Refactor API permissions and throttling: Updated default permission classes to enforce authentication and tenant access. Introduced new permission for system accounts and developers. Enhanced throttling rates for various operations to reduce false 429 errors. Improved API key loading logic to prioritize account-specific settings, with fallbacks to system accounts and Django settings. Updated integration views and sidebar to reflect new permission structure.

2025-12-07 17:23:42 +00:00
parent 3cbed65601
commit 65fea95d33
15 changed files with 374 additions and 71 deletions
--- a/backend/igny8_core/ai/ai_core.py
+++ b/backend/igny8_core/ai/ai_core.py
@@ -43,32 +43,48 @@ class AICore:
        self._load_account_settings()
    
    def _load_account_settings(self):
-        """Load API keys and model from IntegrationSettings or Django settings"""
-        if self.account:
+        """Load API keys from IntegrationSettings with fallbacks (account -> system account -> Django settings)"""
+        def get_system_account():
+            try:
+                from igny8_core.auth.models import Account
+                for slug in ['aws-admin', 'default-account', 'default']:
+                    acct = Account.objects.filter(slug=slug).first()
+                    if acct:
+                        return acct
+            except Exception:
+                return None
+            return None
+
+        def get_integration_key(integration_type: str, account):
+            if not account:
+                return None
            try:
                from igny8_core.modules.system.models import IntegrationSettings
-                
-                # Load OpenAI settings
-                openai_settings = IntegrationSettings.objects.filter(
-                    integration_type='openai',
-                    account=self.account,
+                settings_obj = IntegrationSettings.objects.filter(
+                    integration_type=integration_type,
+                    account=account,
                    is_active=True
                ).first()
-                if openai_settings and openai_settings.config:
-                    self._openai_api_key = openai_settings.config.get('apiKey')
-                
-                # Load Runware settings
-                runware_settings = IntegrationSettings.objects.filter(
-                    integration_type='runware',
-                    account=self.account,
-                    is_active=True
-                ).first()
-                if runware_settings and runware_settings.config:
-                    self._runware_api_key = runware_settings.config.get('apiKey')
+                if settings_obj and settings_obj.config:
+                    return settings_obj.config.get('apiKey')
            except Exception as e:
-                logger.warning(f"Could not load account settings: {e}", exc_info=True)
-        
-        # Fallback to Django settings for API keys only (no model fallback)
+                logger.warning(f"Could not load {integration_type} settings for account {getattr(account, 'id', None)}: {e}", exc_info=True)
+            return None
+
+        # 1) Account-specific keys
+        if self.account:
+            self._openai_api_key = get_integration_key('openai', self.account)
+            self._runware_api_key = get_integration_key('runware', self.account)
+
+        # 2) Fallback to system account keys (shared across tenants)
+        if not self._openai_api_key or not self._runware_api_key:
+            system_account = get_system_account()
+            if not self._openai_api_key:
+                self._openai_api_key = get_integration_key('openai', system_account)
+            if not self._runware_api_key:
+                self._runware_api_key = get_integration_key('runware', system_account)
+
+        # 3) Fallback to Django settings
        if not self._openai_api_key:
            self._openai_api_key = getattr(settings, 'OPENAI_API_KEY', None)
        if not self._runware_api_key: