orion

Author	SHA1	Message	Date
Samir Boulahtit	4aa6f76e46	refactor(arch): move auth schemas to tenancy module and add cross-module service methods Some checks failed CI / validate (push) Has been cancelled Details CI / dependency-scanning (push) Has been cancelled Details CI / docs (push) Has been cancelled Details CI / deploy (push) Has been cancelled Details CI / pytest (push) Has been cancelled Details CI / ruff (push) Successful in 10s Details Move all auth schemas (UserContext, UserLogin, LoginResponse, etc.) from legacy models/schema/auth.py to app/modules/tenancy/schemas/auth.py per MOD-019. Update 84 import sites across 14 modules. Legacy file now re-exports for backwards compatibility. Add missing tenancy service methods for cross-module consumers: - merchant_service.get_merchant_by_owner_id() - merchant_service.get_merchant_count_for_owner() - admin_service.get_user_by_id() (public, was private-only) - platform_service.get_active_store_count() Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-26 23:57:04 +01:00
Samir Boulahtit	1eef69f300	ci: add security/performance/audit validators to pre-commit and CI Some checks failed CI / ruff (push) Successful in 10s Details CI / validate (push) Has been cancelled Details CI / dependency-scanning (push) Has been cancelled Details CI / docs (push) Has been cancelled Details CI / deploy (push) Has been cancelled Details CI / pytest (push) Has started running Details - Add validate-security, validate-performance, validate-audit hooks to .pre-commit-config.yaml (previously only architecture was checked) - Break single "Run all validators" CI step into 4 explicit steps (architecture, security, performance, audit) for clearer pipeline output - Add noqa: SEC001 suppressions for test fixture hashed_password values Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-19 22:49:04 +01:00
Samir Boulahtit	1dcb0e6c33	feat: RBAC Phase 1 — consolidate user roles into 4-value enum Some checks failed CI / ruff (push) Successful in 11s Details CI / validate (push) Has been cancelled Details CI / dependency-scanning (push) Has been cancelled Details CI / docs (push) Has been cancelled Details CI / deploy (push) Has been cancelled Details CI / pytest (push) Has been cancelled Details Consolidate User.role (2-value: admin/store) + User.is_super_admin (boolean) into a single 4-value UserRole enum: super_admin, platform_admin, merchant_owner, store_member. Drop stale StoreUser.user_type column. Fix role="user" bug in merchant creation. Key changes: - Expand UserRole enum from 2 to 4 values with computed properties (is_admin, is_super_admin, is_platform_admin, is_merchant_owner, is_store_user) - Add Alembic migration (tenancy_003) for data migration + column drops - Remove is_super_admin from JWT token payload - Update all auth dependencies, services, routes, templates, JS, and tests - Update all RBAC documentation 66 files changed, 1219 unit tests passing. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-19 22:44:29 +01:00
Samir Boulahtit	ffa12f0255	test: complete remaining deps.py phases — platform, module, merchant, customer, permissions Add 16 tests covering: require_platform_access (super admin bypass, platform admin with/without access), get_admin_with_platform_context, require_module_access (super admin bypass, enabled/disabled module), and get_user_permissions (owner gets all, member gets specific, empty). Total: 89 tests for app/api/deps.py (all 31 functions covered). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-19 17:49:42 +01:00
Samir Boulahtit	93731b7173	test: add 73 unit tests for app/api/deps.py auth dependencies Cover all core authentication paths: helpers (_get_token_from_request, _validate_user_token, _get_user_model, _validate_customer_token), admin/store/merchant/customer auth (cookie + header + API variants), optional auth, store permission factories, and store ownership checks. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-19 17:38:31 +01:00

5 Commits