adsasdasd
This commit is contained in:
IGNY8 VPS (Salman)
@@ -31,14 +31,6 @@ class AccountContextMiddleware(MiddlewareMixin):
|
||||
# First, try to get user from Django session (cookie-based auth)
|
||||
# This handles cases where frontend uses credentials: 'include' with session cookies
|
||||
if hasattr(request, 'user') and request.user and request.user.is_authenticated:
|
||||
# Block superuser access via session on non-admin routes (JWT required)
|
||||
auth_header = request.META.get('HTTP_AUTHORIZATION', '')
|
||||
if request.user.is_superuser and not auth_header.startswith('Bearer '):
|
||||
logout(request)
|
||||
return JsonResponse(
|
||||
{'success': False, 'error': 'Session authentication not allowed for API. Use JWT.'},
|
||||
status=status.HTTP_403_FORBIDDEN,
|
||||
)
|
||||
# User is authenticated via session - refresh from DB to get latest account/plan data
|
||||
# This ensures changes to account/plan are reflected immediately without re-login
|
||||
try:
|
||||
@@ -141,7 +133,23 @@ class AccountContextMiddleware(MiddlewareMixin):
|
||||
"""
|
||||
Ensure the authenticated user has an account and an active plan.
|
||||
Uses shared validation helper for consistency.
|
||||
Bypasses validation for superusers, developers, and system accounts.
|
||||
"""
|
||||
# Bypass validation for superusers
|
||||
if getattr(user, 'is_superuser', False):
|
||||
return None
|
||||
|
||||
# Bypass validation for developers
|
||||
if hasattr(user, 'role') and user.role == 'developer':
|
||||
return None
|
||||
|
||||
# Bypass validation for system account users
|
||||
try:
|
||||
if hasattr(user, 'is_system_account_user') and user.is_system_account_user():
|
||||
return None
|
||||
except Exception:
|
||||
pass
|
||||
|
||||
from .utils import validate_account_and_plan
|
||||
|
||||
is_valid, error_message, http_status = validate_account_and_plan(user)
|
||||
|
||||
Reference in New Issue
Block a user