Fix user delete flow 9

2025-08-02 23:29:18 +02:00
parent 826df76029
commit abe74f32f8
6 changed files with 49 additions and 3 deletions
--- a/services/auth/app/core/security.py
+++ b/services/auth/app/core/security.py
@@ -99,6 +99,12 @@ class SecurityManager:
                payload["is_verified"] = user_data["is_verified"]
            if "is_active" in user_data:
                payload["is_active"] = user_data["is_active"]
+                
+            # ✅ CRITICAL FIX: Include role in access token!
+            if "role" in user_data:
+                payload["role"] = user_data["role"]
+            else:
+                payload["role"] = "user"  # Default role if not specified
            
            logger.debug(f"Creating access token with payload keys: {list(payload.keys())}")
            
--- a/services/auth/app/services/auth_service.py
+++ b/services/auth/app/services/auth_service.py
@@ -62,6 +62,7 @@ class AuthService:
                "full_name": new_user.full_name,
                "is_verified": new_user.is_verified,
                "is_active": new_user.is_active,
+                "role": new_user.role,
                "type": "access"  # ✅ Explicitly mark as access token
            }
            
@@ -184,6 +185,7 @@ class AuthService:
                "full_name": user.full_name,
                "is_verified": user.is_verified,
                "is_active": user.is_active,
+                "role": user.role,
                "type": "access"  # ✅ Explicitly mark as access token
            }
            
@@ -345,6 +347,7 @@ class AuthService:
                "full_name": user.full_name,
                "is_verified": user.is_verified,
                "is_active": user.is_active,
+                "role": user.role,
                "type": "access"
            }
            
--- a/services/tenant/app/api/tenants.py
+++ b/services/tenant/app/api/tenants.py
@@ -301,10 +301,15 @@ async def get_user_tenants(
    # Check if this is a service call or admin user
    user_type = current_user.get('type', '')
    user_role = current_user.get('role', '').lower()
+    service_name = current_user.get('service', '')
    
    logger.info("The user_type and user_role", user_type=user_type, user_role=user_role)
    
-    if user_type != 'service' and user_role != 'admin':
+    # ✅ IMPROVED: Accept service tokens OR admin users
+    is_service_token = (user_type == 'service' or service_name in ['auth', 'admin'])
+    is_admin_user = (user_role == 'admin')
+    
+    if not (is_service_token or is_admin_user):
        raise HTTPException(
            status_code=status.HTTP_403_FORBIDDEN,
            detail="Admin role or service authentication required"