Hartmut/HartOMat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(phase4+5): role hierarchy, tenant config, fallback material, dead code removal

Browse Source 
Phase 4.1 — Role Hierarchy:
  - UserRole enum: add global_admin (platform operator) + tenant_admin
    (per-tenant admin); keep legacy 'admin' for backward compat
  - Role sets: ADMIN_ROLES, TENANT_ADMIN_ROLES, PM_ROLES, RLS_BYPASS_ROLES
  - New auth guards: require_global_admin(), require_tenant_admin_or_above(),
    require_pm_or_above(), is_admin(), is_privileged()
  - Legacy require_admin / require_admin_or_pm now check both old+new roles
  - Migration 049: ADD VALUE global_admin + tenant_admin with AUTOCOMMIT
    workaround; backfills admin → global_admin
  - Seed: new admin users created with global_admin role

Phase 4.3 — RLS bypass updated for global_admin in get_db + set_tenant_context

Phase 4.4 — Tenant Feature Flags:
  - Migration 050: tenant_config JSONB on tenants table
  - Tenant model: tenant_config field + get_config() accessor
  - Defaults: max_concurrent_renders=3, fallback_material, invoice_prefix etc.

Phase 5.1 — Fallback Material:
  - blender_render.py: replace PALETTE_LINEAR/PALETTE_HEX/_assign_palette_material
    with _assign_failed_material() → SCHAEFFLER_059999_FailedMaterial (magenta)
  - Unmatched parts now logged explicitly before rendering

Phase 5.2 — Remove EEVEE fallback:
  - render_blender.py: EEVEE→Cycles silent retry removed; hard failure on EEVEE error

Phase 5.3 — Remove Blender version check:
  - render_blender.py: deleted MIN_BLENDER_VERSION = (5, 0, 1) constant

