From 0bda590537c475709ff5df2f943ea9eba1f95036 Mon Sep 17 00:00:00 2001 From: chihlasm Date: Mon, 13 Apr 2026 07:47:42 +0000 Subject: [PATCH] fix: use get_admin_db for all new admin account endpoints MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit All admin endpoints query across tenants without a tenant context. get_db (app-role, subject to RLS) was never imported and would crash at runtime — replace all 6 occurrences with get_admin_db (BYPASSRLS). Co-Authored-By: Claude Sonnet 4.6 --- backend/app/api/endpoints/admin.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/backend/app/api/endpoints/admin.py b/backend/app/api/endpoints/admin.py index 455b55ca..eb2d1280 100644 --- a/backend/app/api/endpoints/admin.py +++ b/backend/app/api/endpoints/admin.py @@ -153,7 +153,7 @@ async def list_users( @router.get("/accounts", response_model=AdminAccountListResponse) async def list_accounts( - db: Annotated[AsyncSession, Depends(get_db)], + db: Annotated[AsyncSession, Depends(get_admin_db)], current_user: Annotated[User, Depends(require_admin)], page: int = Query(1, ge=1), size: int = Query(12, ge=1, le=100), @@ -427,7 +427,7 @@ async def _get_account_detail_payload( @router.post("/accounts", response_model=AdminAccountDetailResponse, status_code=status.HTTP_201_CREATED) async def create_account( data: AdminAccountCreate, - db: Annotated[AsyncSession, Depends(get_db)], + db: Annotated[AsyncSession, Depends(get_admin_db)], current_user: Annotated[User, Depends(require_admin)], ): """Create a new account without requiring an initial user.""" @@ -457,7 +457,7 @@ async def create_account( @router.get("/accounts/{account_id}", response_model=AdminAccountDetailResponse) async def get_account_detail( account_id: UUID, - db: Annotated[AsyncSession, Depends(get_db)], + db: Annotated[AsyncSession, Depends(get_admin_db)], current_user: Annotated[User, Depends(require_admin)], include_archived: bool = Query(False), ): @@ -469,7 +469,7 @@ async def get_account_detail( async def update_account( account_id: UUID, data: AdminAccountUpdate, - db: Annotated[AsyncSession, Depends(get_db)], + db: Annotated[AsyncSession, Depends(get_admin_db)], current_user: Annotated[User, Depends(require_admin)], ): """Update account settings from the admin panel.""" @@ -978,7 +978,7 @@ async def update_user_plan( async def update_account_plan( account_id: UUID, data: SubscriptionPlanUpdate, - db: Annotated[AsyncSession, Depends(get_db)], + db: Annotated[AsyncSession, Depends(get_admin_db)], current_user: Annotated[User, Depends(require_admin)], ): """Change an account subscription plan (super admin only).""" @@ -1033,7 +1033,7 @@ async def extend_user_trial( async def extend_account_trial( account_id: UUID, data: ExtendTrialRequest, - db: Annotated[AsyncSession, Depends(get_db)], + db: Annotated[AsyncSession, Depends(get_admin_db)], current_user: Annotated[User, Depends(require_admin)], ): """Extend or start a trial for an account subscription (super admin only)."""