Primo commit

2026-01-13 11:20:12 +01:00
parent ce9e2fdf2a
commit 17453f5d13
51 changed files with 3883 additions and 2508 deletions
--- a/utils/auth_middleware.py
+++ b/utils/auth_middleware.py
@@ -161,17 +161,18 @@ def require_manager_or_admin(user=Depends(get_current_user)):
 def check_manager_access_to_user(current_user, target_user, db: Session) -> bool:
    """
    Check if current_user (manager) has access to target_user.
-    Admins always have access. Managers can only access users they manage.
+    Admins always have access. Managers can only access users in their Office.
    Returns True if access granted, raises HTTPException if not.
    """
    if current_user.role == "admin":
        return True

    if current_user.role == "manager":
-        if target_user.manager_id != current_user.id:
+        # Access granted if they are in the same office
+        if not current_user.office_id or target_user.office_id != current_user.office_id:
            raise HTTPException(
                status_code=status.HTTP_403_FORBIDDEN,
-                detail="User is not managed by you"
+                detail="User is not in your office"
            )
        return True

--- a/utils/helpers.py
+++ b/utils/helpers.py
@@ -5,6 +5,7 @@ Common helpers used across the application
 import uuid
 import re
 from typing import TYPE_CHECKING
+from database.models import UserRole

 from app import config

@@ -24,7 +25,7 @@ def is_ldap_user(user: "User") -> bool:

 def is_ldap_admin(user: "User") -> bool:
    """Check if user is an LDAP-managed admin"""
-    return is_ldap_user(user) and user.role == "admin"
+    return is_ldap_user(user) and user.role == UserRole.ADMIN


 def validate_password(password: str) -> list[str]:
--- a/utils/promote_admins.py
+++ b/utils/promote_admins.py
@@ -0,0 +1,28 @@
+import sys
+import os
+from dotenv import load_dotenv
+
+# Add parent directory to path to allow importing from root
+sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
+
+# Load environment variables first
+load_dotenv()
+
+from database.connection import get_db_session
+from database.models import User, UserRole
+
+def promote_all_users():
+    print("Promoting all users to ADMIN...")
+    with get_db_session() as db:
+        users = db.query(User).all()
+        count = 0
+        for user in users:
+            if user.role != UserRole.ADMIN:
+                user.role = UserRole.ADMIN
+                count += 1
+        
+        db.commit()
+        print(f"Promoted {count} users to ADMIN.")
+
+if __name__ == "__main__":
+    promote_all_users()