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Hartmut Nörenberg
2026-03-08 19:42:10 +01:00
parent 121fbdafd3
commit 9f54bc3ab1
10 changed files with 225 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/app/core/middleware.py
+1 -1
View File
@@ -44,6 +44,6 @@ class TenantContextMiddleware(BaseHTTPMiddleware):
pass # invalid/expired tokens are handled per-endpoint
request.state.tenant_id = tenant_id
request.state.role = role
request.state.role = role # "global_admin"|"tenant_admin"|"project_manager"|"client"|"admin"
return await call_next(request)
backend/app/database.py
+7 -3
View File
@@ -34,7 +34,9 @@ async def get_db(request: "Request | None" = None) -> AsyncGenerator[AsyncSessio
tenant_id = getattr(request.state, "tenant_id", None)
role = getattr(request.state, "role", None)
if tenant_id:
if role == "admin":
# global_admin and legacy admin bypass RLS to see all tenants
_bypass_roles = {"global_admin", "admin"}
if role in _bypass_roles:
await session.execute(text("SET LOCAL app.current_tenant_id = 'bypass'"))
else:
await session.execute(
@@ -69,7 +71,8 @@ async def get_db_for_tenant(
if user and hasattr(user, "tenant_id") and user.tenant_id:
role = getattr(user, "role", None)
role_value = role.value if hasattr(role, "value") else str(role) if role else ""
if role_value == "admin":
_bypass = {"global_admin", "admin"}
if role_value in _bypass:
await db.execute(text("SET LOCAL app.current_tenant_id = 'bypass'"))
else:
await db.execute(
@@ -120,7 +123,8 @@ async def set_tenant_context(db: AsyncSession, user: Optional[object]) -> None:
if user and hasattr(user, "tenant_id") and user.tenant_id:
role = getattr(user, "role", None)
role_value = role.value if hasattr(role, "value") else str(role) if role else ""
if role_value == "admin":
_bypass = {"global_admin", "admin"}
if role_value in _bypass:
await db.execute(text("SET LOCAL app.current_tenant_id = 'bypass'"))
else:
await db.execute(
backend/app/domains/auth/models.py
+20 -2
View File
@@ -8,9 +8,27 @@ import enum
class UserRole(str, enum.Enum):
# New role hierarchy (Phase 4)
global_admin = "global_admin" # platform operator — bypasses RLS, all tenants
tenant_admin = "tenant_admin" # per-tenant admin — full control within own tenant
project_manager = "project_manager" # order/render management within tenant
client = "client" # read own orders, create draft orders
# Legacy alias — kept for backward compat during migration; use global_admin for new code
admin = "admin"
project_manager = "project_manager"
client = "client"
# Roles that have administrative privileges (global_admin + legacy admin)
ADMIN_ROLES = {"global_admin", "admin"}
# Roles with tenant-level admin access
TENANT_ADMIN_ROLES = {"global_admin", "tenant_admin", "admin"}
# Roles with project management or above
PM_ROLES = {"global_admin", "tenant_admin", "project_manager", "admin"}
# Roles that bypass RLS (see TenantContextMiddleware + get_db)
RLS_BYPASS_ROLES = {"global_admin", "admin"}
class User(Base):
backend/app/domains/tenants/models.py
+18 -1
View File
@@ -2,9 +2,18 @@ import uuid
from datetime import datetime
from sqlalchemy import String, DateTime, Boolean
from sqlalchemy.orm import Mapped, mapped_column, relationship
from sqlalchemy.dialects.postgresql import UUID
from sqlalchemy.dialects.postgresql import UUID, JSONB
from app.database import Base
_DEFAULT_TENANT_CONFIG = {
"max_concurrent_renders": 3,
"render_engines_allowed": ["cycles", "eevee"],
"max_order_size": 500,
"fallback_material": "SCHAEFFLER_059999_FailedMaterial",
"notifications_enabled": True,
"invoice_prefix": "INV",
}
class Tenant(Base):
__tablename__ = "tenants"
@@ -14,6 +23,14 @@ class Tenant(Base):
slug: Mapped[str] = mapped_column(String(100), nullable=False, unique=True)
is_active: Mapped[bool] = mapped_column(Boolean, nullable=False, default=True)
created_at: Mapped[datetime] = mapped_column(DateTime, default=datetime.utcnow, nullable=False)
tenant_config: Mapped[dict | None] = mapped_column(
JSONB, nullable=True, default=_DEFAULT_TENANT_CONFIG
)
def get_config(self, key: str, default=None):
"""Safe accessor for tenant_config fields."""
cfg = self.tenant_config or {}
return cfg.get(key, default)
# Relationships (lazy=noload — loaded explicitly when needed)
users: Mapped[list] = relationship("User", back_populates="tenant", lazy="noload")
backend/app/services/render_blender.py
+2 -8
View File
@@ -14,8 +14,6 @@ from pathlib import Path
logger = logging.getLogger(__name__)
MIN_BLENDER_VERSION = (5, 0, 1)
def _glb_from_step(step_path: Path, glb_path: Path, quality: str = "low") -> None:
"""Convert STEP → GLB via OCC (export_step_to_gltf.py, no Blender needed).
@@ -226,12 +224,8 @@ def render_still(
log_lines = [l for l in stdout_lines if "[blender_render]" in l]
# EEVEE fallback to Cycles on non-signal error
if returncode > 0 and engine == "eevee":
logger.warning("EEVEE failed (exit %d) — retrying with Cycles", returncode)
returncode, stdout_lines2, stderr_lines2 = _run("cycles")
engine_used = "cycles (eevee fallback)"
log_lines.extend(l for l in stdout_lines2 if "[blender_render]" in l)
# EEVEE fallback removed (Phase 5.2): EEVEE Next in Blender 5.0+ is stable.
# If EEVEE fails, it is a hard failure — no silent retry.
if returncode != 0:
stdout_tail = "\n".join(stdout_lines[-50:]) if stdout_lines else ""
backend/app/utils/auth.py
+56 -2
View File
@@ -59,14 +59,68 @@ async def get_current_user(
return user
def _role_value(user: User) -> str:
"""Return the string value of a user's role (works for both enum and plain str)."""
role = user.role
return role.value if hasattr(role, "value") else str(role)
# ── New role-hierarchy guards ─────────────────────────────────────────────────
async def require_global_admin(user: User = Depends(get_current_user)) -> User:
"""GlobalAdmin only (platform operator). Replaces require_admin() for new code."""
from app.domains.auth.models import ADMIN_ROLES
if _role_value(user) not in ADMIN_ROLES:
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Global admin access required")
return user
async def require_tenant_admin_or_above(user: User = Depends(get_current_user)) -> User:
"""TenantAdmin, GlobalAdmin, or legacy admin."""
from app.domains.auth.models import TENANT_ADMIN_ROLES
if _role_value(user) not in TENANT_ADMIN_ROLES:
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Tenant admin access required")
return user
async def require_pm_or_above(user: User = Depends(get_current_user)) -> User:
"""ProjectManager, TenantAdmin, GlobalAdmin, or legacy admin."""
from app.domains.auth.models import PM_ROLES
if _role_value(user) not in PM_ROLES:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="Project manager or above access required",
)
return user
def is_admin(user: User) -> bool:
"""Helper: True if user has any admin-level role."""
from app.domains.auth.models import ADMIN_ROLES
return _role_value(user) in ADMIN_ROLES
def is_privileged(user: User) -> bool:
"""Helper: True if user can manage orders/renders (PM or above)."""
from app.domains.auth.models import PM_ROLES
return _role_value(user) in PM_ROLES
# ── Legacy guards (kept for backward compatibility) ───────────────────────────
# These now accept both old ("admin") and new ("global_admin") roles.
async def require_admin(user: User = Depends(get_current_user)) -> User:
if user.role.value != "admin":
"""Backward-compat alias for require_global_admin(). Prefer require_global_admin() in new code."""
from app.domains.auth.models import ADMIN_ROLES
if _role_value(user) not in ADMIN_ROLES:
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Admin access required")
return user
async def require_admin_or_pm(user: User = Depends(get_current_user)) -> User:
if user.role.value not in ("admin", "project_manager"):
"""Backward-compat alias for require_pm_or_above(). Prefer require_pm_or_above() in new code."""
from app.domains.auth.models import PM_ROLES
if _role_value(user) not in PM_ROLES:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="Admin or Project Manager access required",
backend/app/utils/seed_templates.py
+1 -1
View File
@@ -161,8 +161,8 @@ async def seed(db_url: str, admin_email: str = "admin@schaeffler.com", admin_pas
admin = User(
email=admin_email,
password_hash=hash_password(admin_password),
role=UserRole.global_admin,
full_name="Schaeffler Admin",
role=UserRole.admin,
)
session.add(admin)
print(f" + Admin user: {admin_email}")