {str(e)}")
async def get_membership(self, tenant_id: str, user_id: str) -> Optional[TenantMember]:
"""Get specific membership by tenant and user"""
try:
Improve the frontend and repository layer
2025-10-23 07:44:54 +02:00
# Validate that user_id is a proper UUID format for actual users
# Service names like 'inventory-service' should be handled differently
import uuid
try:
uuid.UUID(user_id)
is_valid_uuid = True
except ValueError:
is_valid_uuid = False
# For internal service access, return None to indicate no user membership
# Service access should be handled at the API layer
demo seed change 3
2025-12-14 16:04:16 +01:00
if not is_valid_uuid:
if is_internal_service(user_id):
# This is a known internal service request, return None
# Service access is granted at the API endpoint level
logger.debug("Internal service detected in membership lookup",
service=user_id,
tenant_id=tenant_id)
return None
elif user_id == "unknown-service":
# Special handling for 'unknown-service' which commonly occurs in demo sessions
# This happens when service identification fails during demo operations
logger.warning("Demo session service identification issue",
service=user_id,
tenant_id=tenant_id,
message="Service not properly identified - likely demo session context")
return None
else:
# This is an unknown service
# Return None to prevent database errors, but log a warning
logger.warning("Unknown service detected in membership lookup",
service=user_id,
tenant_id=tenant_id,
message="Service not in internal services registry")
return None
Improve the frontend and repository layer
2025-10-23 07:44:54 +02:00
REFACTOR - Database logic
2025-08-08 09:08:41 +02:00
memberships = await self.get_multi(
filters={
"tenant_id": tenant_id,
"user_id": user_id
},
limit=1,
order_by="created_at",
order_desc=True
)
return memberships[0] if memberships else None
except Exception as e:
logger.error("Failed to get membership",
tenant_id=tenant_id,
user_id=user_id,
error=str(e))
raise DatabaseError(f"Failed to get membership: {str(e)}")
async def get_tenant_members(
Improve the frontend and fix TODOs
2025-10-24 13:05:04 +02:00
self,
tenant_id: str,
REFACTOR - Database logic
2025-08-08 09:08:41 +02:00
active_only: bool = True,
Improve the frontend and fix TODOs
2025-10-24 13:05:04 +02:00
role: str = None,
include_user_info: bool = False
REFACTOR - Database logic
2025-08-08 09:08:41 +02:00
) -> List[TenantMember]:
Improve the frontend and fix TODOs
2025-10-24 13:05:04 +02:00
"""Get all members of a tenant with optional user info enrichment"""
REFACTOR - Database logic
2025-08-08 09:08:41 +02:00
try:
filters = {"tenant_id": tenant_id}
Improve the frontend and fix TODOs
2025-10-24 13:05:04 +02:00
REFACTOR - Database logic
2025-08-08 09:08:41 +02:00
if active_only:
filters["is_active"] = True
Improve the frontend and fix TODOs
2025-10-24 13:05:04 +02:00
REFACTOR - Database logic
2025-08-08 09:08:41 +02:00
if role:
filters["role"] = role
Improve the frontend and fix TODOs
2025-10-24 13:05:04 +02:00
members = await self.get_multi(
REFACTOR - Database logic
2025-08-08 09:08:41 +02:00
filters=filters,
order_by="joined_at",
order_desc=False
)
Improve the frontend and fix TODOs
2025-10-24 13:05:04 +02:00
# If include_user_info is True, enrich with user data from auth service
if include_user_info and members:
members = await self._enrich_members_with_user_info(members)
return members
REFACTOR - Database logic
2025-08-08 09:08:41 +02:00
except Exception as e:
logger.error("Failed to get tenant members",
tenant_id=tenant_id,
error=str(e))
raise DatabaseError(f"Failed to get members: {str(e)}")
Improve the frontend and fix TODOs
2025-10-24 13:05:04 +02:00
async def _enrich_members_with_user_info(self, members: List[TenantMember]) -> List[TenantMember]:
"""Enrich member objects with user information from auth service using batch endpoint"""
try:
import httpx
import os
if not members:
return members
# Get unique user IDs
user_ids = list(set([str(member.user_id) for member in members]))
if not user_ids:
return members
# Fetch user data from auth service using batch endpoint
# Using internal service communication
auth_service_url = os.getenv('AUTH_SERVICE_URL', 'http://auth-service:8000')
user_data_map = {}
async with httpx.AsyncClient() as client:
try:
# Use batch endpoint for efficiency
response = await client.post(
f"{auth_service_url}/api/v1/auth/users/batch",
json={"user_ids": user_ids},
timeout=10.0,
Add improvements 2
2026-01-12 22:15:11 +01:00
headers={"x-internal-service": "tenant-service"}
Improve the frontend and fix TODOs
2025-10-24 13:05:04 +02:00
)
if response.status_code == 200:
batch_result = response.json()
user_data_map = batch_result.get("users", {})
logger.info(
"Batch user fetch successful",
requested_count=len(user_ids),
found_count=batch_result.get("found_count", 0)
)
else:
logger.warning(
"Batch user fetch failed, falling back to individual calls",
