sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: platform admin authentication and UserContext completeness

Browse Source 
Issues fixed:
- Platform selection returned LoginResponse requiring user timestamps,
  but UserContext doesn't have created_at/updated_at. Created dedicated
  PlatformSelectResponse that returns only token and platform info.

- UserContext was missing platform context fields (token_platform_id,
  token_platform_code). JWT token included them but they weren't
  extracted into UserContext, causing fallback warnings.

- admin_menu_config.py accessed admin_platforms (SQLAlchemy relationship)
  on UserContext (Pydantic schema). Changed to use accessible_platform_ids.

- Static file mount order in main.py caused 404 for locale files.
  More specific paths (/static/modules/X/locales) must be mounted
  before less specific paths (/static/modules/X).

Changes:
- models/schema/auth.py: Add PlatformSelectResponse, token_platform_id,
  token_platform_code, can_access_platform(), get_accessible_platform_ids()
- admin_auth.py: Use PlatformSelectResponse for select-platform endpoint
- admin_platform_service.py: Accept User | UserContext in validation
- admin_menu_config.py: Use accessible_platform_ids instead of admin_platforms
- main.py: Mount locales before static for correct path priority

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Samir Boulahtit
2026-02-02 22:31:35 +01:00
parent 9a0dd84035
commit b935592430
6 changed files with 344 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
app/modules/core/routes/api/admin_menu_config.py
View File

@@ -431,14 +431,14 @@ async def get_rendered_admin_menu(
else:
# Platform admin: use platform-level config
# Get the selected platform from the JWT token
platform_id = getattr(current_user, "token_platform_id", None)
platform_id = current_user.token_platform_id
# Fallback to first platform if no platform in token (shouldn't happen)
if platform_id is None and current_user.admin_platforms:
platform_id = current_user.admin_platforms[0].id
# Fallback to first accessible platform if no platform in token (shouldn't happen)
if platform_id is None and current_user.accessible_platform_ids:
platform_id = current_user.accessible_platform_ids[0]
logger.warning(
f"[MENU_CONFIG] No platform_id in token for {current_user.email}, "
f"falling back to first platform: {platform_id}"
f"falling back to first accessible platform: {platform_id}"
)
menu = menu_service.get_menu_for_rendering(