feat(multi-tenancy): implement critical fixes for orphaned users and permissions

- Simplified HasTenantAccess permission logic to ensure every authenticated user has an account.
- Added fallback to system account for OpenAI settings in AI configuration.
- Allowed any authenticated user to check task progress in IntegrationSettingsViewSet.
- Created a script to identify and fix orphaned users without accounts.
- Updated error response handling in business endpoints for clarity.

backend/igny8_core/ai/settings.py

@@ -19,8 +19,8 @@ FUNCTION_ALIASES = {
 
 def get_model_config(function_name: str, account) -> Dict[str, Any]:
     """
-    Get model configuration from IntegrationSettings only.
-    No fallbacks - account must have IntegrationSettings configured.
+    Get model configuration from IntegrationSettings.
+    Falls back to system account (aws-admin) if user account doesn't have settings.
     
     Args:
         function_name: Name of the AI function
@@ -38,17 +38,42 @@ def get_model_config(function_name: str, account) -> Dict[str, Any]:
     # Resolve function alias
     actual_name = FUNCTION_ALIASES.get(function_name, function_name)
     
-    # Get IntegrationSettings for OpenAI
+    # Get IntegrationSettings for OpenAI - try user account first
+    integration_settings = None
     try:
         from igny8_core.modules.system.models import IntegrationSettings
-        integration_settings = IntegrationSettings.objects.get(
+        integration_settings = IntegrationSettings.objects.filter(
             integration_type='openai',
             account=account,
             is_active=True
-        )
-    except IntegrationSettings.DoesNotExist:
+        ).first()
+    except Exception as e:
+        logger.warning(f"Could not load OpenAI settings for account {account.id}: {e}")
+    
+    # Fallback to system account (aws-admin, default-account, or default)
+    if not integration_settings:
+        logger.info(f"No OpenAI settings for account {account.id}, falling back to system account")
+        try:
+            from igny8_core.auth.models import Account
+            from igny8_core.modules.system.models import IntegrationSettings
+            for slug in ['aws-admin', 'default-account', 'default']:
+                system_account = Account.objects.filter(slug=slug).first()
+                if system_account:
+                    integration_settings = IntegrationSettings.objects.filter(
+                        integration_type='openai',
+                        account=system_account,
+                        is_active=True
+                    ).first()
+                    if integration_settings:
+                        logger.info(f"Using OpenAI settings from system account: {slug}")
+                        break
+        except Exception as e:
+            logger.warning(f"Could not load system account OpenAI settings: {e}")
+    
+    # If still no settings found, raise error
+    if not integration_settings:
         raise ValueError(
-            f"OpenAI IntegrationSettings not configured for account {account.id}. "
+            f"OpenAI IntegrationSettings not configured for account {account.id} or system account. "
             f"Please configure OpenAI settings in the integration page."
         )