Hartmut/HartOMat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(phase4+5): role hierarchy, tenant config, fallback material, dead code removal

Browse Source 
Phase 4.1 — Role Hierarchy:
  - UserRole enum: add global_admin (platform operator) + tenant_admin
    (per-tenant admin); keep legacy 'admin' for backward compat
  - Role sets: ADMIN_ROLES, TENANT_ADMIN_ROLES, PM_ROLES, RLS_BYPASS_ROLES
  - New auth guards: require_global_admin(), require_tenant_admin_or_above(),
    require_pm_or_above(), is_admin(), is_privileged()
  - Legacy require_admin / require_admin_or_pm now check both old+new roles
  - Migration 049: ADD VALUE global_admin + tenant_admin with AUTOCOMMIT
    workaround; backfills admin → global_admin
  - Seed: new admin users created with global_admin role

Phase 4.3 — RLS bypass updated for global_admin in get_db + set_tenant_context

Phase 4.4 — Tenant Feature Flags:
  - Migration 050: tenant_config JSONB on tenants table
  - Tenant model: tenant_config field + get_config() accessor
  - Defaults: max_concurrent_renders=3, fallback_material, invoice_prefix etc.

Phase 5.1 — Fallback Material:
  - blender_render.py: replace PALETTE_LINEAR/PALETTE_HEX/_assign_palette_material
    with _assign_failed_material() → SCHAEFFLER_059999_FailedMaterial (magenta)
  - Unmatched parts now logged explicitly before rendering

Phase 5.2 — Remove EEVEE fallback:
  - render_blender.py: EEVEE→Cycles silent retry removed; hard failure on EEVEE error

Phase 5.3 — Remove Blender version check:
  - render_blender.py: deleted MIN_BLENDER_VERSION = (5, 0, 1) constant

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Hartmut Nörenberg
2026-03-08 19:42:10 +01:00
parent 121fbdafd3
commit 9f54bc3ab1
10 changed files with 225 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/app/domains/tenants/models.py
+18 -1
View File
@@ -2,9 +2,18 @@ import uuid
from datetime import datetime
from sqlalchemy import String, DateTime, Boolean
from sqlalchemy.orm import Mapped, mapped_column, relationship
from sqlalchemy.dialects.postgresql import UUID
from sqlalchemy.dialects.postgresql import UUID, JSONB
from app.database import Base
_DEFAULT_TENANT_CONFIG = {
"max_concurrent_renders": 3,
"render_engines_allowed": ["cycles", "eevee"],
"max_order_size": 500,
"fallback_material": "SCHAEFFLER_059999_FailedMaterial",
"notifications_enabled": True,
"invoice_prefix": "INV",
}
class Tenant(Base):
__tablename__ = "tenants"
@@ -14,6 +23,14 @@ class Tenant(Base):
slug: Mapped[str] = mapped_column(String(100), nullable=False, unique=True)
is_active: Mapped[bool] = mapped_column(Boolean, nullable=False, default=True)
created_at: Mapped[datetime] = mapped_column(DateTime, default=datetime.utcnow, nullable=False)
tenant_config: Mapped[dict | None] = mapped_column(
JSONB, nullable=True, default=_DEFAULT_TENANT_CONFIG
)
def get_config(self, key: str, default=None):
"""Safe accessor for tenant_config fields."""
cfg = self.tenant_config or {}
return cfg.get(key, default)
# Relationships (lazy=noload — loaded explicitly when needed)
users: Mapped[list] = relationship("User", back_populates="tenant", lazy="noload")