orion

Author	SHA1	Message	Date
Samir Boulahtit	1dcb0e6c33	feat: RBAC Phase 1 — consolidate user roles into 4-value enum Some checks failed CI / ruff (push) Successful in 11s Details CI / validate (push) Has been cancelled Details CI / dependency-scanning (push) Has been cancelled Details CI / docs (push) Has been cancelled Details CI / deploy (push) Has been cancelled Details CI / pytest (push) Has been cancelled Details Consolidate User.role (2-value: admin/store) + User.is_super_admin (boolean) into a single 4-value UserRole enum: super_admin, platform_admin, merchant_owner, store_member. Drop stale StoreUser.user_type column. Fix role="user" bug in merchant creation. Key changes: - Expand UserRole enum from 2 to 4 values with computed properties (is_admin, is_super_admin, is_platform_admin, is_merchant_owner, is_store_user) - Add Alembic migration (tenancy_003) for data migration + column drops - Remove is_super_admin from JWT token payload - Update all auth dependencies, services, routes, templates, JS, and tests - Update all RBAC documentation 66 files changed, 1219 unit tests passing. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-19 22:44:29 +01:00
Samir Boulahtit	1b8a40f1ff	feat(validators): add noqa suppression support to security and performance validators All checks were successful CI / dependency-scanning (push) Successful in 27s Details CI / docs (push) Successful in 35s Details CI / ruff (push) Successful in 8s Details CI / pytest (push) Successful in 34m22s Details CI / validate (push) Successful in 19s Details CI / deploy (push) Successful in 2m25s Details - Add centralized _is_noqa_suppressed() to BaseValidator with normalization (accepts both SEC001 and SEC-001 formats for ruff compatibility) - Wire noqa support into all 21 security and 18 performance check functions - Add ruff external config for SEC/PERF/MOD/EXC codes in pyproject.toml - Convert all 280 Python noqa comments to dashless format (ruff-compatible) - Add site/ to IGNORE_PATTERNS (excludes mkdocs build output) - Suppress 152 false positive findings (test passwords, seed data, validator self-references, Apple Wallet SHA1, etc.) - Security: 79 errors → 0, 60 warnings → 0 - Performance: 80 warnings → 77 (3 test script suppressions) - Add proposal doc with noqa inventory and remaining findings recommendations Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-14 22:56:56 +01:00
Samir Boulahtit	688896d856	fix: add .dockerignore and env_file to docker-compose Some checks failed CI / ruff (push) Successful in 9s Details CI / architecture (push) Has been cancelled Details CI / dependency-scanning (push) Has been cancelled Details CI / audit (push) Has been cancelled Details CI / docs (push) Has been cancelled Details CI / deploy (push) Has been cancelled Details CI / pytest (push) Has been cancelled Details Prevents .env from being baked into Docker image (was overriding config defaults). Adds env_file directive so containers load host .env properly. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-14 20:01:21 +01:00
Samir Boulahtit	d1fe3584ff	fix(billing): complete billing module — fix tier change, platform support, merchant portal - Fix admin tier change: resolve tier_code→tier_id in update_subscription(), delegate to billing_service.change_tier() for Stripe-connected subs - Add platform support to admin tiers page: platform column, filter dropdown, platform selector in create/edit modal, platform_name in tier API response - Filter used platforms in create subscription modal on merchant detail page - Enrich merchant portal API responses with tier code, tier_name, platform_name - Add eager-load of platform relationship in get_merchant_subscription() - Remove stale store_name/store_code references from merchant templates - Add merchant tier change endpoint (POST /change-tier) and tier selector UI replacing broken requestUpgrade() button - Fix subscription detail link to use platform_id instead of sub.id Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-10 20:49:48 +01:00

4 Commits