fix: make FrontendType mandatory in require_module_access

The require_module_access dependency was using path-based detection to determine admin vs vendor authentication, which failed for API routes (/api/v1/admin/*) because it only checked for /admin/*. Changes: - Make frontend_type parameter mandatory (was optional with fallback) - Remove path-based detection logic from require_module_access - Update all 33 module route files to pass explicit FrontendType: - 15 admin routes use FrontendType.ADMIN - 18 vendor routes use FrontendType.VENDOR This ensures authentication method is explicitly declared at route definition time, making it independent of URL structure and future-proof for API version changes. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-02 22:09:21 +01:00
parent 01e7602dcb
commit 9a0dd84035
34 changed files with 83 additions and 45 deletions
--- a/app/modules/inventory/routes/api/admin.py
+++ b/app/modules/inventory/routes/api/admin.py
@@ -20,6 +20,7 @@ from sqlalchemy.orm import Session

 from app.api.deps import get_current_admin_api, require_module_access
 from app.core.database import get_db
+from app.modules.enums import FrontendType
 from app.modules.inventory.services.inventory_import_service import inventory_import_service
 from app.modules.inventory.services.inventory_service import inventory_service
 from app.modules.inventory.services.inventory_transaction_service import inventory_transaction_service
@@ -45,7 +46,7 @@ from app.modules.inventory.schemas import (

 admin_router = APIRouter(
    prefix="/inventory",
-    dependencies=[Depends(require_module_access("inventory"))],
+    dependencies=[Depends(require_module_access("inventory", FrontendType.ADMIN))],
 )
 logger = logging.getLogger(__name__)