feat: add tenant_filter() helper and get_tenant_context dependency

tenant_filter(model, account_id) is the canonical app-layer tenant scoping expression. Every query on a tenant table must use it. build_tree_access_filter and build_step_visibility_filter updated to call tenant_filter() internally for the account_id match. get_tenant_context is a FastAPI dependency that returns account_id or raises 403 if the user has no account — prevents raw access to current_user.account_id and centralises the null check. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-09 03:49:50 +00:00
parent 56775eca04
commit 3c0374378c
2 changed files with 41 additions and 6 deletions
--- a/backend/app/api/deps.py
+++ b/backend/app/api/deps.py
@@ -190,3 +190,20 @@ async def get_plan_limits_for_user(
    """Get plan limits for the current user's account."""
    from app.core.subscriptions import get_user_plan_limits
    return await get_user_plan_limits(current_user.account_id, db)
+
+
+async def get_tenant_context(
+    current_user: Annotated[User, Depends(get_current_active_user)],
+) -> UUID:
+    """Return the current user's account_id.
+
+    Use this dependency instead of reading current_user.account_id directly.
+    Raises 403 if the user has no account association (should not happen in
+    normal flows — users are always associated with an account on registration).
+    """
+    if current_user.account_id is None:
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail="User not associated with any account",
+        )
+    return current_user.account_id