fix: make FrontendType mandatory in require_module_access
The require_module_access dependency was using path-based detection to determine admin vs vendor authentication, which failed for API routes (/api/v1/admin/*) because it only checked for /admin/*. Changes: - Make frontend_type parameter mandatory (was optional with fallback) - Remove path-based detection logic from require_module_access - Update all 33 module route files to pass explicit FrontendType: - 15 admin routes use FrontendType.ADMIN - 18 vendor routes use FrontendType.VENDOR This ensures authentication method is explicitly declared at route definition time, making it independent of URL structure and future-proof for API version changes. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
@@ -19,6 +19,7 @@ from sqlalchemy.orm import Session
|
||||
from app.api.deps import get_current_admin_api, require_module_access
|
||||
from app.core.database import get_db
|
||||
from app.exceptions import ResourceNotFoundException, ValidationException
|
||||
from app.modules.enums import FrontendType
|
||||
from app.modules.orders.exceptions import OrderHasUnresolvedExceptionsException
|
||||
from app.modules.orders.services.order_item_exception_service import order_item_exception_service
|
||||
from app.modules.marketplace.services.letzshop import (
|
||||
@@ -65,7 +66,7 @@ from app.modules.marketplace.schemas import (
|
||||
|
||||
admin_letzshop_router = APIRouter(
|
||||
prefix="/letzshop",
|
||||
dependencies=[Depends(require_module_access("marketplace"))],
|
||||
dependencies=[Depends(require_module_access("marketplace", FrontendType.ADMIN))],
|
||||
)
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
@@ -12,6 +12,7 @@ from sqlalchemy.orm import Session
|
||||
|
||||
from app.api.deps import get_current_admin_api, require_module_access
|
||||
from app.core.database import get_db
|
||||
from app.modules.enums import FrontendType
|
||||
from app.modules.marketplace.services.marketplace_import_job_service import marketplace_import_job_service
|
||||
from app.modules.analytics.services.stats_service import stats_service
|
||||
from app.modules.tenancy.services.vendor_service import vendor_service
|
||||
@@ -29,7 +30,7 @@ from app.modules.analytics.schemas import ImportStatsResponse
|
||||
|
||||
admin_marketplace_router = APIRouter(
|
||||
prefix="/marketplace-import-jobs",
|
||||
dependencies=[Depends(require_module_access("marketplace"))],
|
||||
dependencies=[Depends(require_module_access("marketplace", FrontendType.ADMIN))],
|
||||
)
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
@@ -20,12 +20,13 @@ from sqlalchemy.orm import Session
|
||||
|
||||
from app.api.deps import get_current_admin_api, require_module_access
|
||||
from app.core.database import get_db
|
||||
from app.modules.enums import FrontendType
|
||||
from app.modules.marketplace.services.marketplace_product_service import marketplace_product_service
|
||||
from models.schema.auth import UserContext
|
||||
|
||||
admin_products_router = APIRouter(
|
||||
prefix="/products",
|
||||
dependencies=[Depends(require_module_access("marketplace"))],
|
||||
dependencies=[Depends(require_module_access("marketplace", FrontendType.ADMIN))],
|
||||
)
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
@@ -30,6 +30,7 @@ from app.modules.marketplace.services.letzshop import (
|
||||
LetzshopOrderService,
|
||||
OrderNotFoundError,
|
||||
)
|
||||
from app.modules.enums import FrontendType
|
||||
from models.schema.auth import UserContext
|
||||
from app.modules.marketplace.schemas import (
|
||||
FulfillmentConfirmRequest,
|
||||
@@ -56,7 +57,7 @@ from app.modules.marketplace.schemas import (
|
||||
|
||||
vendor_letzshop_router = APIRouter(
|
||||
prefix="/letzshop",
|
||||
dependencies=[Depends(require_module_access("marketplace"))],
|
||||
dependencies=[Depends(require_module_access("marketplace", FrontendType.VENDOR))],
|
||||
)
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
@@ -15,6 +15,7 @@ from sqlalchemy.orm import Session
|
||||
|
||||
from app.api.deps import get_current_vendor_api, require_module_access
|
||||
from app.core.database import get_db
|
||||
from app.modules.enums import FrontendType
|
||||
from app.modules.marketplace.services.marketplace_import_job_service import marketplace_import_job_service
|
||||
from app.modules.tenancy.services.vendor_service import vendor_service
|
||||
from middleware.decorators import rate_limit
|
||||
@@ -26,7 +27,7 @@ from app.modules.marketplace.schemas import (
|
||||
|
||||
vendor_marketplace_router = APIRouter(
|
||||
prefix="/marketplace",
|
||||
dependencies=[Depends(require_module_access("marketplace"))],
|
||||
dependencies=[Depends(require_module_access("marketplace", FrontendType.VENDOR))],
|
||||
)
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
@@ -20,6 +20,7 @@ from sqlalchemy.orm import Session
|
||||
|
||||
from app.api.deps import get_current_vendor_api, require_module_access
|
||||
from app.core.database import get_db
|
||||
from app.modules.enums import FrontendType
|
||||
from app.modules.marketplace.services.onboarding_service import OnboardingService
|
||||
from models.schema.auth import UserContext
|
||||
from app.modules.marketplace.schemas import (
|
||||
@@ -41,7 +42,7 @@ from app.modules.marketplace.schemas import (
|
||||
|
||||
vendor_onboarding_router = APIRouter(
|
||||
prefix="/onboarding",
|
||||
dependencies=[Depends(require_module_access("marketplace"))],
|
||||
dependencies=[Depends(require_module_access("marketplace", FrontendType.VENDOR))],
|
||||
)
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user