feat: add multi-tenant system with properties, organizations, and public booking

Implement complete multi-property architecture: - Properties (groups of spaces) with public/private visibility - Property managers (many-to-many) with role-based permissions - Organizations with member management - Anonymous/guest booking support via public API (/api/public/*) - Property-scoped spaces, bookings, and settings - Frontend: property selector, organization management, public booking views - Migration script and updated seed data Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-15 00:17:21 +00:00
parent d637513d92
commit e21cf03a16
51 changed files with 6324 additions and 273 deletions
--- a/backend/app/core/deps.py
+++ b/backend/app/core/deps.py
@@ -11,6 +11,7 @@ from app.db.session import get_db
 from app.models.user import User

 security = HTTPBearer()
+optional_security = HTTPBearer(auto_error=False)


 def get_current_user(
@@ -40,13 +41,58 @@ def get_current_user(
    return user


+def get_optional_user(
+    credentials: Annotated[HTTPAuthorizationCredentials | None, Depends(optional_security)],
+    db: Annotated[Session, Depends(get_db)],
+) -> User | None:
+    """Get current user or None for anonymous access."""
+    if credentials is None:
+        return None
+    try:
+        token = credentials.credentials
+        payload = jwt.decode(token, settings.secret_key, algorithms=[settings.algorithm])
+        user_id = payload.get("sub")
+        if user_id is None:
+            return None
+        user = db.query(User).filter(User.id == int(user_id)).first()
+        if user is None or not user.is_active:
+            return None
+        return user
+    except JWTError:
+        return None
+
+
 def get_current_admin(
    current_user: Annotated[User, Depends(get_current_user)],
 ) -> User:
-    """Verify current user is admin."""
-    if current_user.role != "admin":
+    """Verify current user is admin (superadmin or legacy admin)."""
+    if current_user.role not in ("admin", "superadmin"):
        raise HTTPException(
            status_code=status.HTTP_403_FORBIDDEN,
            detail="Not enough permissions",
        )
    return current_user
+
+
+def get_current_superadmin(
+    current_user: Annotated[User, Depends(get_current_user)],
+) -> User:
+    """Verify current user is superadmin."""
+    if current_user.role not in ("admin", "superadmin"):
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail="Superadmin access required",
+        )
+    return current_user
+
+
+def get_current_manager_or_superadmin(
+    current_user: Annotated[User, Depends(get_current_user)],
+) -> User:
+    """Verify current user is manager or superadmin."""
+    if current_user.role not in ("admin", "superadmin", "manager"):
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail="Manager or admin access required",
+        )
+    return current_user