3ff886363c
Phase 4 enabled RLS on the users table. All code paths that touch users (or other RLS-protected tables) before require_tenant_context sets app.current_account_id must use get_admin_db (BYPASSRLS): - deps.py: get_current_user and get_current_active_user → get_admin_db - auth.py: all endpoints → get_admin_db (login, register, refresh, etc. run before tenant context exists; mutation endpoints also need session consistency since current_user is in the admin session) - accounts.py: transfer_ownership, leave_account, delete_account → get_admin_db (these mutate current_user directly) - onboarding.py: dismiss_onboarding → get_admin_db (same reason) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
3.9 KiB
3.9 KiB