bakery-admin/bakery-ia
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Improve the frontend and fix TODOs

Browse Source
This commit is contained in:
Urtzi Alfaro
2025-10-24 13:05:04 +02:00
parent 07c33fa578
commit 61376b7a9f
100 changed files with 8284 additions and 3419 deletions
Download Patch File Download Diff File Expand all files Collapse all files

89
services/tenant/app/api/tenant_operations.py
View File

@@ -825,10 +825,53 @@ async def cancel_subscription(
"""Cancel subscription for a tenant"""
try:
# TODO: Add access control - verify user is owner/admin of tenant
# In a real implementation, you would need to retrieve the subscription ID from the database
# For now, this is a placeholder
subscription_id = "sub_test" # This would come from the database
# Verify user is owner/admin of tenant
user_id = current_user.get('user_id')
user_role = current_user.get('role', '').lower()
# Check if user is tenant owner or admin
from app.services.tenant_service import EnhancedTenantService
from shared.database.base import create_database_manager
tenant_service = EnhancedTenantService(create_database_manager())
# Verify tenant access and role
async with tenant_service.database_manager.get_session() as session:
await tenant_service._init_repositories(session)
# Get tenant member record
member = await tenant_service.member_repo.get_member_by_user_and_tenant(
str(user_id), str(tenant_id)
)
if not member:
logger.warning("User not member of tenant",
user_id=user_id,
tenant_id=str(tenant_id))
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="Access denied: You are not a member of this tenant"
)
if member.role not in ['owner', 'admin']:
logger.warning("Insufficient permissions to cancel subscription",
user_id=user_id,
tenant_id=str(tenant_id),
role=member.role)
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="Access denied: Only owners and admins can cancel subscriptions"
)
# Get subscription ID from database
subscription = await tenant_service.subscription_repo.get_active_subscription(str(tenant_id))
if not subscription or not subscription.stripe_subscription_id:
raise HTTPException(
status_code=status.HTTP_404_NOT_FOUND,
detail="No active subscription found for this tenant"
)
subscription_id = subscription.stripe_subscription_id
result = await payment_service.cancel_subscription(subscription_id)
@@ -856,10 +899,40 @@ async def get_invoices(
"""Get invoices for a tenant"""
try:
# TODO: Add access control - verify user has access to tenant
# In a real implementation, you would need to retrieve the customer ID from the database
# For now, this is a placeholder
customer_id = "cus_test" # This would come from the database
# Verify user has access to tenant
user_id = current_user.get('user_id')
from app.services.tenant_service import EnhancedTenantService
from shared.database.base import create_database_manager
tenant_service = EnhancedTenantService(create_database_manager())
async with tenant_service.database_manager.get_session() as session:
await tenant_service._init_repositories(session)
# Verify user is member of tenant
member = await tenant_service.member_repo.get_member_by_user_and_tenant(
str(user_id), str(tenant_id)
)
if not member:
logger.warning("User not member of tenant",
user_id=user_id,
tenant_id=str(tenant_id))
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="Access denied: You do not have access to this tenant"
)
# Get subscription with customer ID
subscription = await tenant_service.subscription_repo.get_active_subscription(str(tenant_id))
if not subscription or not subscription.stripe_customer_id:
raise HTTPException(
status_code=status.HTTP_404_NOT_FOUND,
detail="No active subscription found for this tenant"
)
customer_id = subscription.stripe_customer_id
invoices = await payment_service.get_invoices(customer_id)