Implement security enhancements and unified response formats across API endpoints. Update permission classes for various ViewSets to ensure proper tenant isolation and compliance with API standards. Refactor authentication endpoints to utilize success and error response helpers, improving error tracking and response consistency. Complete documentation updates reflecting these changes and achieving full compliance with API Standard v1.0.

backend/igny8_core/auth/views.py

@@ -16,6 +16,7 @@ from igny8_core.api.authentication import JWTAuthentication, CSRFExemptSessionAu
 from igny8_core.api.response import success_response, error_response
 from igny8_core.api.throttles import DebugScopedRateThrottle
 from igny8_core.api.pagination import CustomPageNumberPagination
+from igny8_core.api.permissions import IsAuthenticatedAndActive, HasTenantAccess
 from .models import User, Account, Plan, Subscription, Site, Sector, SiteUserAccess, Industry, IndustrySector, SeedKeyword
 from .serializers import (
     UserSerializer, AccountSerializer, PlanSerializer, SubscriptionSerializer,
@@ -140,7 +141,7 @@ class UsersViewSet(AccountModelViewSet):
     """
     queryset = User.objects.all()
     serializer_class = UserSerializer
-    permission_classes = [IsOwnerOrAdmin]
+    permission_classes = [IsAuthenticatedAndActive, HasTenantAccess, IsOwnerOrAdmin]
     pagination_class = CustomPageNumberPagination
     throttle_scope = 'auth'
     throttle_classes = [DebugScopedRateThrottle]
@@ -274,7 +275,7 @@ class AccountsViewSet(AccountModelViewSet):
     """
     queryset = Account.objects.all()
     serializer_class = AccountSerializer
-    permission_classes = [IsOwnerOrAdmin]
+    permission_classes = [IsAuthenticatedAndActive, HasTenantAccess, IsOwnerOrAdmin]
     pagination_class = CustomPageNumberPagination
     throttle_scope = 'auth'
     throttle_classes = [DebugScopedRateThrottle]
@@ -338,7 +339,7 @@ class SubscriptionsViewSet(AccountModelViewSet):
     Unified API Standard v1.0 compliant
     """
     queryset = Subscription.objects.all()
-    permission_classes = [IsOwnerOrAdmin]
+    permission_classes = [IsAuthenticatedAndActive, HasTenantAccess, IsOwnerOrAdmin]
     pagination_class = CustomPageNumberPagination
     throttle_scope = 'auth'
     throttle_classes = [DebugScopedRateThrottle]
@@ -400,7 +401,7 @@ class SiteUserAccessViewSet(AccountModelViewSet):
     Unified API Standard v1.0 compliant
     """
     serializer_class = SiteUserAccessSerializer
-    permission_classes = [IsOwnerOrAdmin]
+    permission_classes = [IsAuthenticatedAndActive, HasTenantAccess, IsOwnerOrAdmin]
     pagination_class = CustomPageNumberPagination
     throttle_scope = 'auth'
     throttle_classes = [DebugScopedRateThrottle]
@@ -472,7 +473,7 @@ class PlanViewSet(viewsets.ReadOnlyModelViewSet):
 class SiteViewSet(AccountModelViewSet):
     """ViewSet for managing Sites."""
     serializer_class = SiteSerializer
-    permission_classes = [IsEditorOrAbove]
+    permission_classes = [IsAuthenticatedAndActive, HasTenantAccess, IsEditorOrAbove]
     authentication_classes = [JWTAuthentication, CSRFExemptSessionAuthentication]
     
     def get_permissions(self):
@@ -715,7 +716,7 @@ class SiteViewSet(AccountModelViewSet):
 class SectorViewSet(AccountModelViewSet):
     """ViewSet for managing Sectors."""
     serializer_class = SectorSerializer
-    permission_classes = [IsEditorOrAbove]
+    permission_classes = [IsAuthenticatedAndActive, HasTenantAccess, IsEditorOrAbove]
     authentication_classes = [JWTAuthentication, CSRFExemptSessionAuthentication]
     
     def get_queryset(self):