From 826df760296cac4305c402f61727c080cc533b56 Mon Sep 17 00:00:00 2001 From: Urtzi Alfaro Date: Sat, 2 Aug 2025 23:05:18 +0200 Subject: [PATCH] Fix user delete flow 8 --- gateway/app/middleware/auth.py | 2 +- services/tenant/app/api/tenants.py | 15 ++++++++++++++- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/gateway/app/middleware/auth.py b/gateway/app/middleware/auth.py index d67f7319..465c8188 100644 --- a/gateway/app/middleware/auth.py +++ b/gateway/app/middleware/auth.py @@ -206,7 +206,7 @@ class AuthMiddleware(BaseHTTPMiddleware): service_name = payload["service"] base_context["service"] = service_name base_context["type"] = "service" - base_context["role"] = "service" + base_context["role"] = "admin" base_context["user_id"] = f"{service_name}-service" base_context["email"] = f"{service_name}-service@internal" logger.debug(f"Service authentication: {payload['service']}") diff --git a/services/tenant/app/api/tenants.py b/services/tenant/app/api/tenants.py index e932bd41..e0f847db 100644 --- a/services/tenant/app/api/tenants.py +++ b/services/tenant/app/api/tenants.py @@ -292,11 +292,24 @@ async def delete_tenant_complete( @router.get("/tenants/user/{user_id}") async def get_user_tenants( user_id: str, - current_user = Depends(require_admin_role_dep), + current_user = Depends(get_current_user_dep), db: AsyncSession = Depends(get_db) ): """Get all tenant memberships for a user (admin only)""" + + # Check if this is a service call or admin user + user_type = current_user.get('type', '') + user_role = current_user.get('role', '').lower() + + logger.info("The user_type and user_role", user_type=user_type, user_role=user_role) + + if user_type != 'service' and user_role != 'admin': + raise HTTPException( + status_code=status.HTTP_403_FORBIDDEN, + detail="Admin role or service authentication required" + ) + try: user_uuid = uuid.UUID(user_id) except ValueError: