Add role-based filtering and imporve code

2025-10-15 16:12:49 +02:00
parent 96ad5c6692
commit 8f9e9a7edc
158 changed files with 11033 additions and 1544 deletions
--- a/services/forecasting/app/api/forecasting_operations.py
+++ b/services/forecasting/app/api/forecasting_operations.py
@@ -23,11 +23,22 @@ from shared.monitoring.metrics import get_metrics_collector
 from app.core.config import settings
 from shared.routing import RouteBuilder
 from shared.auth.access_control import require_user_role
+from shared.security import create_audit_logger, create_rate_limiter, AuditSeverity, AuditAction
+from shared.subscription.plans import get_forecast_quota, get_forecast_horizon_limit
+from shared.redis_utils import get_redis_client

 route_builder = RouteBuilder('forecasting')
 logger = structlog.get_logger()
 router = APIRouter(tags=["forecasting-operations"])

+# Initialize audit logger
+audit_logger = create_audit_logger("forecasting-service")
+
+async def get_rate_limiter():
+    """Dependency for rate limiter"""
+    redis_client = await get_redis_client()
+    return create_rate_limiter(redis_client)
+

 def get_enhanced_forecasting_service():
    """Dependency injection for EnhancedForecastingService"""
@@ -194,16 +205,17 @@ async def generate_multi_day_forecast(
    route_builder.build_operations_route("batch"),
    response_model=BatchForecastResponse
 )
-@require_user_role(['viewer', 'member', 'admin', 'owner'])
+@require_user_role(['admin', 'owner'])
@track_execution_time("enhanced_batch_forecast_duration_seconds", "forecasting-service")
 async def generate_batch_forecast(
    request: BatchForecastRequest,
    tenant_id: str = Path(..., description="Tenant ID"),
    request_obj: Request = None,
    current_user: dict = Depends(get_current_user_dep),
-    enhanced_forecasting_service: EnhancedForecastingService = Depends(get_enhanced_forecasting_service)
+    enhanced_forecasting_service: EnhancedForecastingService = Depends(get_enhanced_forecasting_service),
+    rate_limiter = Depends(get_rate_limiter)
 ):
-    """Generate forecasts for multiple products in batch"""
+    """Generate forecasts for multiple products in batch (Admin+ only, quota enforced)"""
    metrics = get_metrics_collector(request_obj)

    try:
@@ -217,6 +229,24 @@ async def generate_batch_forecast(
        if not request.inventory_product_ids:
            raise ValueError("inventory_product_ids cannot be empty")

+        # Get subscription tier and enforce quotas
+        tier = current_user.get('subscription_tier', 'starter')
+
+        # Check daily quota for forecast generation
+        quota_limit = get_forecast_quota(tier)
+        quota_result = await rate_limiter.check_and_increment_quota(
+            tenant_id,
+            "forecast_generation",
+            quota_limit,
+            period=86400  # 24 hours
+        )
+
+        # Validate forecast horizon if specified
+        if request.horizon_days:
+            await rate_limiter.validate_forecast_horizon(
+                tenant_id, request.horizon_days, tier
+            )
+
        batch_result = await enhanced_forecasting_service.generate_batch_forecast(
            tenant_id=tenant_id,
            request=request