Fix user delete flow 11

services/auth/app/api/users.py

@@ -28,13 +28,16 @@ from shared.auth.decorators import (
 logger = structlog.get_logger()
 router = APIRouter(tags=["users"])
 
+
 @router.get("/me", response_model=UserResponse)
 async def get_current_user_info(
     current_user: Dict[str, Any] = Depends(get_current_user_dep),
     db: AsyncSession = Depends(get_db)
 ):
-    """Get current user information"""
+    """Get current user information - FIXED VERSION"""
     try:
+        logger.debug(f"Getting user info for: {current_user}")
+        
         # Handle both User object (direct auth) and dict (from gateway headers)
         if isinstance(current_user, dict):
             # Coming from gateway headers - need to fetch user from DB
@@ -45,19 +48,12 @@ async def get_current_user_info(
                     detail="Invalid user context"
                 )
             
-            # Fetch full user from database
-            from sqlalchemy import select
-            from app.models.users import User
+            # ✅ FIX: Fetch full user from database to get the real role
+            user = await UserService.get_user_by_id(user_id, db)
             
-            result = await db.execute(select(User).where(User.id == user_id))
-            user = result.scalar_one_or_none()
-            
-            if not user:
-                raise HTTPException(
-                    status_code=status.HTTP_404_NOT_FOUND,
-                    detail="User not found"
-                )
+            logger.debug(f"Fetched user from DB - Role: {user.role}, Email: {user.email}")
             
+            # ✅ FIX: Return role from database, not from JWT headers
             return UserResponse(
                 id=str(user.id),
                 email=user.email,
@@ -65,13 +61,16 @@ async def get_current_user_info(
                 is_active=user.is_active,
                 is_verified=user.is_verified,
                 phone=user.phone,
-                language=user.language,
-                timezone=user.timezone,
+                language=user.language or "es",
+                timezone=user.timezone or "Europe/Madrid",
                 created_at=user.created_at,
-                last_login=user.last_login
+                last_login=user.last_login,
+                role=user.role,  # ✅ CRITICAL: Use role from database, not headers
+                tenant_id=current_user.get("tenant_id")
             )
         else:
-            # Direct User object (when called directly)
+            # Direct User object (shouldn't happen in microservice architecture)
+            logger.debug(f"Direct user object received - Role: {current_user.role}")
             return UserResponse(
                 id=str(current_user.id),
                 email=current_user.email,
@@ -79,13 +78,18 @@ async def get_current_user_info(
                 is_active=current_user.is_active,
                 is_verified=current_user.is_verified,
                 phone=current_user.phone,
-                language=current_user.language,
-                timezone=current_user.timezone,
+                language=current_user.language or "es",
+                timezone=current_user.timezone or "Europe/Madrid",
                 created_at=current_user.created_at,
-                last_login=current_user.last_login
+                last_login=current_user.last_login,
+                role=current_user.role,  # ✅ Use role from database
+                tenant_id=None
             )
+            
+    except HTTPException:
+        raise
     except Exception as e:
-        logger.error(f"Get current user error: {e}")
+        logger.error(f"Get user info error: {e}")
         raise HTTPException(
             status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
             detail="Failed to get user information"
@@ -99,7 +103,8 @@ async def update_current_user(
 ):
     """Update current user information"""
     try:
-        updated_user = await UserService.update_user(current_user.id, user_update, db)
+        user_id = current_user.get("user_id") if isinstance(current_user, dict) else current_user.id
+        updated_user = await UserService.update_user(user_id, user_update, db)
         return UserResponse(
             id=str(updated_user.id),
             email=updated_user.email,
@@ -110,7 +115,9 @@ async def update_current_user(
             language=updated_user.language,
             timezone=updated_user.timezone,
             created_at=updated_user.created_at,
-            last_login=updated_user.last_login
+            last_login=updated_user.last_login,
+            role=updated_user.role,  # ✅ Include role
+            tenant_id=current_user.get("tenant_id") if isinstance(current_user, dict) else None
         )
     except HTTPException:
         raise
@@ -151,13 +158,6 @@ async def delete_admin_user(
             detail="Invalid user ID format"
         )
     
-    # Prevent self-deletion
-    if user_id == current_user.id:
-        raise HTTPException(
-            status_code=status.HTTP_400_BAD_REQUEST,
-            detail="Cannot delete your own account"
-        )
-    
     # Quick validation that user exists before starting background task
     deletion_service = AdminUserDeleteService(db)
     user_info = await deletion_service._validate_admin_user(user_id)