refactor: migrate vendor APIs to token-based context and consolidate architecture

## Vendor-in-Token Architecture (Complete Migration) - Migrate all vendor API endpoints from require_vendor_context() to token_vendor_id - Update permission dependencies to extract vendor from JWT token - Add vendor exceptions: VendorAccessDeniedException, VendorOwnerOnlyException, InsufficientVendorPermissionsException - Shop endpoints retain require_vendor_context() for URL-based detection - Add AUTH-004 architecture rule enforcing vendor context patterns - Fix marketplace router missing /marketplace prefix ## Exception Pattern Fixes (API-003/API-004) - Services raise domain exceptions, endpoints let them bubble up - Add code_quality and content_page exception modules - Move business logic from endpoints to services (admin, auth, content_page) - Fix exception handling in admin, shop, and vendor endpoints ## Tailwind CSS Consolidation - Consolidate CSS to per-area files (admin, vendor, shop, platform) - Remove shared/cdn-fallback.html and shared/css/tailwind.min.css - Update all templates to use area-specific Tailwind output files - Remove Node.js config (package.json, postcss.config.js, tailwind.config.js) ## Documentation & Cleanup - Update vendor-in-token-architecture.md with completed migration status - Update architecture-rules.md with new rules - Move migration docs to docs/development/migration/ - Remove duplicate/obsolete documentation files - Merge pytest.ini settings into pyproject.toml 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-04 22:24:45 +01:00
parent 76f8a59954
commit 8a367077e1
85 changed files with 21787 additions and 134978 deletions
--- a/app/services/auth_service.py
+++ b/app/services/auth_service.py
@@ -22,6 +22,7 @@ from app.exceptions import (
 )
 from middleware.auth import AuthManager
 from models.database.user import User
+from models.database.vendor import Vendor, VendorUser
 from models.schema.auth import UserLogin, UserRegister

 logger = logging.getLogger(__name__)
@@ -214,6 +215,84 @@ class AuthService:
            logger.error(f"Error creating access token with data: {str(e)}")
            raise ValidationException("Failed to create access token")

+    def get_vendor_by_code(self, db: Session, vendor_code: str) -> Vendor | None:
+        """
+        Get active vendor by vendor code.
+
+        Args:
+            db: Database session
+            vendor_code: Vendor code to look up
+
+        Returns:
+            Vendor if found and active, None otherwise
+        """
+        return (
+            db.query(Vendor)
+            .filter(Vendor.vendor_code == vendor_code.upper(), Vendor.is_active == True)
+            .first()
+        )
+
+    def get_user_vendor_role(
+        self, db: Session, user: User, vendor: Vendor
+    ) -> tuple[bool, str | None]:
+        """
+        Check if user has access to vendor and return their role.
+
+        Args:
+            db: Database session
+            user: User to check
+            vendor: Vendor to check access for
+
+        Returns:
+            Tuple of (has_access: bool, role_name: str | None)
+        """
+        # Check if user is vendor owner (via company ownership)
+        if vendor.company and vendor.company.owner_user_id == user.id:
+            return True, "Owner"
+
+        # Check if user is team member
+        vendor_user = (
+            db.query(VendorUser)
+            .filter(
+                VendorUser.user_id == user.id,
+                VendorUser.vendor_id == vendor.id,
+                VendorUser.is_active == True,
+            )
+            .first()
+        )
+
+        if vendor_user:
+            return True, vendor_user.role.name
+
+        return False, None
+
+    def find_user_vendor(self, user: User) -> tuple[Vendor | None, str | None]:
+        """
+        Find which vendor a user belongs to when no vendor context is provided.
+
+        Checks owned companies first, then vendor memberships.
+
+        Args:
+            user: User to find vendor for
+
+        Returns:
+            Tuple of (vendor: Vendor | None, role: str | None)
+        """
+        # Check owned vendors first (via company ownership)
+        for company in user.owned_companies:
+            if company.vendors:
+                return company.vendors[0], "Owner"
+
+        # Check vendor memberships
+        if user.vendor_memberships:
+            active_membership = next(
+                (vm for vm in user.vendor_memberships if vm.is_active), None
+            )
+            if active_membership:
+                return active_membership.vendor, active_membership.role.name
+
+        return None, None
+
    # Private helper methods
    def _email_exists(self, db: Session, email: str) -> bool:
        """Check if email already exists."""