fix: correct tojson|safe usage in templates and update validator

- Remove |safe from |tojson in HTML attributes (x-data) - quotes must become " for browsers to parse correctly - Update LANG-002 and LANG-003 architecture rules to document correct |tojson usage patterns: - HTML attributes: |tojson (no |safe) - Script blocks: |tojson|safe - Fix validator to warn when |tojson|safe is used in x-data (breaks HTML attribute parsing) - Improve code quality across services, APIs, and tests 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-13 22:59:51 +01:00
parent 94d268f330
commit 9920430b9e
123 changed files with 1408 additions and 840 deletions
--- a/app/api/v1/vendor/auth.py
+++ b/app/api/v1/vendor/auth.py
@@ -25,7 +25,6 @@ from app.exceptions import InvalidCredentialsException
 from app.services.auth_service import auth_service
 from middleware.vendor_context import get_current_vendor
 from models.database.user import User
-from models.database.vendor import Vendor
 from models.schema.auth import LogoutResponse, UserLogin, VendorUserResponse

 router = APIRouter(prefix="/auth")
@@ -95,9 +94,7 @@ def vendor_login(
                f"User {user.username} attempted login to vendor {vendor.vendor_code} "
                f"but is not authorized"
            )
-            raise InvalidCredentialsException(
-                "You do not have access to this vendor"
-            )
+            raise InvalidCredentialsException("You do not have access to this vendor")
    else:
        # No vendor context - find which vendor this user belongs to
        vendor, vendor_role = auth_service.find_user_vendor(user)