Refactor account and permission handling: Simplified account filtering logic in AccountModelViewSet and removed redundant admin/system user checks from permissions. Enhanced user access methods to streamline site access verification and improved error handling for account context requirements. Updated throttling logic to eliminate unnecessary system account bypass conditions.

2025-12-08 05:23:06 +00:00
parent f0066b6e7d
commit 6dcbc651dd
12 changed files with 483 additions and 324 deletions
--- a/backend/igny8_core/api/throttles.py
+++ b/backend/igny8_core/api/throttles.py
@@ -41,23 +41,12 @@ class DebugScopedRateThrottle(ScopedRateThrottle):
                if not request.user or not hasattr(request.user, 'is_authenticated') or not request.user.is_authenticated:
                    public_blueprint_bypass = True
        
-        # Bypass for authenticated users (avoid user-facing 429s) and system accounts
-        system_account_bypass = False
+        # Bypass for authenticated users (avoid user-facing 429s)
        authenticated_bypass = False
        if hasattr(request, 'user') and request.user and hasattr(request.user, 'is_authenticated') and request.user.is_authenticated:
            authenticated_bypass = True  # Do not throttle logged-in users
-            try:
-                # Check if user is in system account (aws-admin, default-account, default)
-                if hasattr(request.user, 'is_system_account_user') and request.user.is_system_account_user():
-                    system_account_bypass = True
-                # Also bypass for admin/developer roles
-                elif hasattr(request.user, 'is_admin_or_developer') and request.user.is_admin_or_developer():
-                    system_account_bypass = True
-            except (AttributeError, Exception):
-                # If checking fails, continue with normal throttling
-                pass
        
-        if debug_bypass or env_bypass or system_account_bypass or public_blueprint_bypass or authenticated_bypass:
+        if debug_bypass or env_bypass or public_blueprint_bypass or authenticated_bypass:
            # In debug mode or for system accounts, still set throttle headers but don't actually throttle
            # This allows testing throttle headers without blocking requests
            if hasattr(self, 'get_rate'):