chihlasm/resolutionflow
1
0
Fork 0
Code Issues 23 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat(deps): add require_active_subscription guard with allowlist

Browse Source 
Mounts on Pro routers (trees, sessions, scripts, FlowPilot, etc.) and
returns 402 with structured detail when an account's subscription is
missing or locked. Allowlist bypasses billing/account/auth flows so
users can recover from a lapsed subscription.

Conftest now seeds a default Pro/active Subscription on test_user and
test_admin (delete-then-insert because the register endpoint already
creates a free/active sub by default). Two existing tests adapted to
the new seeded plan; tenant-isolation tests seed Subscription rows for
the accounts they create directly.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Michael Chihlas
2026-05-06 14:35:59 -04:00
parent cfe0e6cae6
commit 9ec208f6e7
7 changed files with 245 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
backend/tests/test_tenant_isolation_p0.py
View File

@@ -12,13 +12,18 @@ from sqlalchemy.ext.asyncio import AsyncSession
from app.models.account import Account
from app.models.user import User
from app.models.tree import Tree
from app.models.subscription import Subscription
from app.core.security import get_password_hash
# ── Helpers ──────────────────────────────────────────────────────────────────
async def _create_account_and_user(db: AsyncSession, prefix: str):
"""Create a fresh account + engineer user. Returns (account, user, plain_password)."""
"""Create a fresh account + engineer user. Returns (account, user, plain_password).
Seeds a default active Pro Subscription for the account so requests pass
the require_active_subscription guard added in Phase 1 Task 11.
"""
password = "TestPass123!"
account = Account(
name=f"{prefix}-corp",
@@ -36,6 +41,7 @@ async def _create_account_and_user(db: AsyncSession, prefix: str):
account_role="engineer",
)
db.add(user)
db.add(Subscription(account_id=account.id, plan="pro", status="active"))
await db.flush()
return account, user, password
@@ -168,6 +174,7 @@ async def test_ai_session_search_cannot_see_other_users_sessions(
account = Account(name="Shared Corp", display_code=uuid.uuid4().hex[:8])
test_db.add(account)
await test_db.flush()
test_db.add(Subscription(account_id=account.id, plan="pro", status="active"))
password = "TestPass123!"
user_a = User(