chihlasm/resolutionflow
1
0
Fork 0
Code Issues 23 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat: tenant isolation Phase 0 — app-layer filters, UUID audit, CI gate #132

Merged
chihlasm merged 22 commits from feat/tenant-isolation-phase-0 into main 2026-04-09 04:42:19 +00:00
Conversation 1 Commits 22 Files Changed 17 +14 -14
1 changed files with 14 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 7d262c5b0c - Show all commits

28
backend/app/api/endpoints/sessions.py
View File

@@ -143,8 +143,8 @@ async def get_session(
if session.user_id != current_user.id and session.assigned_to_id != current_user.id: if session.user_id != current_user.id and session.assigned_to_id != current_user.id:
raise HTTPException( raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN, status_code=status.HTTP_404_NOT_FOUND,
detail="You don't have access to this session" detail="Session not found"
) )
return session return session
@@ -234,8 +234,8 @@ async def update_session(
if session.user_id != current_user.id and session.assigned_to_id != current_user.id: if session.user_id != current_user.id and session.assigned_to_id != current_user.id:
raise HTTPException( raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN, status_code=status.HTTP_404_NOT_FOUND,
detail="You don't have access to this session" detail="Session not found"
) )
if session.completed_at: if session.completed_at:
@@ -281,8 +281,8 @@ async def complete_session(
if session.user_id != current_user.id and session.assigned_to_id != current_user.id: if session.user_id != current_user.id and session.assigned_to_id != current_user.id:
raise HTTPException( raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN, status_code=status.HTTP_404_NOT_FOUND,
detail="You don't have access to this session" detail="Session not found"
) )
if session.completed_at: if session.completed_at:
@@ -319,8 +319,8 @@ async def update_scratchpad(
if session.user_id != current_user.id and session.assigned_to_id != current_user.id: if session.user_id != current_user.id and session.assigned_to_id != current_user.id:
raise HTTPException( raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN, status_code=status.HTTP_404_NOT_FOUND,
detail="You don't have access to this session" detail="Session not found"
) )
session.scratchpad = data.scratchpad session.scratchpad = data.scratchpad
@@ -348,8 +348,8 @@ async def update_session_variables(
if session.user_id != current_user.id and session.assigned_to_id != current_user.id: if session.user_id != current_user.id and session.assigned_to_id != current_user.id:
raise HTTPException( raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN, status_code=status.HTTP_404_NOT_FOUND,
detail="You don't have access to this session" detail="Session not found"
) )
if session.completed_at: if session.completed_at:
@@ -387,8 +387,8 @@ async def export_session(
if session.user_id != current_user.id and session.assigned_to_id != current_user.id: if session.user_id != current_user.id and session.assigned_to_id != current_user.id:
raise HTTPException( raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN, status_code=status.HTTP_404_NOT_FOUND,
detail="You don't have access to this session" detail="Session not found"
) )
# PDF export — separate path with binary response # PDF export — separate path with binary response
@@ -830,8 +830,8 @@ async def link_ticket(
if session.user_id != current_user.id and session.assigned_to_id != current_user.id: if session.user_id != current_user.id and session.assigned_to_id != current_user.id:
if not current_user.is_super_admin: if not current_user.is_super_admin:
raise HTTPException( raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN, status_code=status.HTTP_404_NOT_FOUND,
detail="You don't have access to this session", detail="Session not found",
) )
# Unlink # Unlink