Refactor API permissions and throttling: Updated default permission classes to enforce authentication and tenant access. Introduced new permission for system accounts and developers. Enhanced throttling rates for various operations to reduce false 429 errors. Improved API key loading logic to prioritize account-specific settings, with fallbacks to system accounts and Django settings. Updated integration views and sidebar to reflect new permission structure.

2025-12-07 17:23:42 +00:00
parent 3cbed65601
commit 65fea95d33
15 changed files with 374 additions and 71 deletions
--- a/frontend/src/layout/AppSidebar.tsx
+++ b/frontend/src/layout/AppSidebar.tsx
@@ -43,10 +43,12 @@ const AppSidebar: React.FC = () => {
  const { user, isAuthenticated } = useAuthStore();
  const { moduleEnableSettings, isModuleEnabled: checkModuleEnabled, loadModuleEnableSettings, loading: settingsLoading } = useSettingsStore();
  
-  // Show admin menu only for users in aws-admin account
+  // Show admin menu only for system account (aws-admin/default) or developer
  const isAwsAdminAccount = Boolean(
-    user?.account?.slug === 'aws-admin' || 
-    user?.role === 'developer' // Also show for developers as fallback
+    user?.account?.slug === 'aws-admin' ||
+    user?.account?.slug === 'default-account' ||
+    user?.account?.slug === 'default' ||
+    user?.role === 'developer'
  );
  
  // Helper to check if module is enabled - memoized to prevent infinite loops
@@ -226,10 +228,12 @@ const AppSidebar: React.FC = () => {
            name: "Profile Settings",
            path: "/settings/profile",
          },
+          // Integration is admin-only; hide for non-privileged users (handled in render)
          {
            icon: <PlugInIcon />,
            name: "Integration",
            path: "/settings/integration",
+            adminOnly: true,
          },
          {
            icon: <PageIcon />,
@@ -327,9 +331,17 @@ const AppSidebar: React.FC = () => {

  // Combine all sections, including admin if user is in aws-admin account
  const allSections = useMemo(() => {
+    const baseSections = menuSections.map(section => {
+      // Filter adminOnly items for non-system users
+      const filteredItems = section.items.filter((item: any) => {
+        if ((item as any).adminOnly && !isAwsAdminAccount) return false;
+        return true;
+      });
+      return { ...section, items: filteredItems };
+    });
    return isAwsAdminAccount 
-      ? [...menuSections, adminSection]
-      : menuSections;
+      ? [...baseSections, adminSection]
+      : baseSections;
  }, [isAwsAdminAccount, menuSections, adminSection]);

  useEffect(() => {