fix: make FrontendType mandatory in require_module_access
The require_module_access dependency was using path-based detection to determine admin vs vendor authentication, which failed for API routes (/api/v1/admin/*) because it only checked for /admin/*. Changes: - Make frontend_type parameter mandatory (was optional with fallback) - Remove path-based detection logic from require_module_access - Update all 33 module route files to pass explicit FrontendType: - 15 admin routes use FrontendType.ADMIN - 18 vendor routes use FrontendType.VENDOR This ensures authentication method is explicitly declared at route definition time, making it independent of URL structure and future-proof for API version changes. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
@@ -25,11 +25,12 @@ from app.modules.analytics.schemas import (
|
||||
VendorAnalyticsResponse,
|
||||
)
|
||||
from app.modules.billing.models import FeatureCode
|
||||
from app.modules.enums import FrontendType
|
||||
from app.modules.tenancy.models import User
|
||||
|
||||
router = APIRouter(
|
||||
prefix="/analytics",
|
||||
dependencies=[Depends(require_module_access("analytics"))],
|
||||
dependencies=[Depends(require_module_access("analytics", FrontendType.VENDOR))],
|
||||
)
|
||||
vendor_router = router # Alias for discovery
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
Reference in New Issue
Block a user