status_code=response.status_code
)
# Fallback to individual calls if batch fails
for user_id in user_ids:
try:
response = await client.get(
f"{auth_service_url}/api/v1/auth/users/{user_id}",
timeout=5.0,
Add improvements 2
2026-01-12 22:15:11 +01:00
headers={"x-internal-service": "tenant-service"}
Improve the frontend and fix TODOs
2025-10-24 13:05:04 +02:00
)
if response.status_code == 200:
user_data = response.json()
user_data_map[user_id] = user_data
except Exception as e:
logger.warning(f"Failed to fetch user data for {user_id}", error=str(e))
continue
except Exception as e:
logger.warning("Batch user fetch failed, falling back to individual calls", error=str(e))
# Fallback to individual calls
for user_id in user_ids:
try:
response = await client.get(
f"{auth_service_url}/api/v1/auth/users/{user_id}",
timeout=5.0,
Add improvements 2
2026-01-12 22:15:11 +01:00
headers={"x-internal-service": "tenant-service"}
Improve the frontend and fix TODOs
2025-10-24 13:05:04 +02:00
)
if response.status_code == 200:
user_data = response.json()
user_data_map[user_id] = user_data
except Exception as e:
logger.warning(f"Failed to fetch user data for {user_id}", error=str(e))
continue
# Enrich members with user data
for member in members:
user_id_str = str(member.user_id)
if user_id_str in user_data_map and user_data_map[user_id_str] is not None:
user_data = user_data_map[user_id_str]
# Add user fields as attributes to the member object
member.user_email = user_data.get("email")
member.user_full_name = user_data.get("full_name")
member.user = user_data # Store full user object for compatibility
else:
# Set defaults for missing users
member.user_email = None
member.user_full_name = "Unknown User"
member.user = None
return members
except Exception as e:
logger.warning("Failed to enrich members with user info", error=str(e))
# Return members without enrichment if it fails
return members
REFACTOR - Database logic
2025-08-08 09:08:41 +02:00
async def get_user_memberships(
self,
user_id: str,
active_only: bool = True
) -> List[TenantMember]:
"""Get all tenants a user is a member of"""
try:
filters = {"user_id": user_id}
if active_only:
filters["is_active"] = True
return await self.get_multi(
filters=filters,
order_by="joined_at",
order_desc=True
)
except Exception as e:
logger.error("Failed to get user memberships",
user_id=user_id,
error=str(e))
raise DatabaseError(f"Failed to get memberships: {str(e)}")
async def verify_user_access(
self,
user_id: str,
tenant_id: str
) -> Dict[str, Any]:
"""Verify if user has access to tenant and return access details"""
try:
membership = await self.get_membership(tenant_id, user_id)
if not membership or not membership.is_active:
return {
"has_access": False,
"role": "none",
"permissions": []
}
# Parse permissions
permissions = []
if membership.permissions:
try:
permissions = json.loads(membership.permissions)
except json.JSONDecodeError:
logger.warning("Invalid permissions JSON for membership",
membership_id=membership.id)
permissions = self._get_default_permissions(membership.role)
return {
"has_access": True,
"role": membership.role,
"permissions": permissions,
"membership_id": str(membership.id),
"joined_at": membership.joined_at.isoformat() if membership.joined_at else None
}
except Exception as e:
logger.error("Failed to verify user access",
user_id=user_id,
tenant_id=tenant_id,
error=str(e))
return {
"has_access": False,
"role": "none",
"permissions": []
}
async def update_member_role(
self,
tenant_id: str,
user_id: str,
new_role: str,
updated_by: str = None
) -> Optional[TenantMember]:
"""Update member role and permissions"""
try:
valid_roles = ["owner", "admin", "member", "viewer"]
if new_role not in valid_roles:
raise ValidationError(f"Invalid role. Must be one of: {valid_roles}")
membership = await self.get_membership(tenant_id, user_id)
if not membership:
raise ValidationError("Membership not found")
# Get new permissions based on role
new_permissions = self._get_default_permissions(new_role)
updated_membership = await self.update(membership.id, {
"role": new_role,
"permissions": json.dumps(new_permissions)
})
logger.info("Member role updated",
membership_id=membership.id,
tenant_id=tenant_id,
user_id=user_id,
old_role=membership.role,
new_role=new_role,
updated_by=updated_by)
return updated_membership
except ValidationError:
raise
except Exception as e:
logger.error("Failed to update member role",
tenant_id=tenant_id,
user_id=user_id,
new_role=new_role,
error=str(e))
raise DatabaseError(f"Failed to update role: {str(e)}")
async def deactivate_membership(
self,
tenant_id: str,
user_id: str,
deactivated_by: str = None
) -> Optional[TenantMember]:
"""Deactivate a membership (remove user from tenant)"""
try:
membership = await self.get_membership(tenant_id, user_id)
if not membership:
raise ValidationError("Membership not found")
# Don't allow deactivating the owner
if membership.role == "owner":
raise ValidationError("Cannot deactivate the owner membership")
updated_membership = await self.update(membership.id, {
"is_active": False
})
logger.info("Membership deactivated",
membership_id=membership.id,
tenant_id=tenant_id,
user_id=user_id,
deactivated_by=deactivated_by)
return updated_membership
except ValidationError:
raise
except Exception as e:
logger.error("Failed to deactivate membership",
tenant_id=tenant_id,
user_id=user_id,
error=str(e))
raise DatabaseError(f"Failed to deactivate membership: {str(e)}")
async def reactivate_membership(
self,
tenant_id: str,
user_id: str,
reactivated_by: str = None
) -> Optional[TenantMember]:
"""Reactivate a deactivated membership"""
try:
membership = await self.get_membership(tenant_id, user_id)
if not membership:
raise ValidationError("Membership not found")
updated_membership = await self.update(membership.id, {
"is_active": True,
"joined_at": datetime.utcnow() # Update join date
})
logger.info("Membership reactivated",
membership_id=membership.id,
tenant_id=tenant_id,
user_id=user_id,
reactivated_by=reactivated_by)
return updated_membership
except ValidationError:
raise
except Exception as e:
logger.error("Failed to reactivate membership",
tenant_id=tenant_id,
user_id=user_id,
error=str(e))
raise DatabaseError(f"Failed to reactivate membership: {str(e)}")
async def get_membership_statistics(self, tenant_id: str) -> Dict[str, Any]:
"""Get membership statistics for a tenant"""
try:
# Get counts by role
role_query = text("""
SELECT role, COUNT(*) as count
FROM tenant_members
WHERE tenant_id = :tenant_id AND is_active = true
GROUP BY role
ORDER BY count DESC
""")
result = await self.session.execute(role_query, {"tenant_id": tenant_id})
members_by_role = {row.role: row.count for row in result.fetchall()}
# Get basic counts
total_members = await self.count(filters={"tenant_id": tenant_id})
active_members = await self.count(filters={
"tenant_id": tenant_id,
"is_active": True
})
# Get recent activity (members joined in last 30 days)
thirty_days_ago = datetime.utcnow() - timedelta(days=30)
recent_joins = len(await self.get_multi(
filters={
"tenant_id": tenant_id,
"is_active": True
},
limit=1000 # High limit to get accurate count
))
# Filter for recent joins (manual filtering since we can't use date range in filters easily)
recent_members = 0
all_active_members = await self.get_tenant_members(tenant_id, active_only=True)
for member in all_active_members:
if member.joined_at and member.joined_at >= thirty_days_ago:
recent_members += 1
return {
"total_members": total_members,
"active_members": active_members,
"inactive_members": total_members - active_members,
"members_by_role": members_by_role,
"recent_joins_30d": recent_members
}
except Exception as e:
logger.error("Failed to get membership statistics",
tenant_id=tenant_id,
error=str(e))
return {
"total_members": 0,
"active_members": 0,
"inactive_members": 0,
"members_by_role": {},
"recent_joins_30d": 0
}
def _get_default_permissions(self, role: str) -> str:
"""Get default permissions JSON string for a role"""
permission_map = {
"owner": ["read", "write", "admin", "delete"],
"admin": ["read", "write", "admin"],
"member": ["read", "write"],
"viewer": ["read"]
}
permissions = permission_map.get(role, ["read"])
return json.dumps(permissions)
async def bulk_update_permissions(
self,
tenant_id: str,
role_permissions: Dict[str, List[str]]
) -> int:
"""Bulk update permissions for all members of specific roles"""
try:
updated_count = 0
for role, permissions in role_permissions.items():
members = await self.get_tenant_members(
tenant_id, active_only=True, role=role
)
for member in members:
await self.update(member.id, {
"permissions": json.dumps(permissions)
})
updated_count += 1
logger.info("Bulk updated member permissions",
tenant_id=tenant_id,
updated_count=updated_count,
roles=list(role_permissions.keys()))
return updated_count
except Exception as e:
logger.error("Failed to bulk update permissions",
tenant_id=tenant_id,
error=str(e))
raise DatabaseError(f"Bulk permission update failed: {str(e)}")
async def cleanup_inactive_memberships(self, days_old: int = 180) -> int:
"""Clean up old inactive memberships"""
try:
cutoff_date = datetime.utcnow() - timedelta(days=days_old)
query_text = """
DELETE FROM tenant_members
WHERE is_active = false
AND created_at < :cutoff_date
"""
result = await self.session.execute(text(query_text), {"cutoff_date": cutoff_date})
deleted_count = result.rowcount
logger.info("Cleaned up inactive memberships",
deleted_count=deleted_count,
days_old=days_old)
return deleted_count
except Exception as e:
logger.error("Failed to cleanup inactive memberships",
error=str(e))
Improve the frontend and repository layer
2025-10-23 07:44:54 +02:00
raise DatabaseError(f"Cleanup failed: {str(e)}")
Reference in New Issue Copy Permalink