Hartmut
9f54bc3ab1
Phase 4.1 — Role Hierarchy:
- UserRole enum: add global_admin (platform operator) + tenant_admin
(per-tenant admin); keep legacy 'admin' for backward compat
- Role sets: ADMIN_ROLES, TENANT_ADMIN_ROLES, PM_ROLES, RLS_BYPASS_ROLES
- New auth guards: require_global_admin(), require_tenant_admin_or_above(),
require_pm_or_above(), is_admin(), is_privileged()
- Legacy require_admin / require_admin_or_pm now check both old+new roles
- Migration 049: ADD VALUE global_admin + tenant_admin with AUTOCOMMIT
workaround; backfills admin → global_admin
- Seed: new admin users created with global_admin role
Phase 4.3 — RLS bypass updated for global_admin in get_db + set_tenant_context
Phase 4.4 — Tenant Feature Flags:
- Migration 050: tenant_config JSONB on tenants table
- Tenant model: tenant_config field + get_config() accessor
- Defaults: max_concurrent_renders=3, fallback_material, invoice_prefix etc.
Phase 5.1 — Fallback Material:
- blender_render.py: replace PALETTE_LINEAR/PALETTE_HEX/_assign_palette_material
with _assign_failed_material() → SCHAEFFLER_059999_FailedMaterial (magenta)
- Unmatched parts now logged explicitly before rendering
Phase 5.2 — Remove EEVEE fallback:
- render_blender.py: EEVEE→Cycles silent retry removed; hard failure on EEVEE error
Phase 5.3 — Remove Blender version check:
- render_blender.py: deleted MIN_BLENDER_VERSION = (5, 0, 1) constant
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
50 lines
1.8 KiB
Python
50 lines
1.8 KiB
Python
"""Application middleware.
|
|
|
|
TenantContextMiddleware
|
|
Decodes the JWT Bearer token (if present) from every incoming request and
|
|
stores tenant_id + role in request.state. The get_db dependency reads
|
|
request.state to automatically set the RLS context before yielding the
|
|
session — no endpoint code change required.
|
|
"""
|
|
import logging
|
|
from jose import JWTError, jwt
|
|
from starlette.middleware.base import BaseHTTPMiddleware
|
|
from starlette.requests import Request
|
|
from starlette.responses import Response
|
|
|
|
from app.config import settings
|
|
|
|
_log = logging.getLogger(__name__)
|
|
|
|
|
|
class TenantContextMiddleware(BaseHTTPMiddleware):
|
|
"""Extract JWT → inject tenant_id + role into request.state.
|
|
|
|
Does NOT reject unauthenticated requests — that is still handled by the
|
|
route-level dependencies (require_admin, get_current_user, etc.).
|
|
Missing / invalid tokens result in request.state.tenant_id = None.
|
|
"""
|
|
|
|
async def dispatch(self, request: Request, call_next) -> Response:
|
|
tenant_id: str | None = None
|
|
role: str | None = None
|
|
|
|
auth_header = request.headers.get("Authorization", "")
|
|
if auth_header.startswith("Bearer "):
|
|
token = auth_header[7:]
|
|
try:
|
|
payload = jwt.decode(
|
|
token,
|
|
settings.jwt_secret_key,
|
|
algorithms=[settings.jwt_algorithm],
|
|
)
|
|
tenant_id = payload.get("tenant_id")
|
|
role = payload.get("role")
|
|
except JWTError:
|
|
pass # invalid/expired tokens are handled per-endpoint
|
|
|
|
request.state.tenant_id = tenant_id
|
|
request.state.role = role # "global_admin"|"tenant_admin"|"project_manager"|"client"|"admin"
|
|
|
|
return await call_next(request)
|