This commit fixes a critical security issue where multiple concurrent demo
sessions would see each other's data due to sharing the same demo user IDs.
## The Problem:
When two enterprise demo sessions run simultaneously:
- Session A: user_id=Director, tenants=[parent_A, child_A1, child_A2]
- Session B: user_id=Director, tenants=[parent_B, child_B1, child_B2]
The endpoint /api/v1/tenants/user/{user_id}/tenants was querying by user_id
only, so Session A would see BOTH its own tenants AND Session B's tenants!
## The Solution:
Added demo_session_id filtering to get_user_tenants endpoint:
- For demo sessions, use get_virtual_tenants_for_session(demo_session_id)
- This filters tenants by the demo_session_id field (set during cloning)
- Each session now sees ONLY its own virtual tenants
## Implementation:
services/tenant/app/api/tenants.py (lines 180-194):
- Check if user is_demo
- Extract demo_session_id from current_user context (set by gateway)
- Call get_virtual_tenants_for_session() instead of get_user_tenants()
- This method filters by: demo_session_id + is_active + account_type
## Database Schema:
The tenants table has a demo_session_id column (indexed) that links
each virtual tenant to its specific demo session. This is set during
tenant cloning in internal_demo.py.
## Impact:
✅ Complete isolation between concurrent demo sessions
✅ Users only see their own session's data
✅ No performance impact (demo_session_id is indexed)
✅ Backward compatible (non-demo users unchanged)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
When the frontend requests tenants with user_id='demo-user' in demo mode,
the backend now correctly maps this to the actual demo owner ID from the
current_user context (set by the gateway middleware).
This fixes the issue where the tenant list API was returning empty results
even though it returned 200 OK, because it was looking for a user with
id='demo-user' which doesn't exist in the database.
The actual user IDs are:
- Professional: c1a2b3c4-d5e6-47a8-b9c0-d1e2f3a4b5c6 (María García López)
- Enterprise: d2e3f4a5-b6c7-48d9-e0f1-a2b3c4d5e6f7 (Director)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
