bakery-admin/bakery-ia
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix Demo enterprise list

Browse Source
This commit is contained in:
Urtzi Alfaro
2025-12-17 16:28:58 +01:00
parent f25d7a9745
commit b715a14848
8 changed files with 78 additions and 1286 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
services/tenant/app/api/tenant_operations.py
View File

@@ -378,10 +378,22 @@ async def get_nearby_tenants(
@track_endpoint_metrics("tenant_get_user_tenants")
async def get_user_tenants(
user_id: str = Path(..., description="User ID"),
current_user: Dict[str, Any] = Depends(get_current_user_dep),
tenant_service: EnhancedTenantService = Depends(get_enhanced_tenant_service)
):
"""Get all tenants owned by a user - Fixed endpoint for frontend"""
# Security check: users can only access their own tenants unless they're admin or demo user
is_demo_user = current_user.get("is_demo", False)
is_service_account = current_user.get("type") == "service"
user_role = current_user.get('role', '').lower()
if user_id != current_user["user_id"] and not is_service_account and not (is_demo_user and user_id == "demo-user") and user_role != 'admin':
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="Can only access your own tenants"
)
try:
tenants = await tenant_service.get_user_tenants(user_id)
logger.info("Retrieved user tenants", user_id=user_id, tenant_count=len(tenants))
@@ -398,10 +410,22 @@ async def get_user_tenants(
@track_endpoint_metrics("tenant_get_user_memberships")
async def get_user_memberships(
user_id: str = Path(..., description="User ID"),
current_user: Dict[str, Any] = Depends(get_current_user_dep),
tenant_service: EnhancedTenantService = Depends(get_enhanced_tenant_service)
):
"""Get all tenant memberships for a user (for authentication service)"""
# Security check: users can only access their own memberships unless they're admin or demo user
is_demo_user = current_user.get("is_demo", False)
is_service_account = current_user.get("type") == "service"
user_role = current_user.get('role', '').lower()
if user_id != current_user["user_id"] and not is_service_account and not (is_demo_user and user_id == "demo-user") and user_role != 'admin':
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="Can only access your own memberships"
)
try:
memberships = await tenant_service.get_user_memberships(user_id)
logger.info("Retrieved user memberships", user_id=user_id, membership_count=len(memberships))