chihlasm/resolutionflow
1
0
Fork 0
Code Issues 23 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix: use get_admin_db for all new admin account endpoints

Browse Source 
All admin endpoints query across tenants without a tenant context.
get_db (app-role, subject to RLS) was never imported and would crash
at runtime — replace all 6 occurrences with get_admin_db (BYPASSRLS).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
chihlasm
2026-04-13 07:47:42 +00:00
parent 2dbb8b6abf
commit 0bda590537
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
backend/app/api/endpoints/admin.py
View File

@@ -153,7 +153,7 @@ async def list_users(
@router.get("/accounts", response_model=AdminAccountListResponse) @router.get("/accounts", response_model=AdminAccountListResponse)
async def list_accounts( async def list_accounts(
db: Annotated[AsyncSession, Depends(get_db)], db: Annotated[AsyncSession, Depends(get_admin_db)],
current_user: Annotated[User, Depends(require_admin)], current_user: Annotated[User, Depends(require_admin)],
page: int = Query(1, ge=1), page: int = Query(1, ge=1),
size: int = Query(12, ge=1, le=100), size: int = Query(12, ge=1, le=100),
@@ -427,7 +427,7 @@ async def _get_account_detail_payload(
@router.post("/accounts", response_model=AdminAccountDetailResponse, status_code=status.HTTP_201_CREATED) @router.post("/accounts", response_model=AdminAccountDetailResponse, status_code=status.HTTP_201_CREATED)
async def create_account( async def create_account(
data: AdminAccountCreate, data: AdminAccountCreate,
db: Annotated[AsyncSession, Depends(get_db)], db: Annotated[AsyncSession, Depends(get_admin_db)],
current_user: Annotated[User, Depends(require_admin)], current_user: Annotated[User, Depends(require_admin)],
): ):
"""Create a new account without requiring an initial user.""" """Create a new account without requiring an initial user."""
@@ -457,7 +457,7 @@ async def create_account(
@router.get("/accounts/{account_id}", response_model=AdminAccountDetailResponse) @router.get("/accounts/{account_id}", response_model=AdminAccountDetailResponse)
async def get_account_detail( async def get_account_detail(
account_id: UUID, account_id: UUID,
db: Annotated[AsyncSession, Depends(get_db)], db: Annotated[AsyncSession, Depends(get_admin_db)],
current_user: Annotated[User, Depends(require_admin)], current_user: Annotated[User, Depends(require_admin)],
include_archived: bool = Query(False), include_archived: bool = Query(False),
): ):
@@ -469,7 +469,7 @@ async def get_account_detail(
async def update_account( async def update_account(
account_id: UUID, account_id: UUID,
data: AdminAccountUpdate, data: AdminAccountUpdate,
db: Annotated[AsyncSession, Depends(get_db)], db: Annotated[AsyncSession, Depends(get_admin_db)],
current_user: Annotated[User, Depends(require_admin)], current_user: Annotated[User, Depends(require_admin)],
): ):
"""Update account settings from the admin panel.""" """Update account settings from the admin panel."""
@@ -978,7 +978,7 @@ async def update_user_plan(
async def update_account_plan( async def update_account_plan(
account_id: UUID, account_id: UUID,
data: SubscriptionPlanUpdate, data: SubscriptionPlanUpdate,
db: Annotated[AsyncSession, Depends(get_db)], db: Annotated[AsyncSession, Depends(get_admin_db)],
current_user: Annotated[User, Depends(require_admin)], current_user: Annotated[User, Depends(require_admin)],
): ):
"""Change an account subscription plan (super admin only).""" """Change an account subscription plan (super admin only)."""
@@ -1033,7 +1033,7 @@ async def extend_user_trial(
async def extend_account_trial( async def extend_account_trial(
account_id: UUID, account_id: UUID,
data: ExtendTrialRequest, data: ExtendTrialRequest,
db: Annotated[AsyncSession, Depends(get_db)], db: Annotated[AsyncSession, Depends(get_admin_db)],
current_user: Annotated[User, Depends(require_admin)], current_user: Annotated[User, Depends(require_admin)],
): ):
"""Extend or start a trial for an account subscription (super admin only).""" """Extend or start a trial for an account subscription (super admin only)."""