- Correction in the tenant_list_view to only show 'partner tenants' in case the user is a partner admin.

- Edit Partner can only be executed by Super User - Give a more precise error message when a 403 client error is returned trying to get a URL.
2025-07-22 15:44:39 +02:00
parent a0f806ba4e
commit dc6cd9d940
5 changed files with 97 additions and 9 deletions
--- a/eveai_app/templates/navbar.html
+++ b/eveai_app/templates/navbar.html
@@ -86,7 +86,7 @@

                                {% if 'partner' in session and session['partner'] %}
                                    {% set partner_menu_items = partner_menu_items + [
-                                        {'name': 'Edit Partner', 'url': '/partner/partner/' ~ session['partner'].get('id'), 'roles': ['Super User', 'Partner Admin']}
+                                        {'name': 'Edit Partner', 'url': '/partner/partner/' ~ session['partner'].get('id'), 'roles': ['Super User']}
                                    ] %}
                                {% endif %}

--- a/eveai_app/views/document_views.py
+++ b/eveai_app/views/document_views.py
@@ -8,7 +8,7 @@ from sqlalchemy.orm import aliased
 from werkzeug.utils import secure_filename
 from sqlalchemy.exc import SQLAlchemyError
 import requests
-from requests.exceptions import SSLError
+from requests.exceptions import SSLError, HTTPError
 import json

 from common.models.document import Document, DocumentVersion, Catalog, Retriever, Processor
@@ -416,7 +416,7 @@ def add_url():
    catalog = Catalog.query.get_or_404(catalog_id)
    if catalog.configuration and len(catalog.configuration) > 0:
        form.add_dynamic_fields("tagging_fields", catalog.configuration)
-
+    url=""
    if form.validate_on_submit():
        try:
            tenant_id = session['tenant']['id']
@@ -456,6 +456,9 @@ def add_url():
        except EveAIException as e:
            current_app.logger.error(f"Error adding document: {str(e)}")
            flash(str(e), 'danger')
+        except HTTPError as e:
+            current_app.logger.error(f"Server refused download for {url}: {str(e)}")
+            flash(f'Server refused download for {url}: {str(e)}', 'danger')
        except Exception as e:
            current_app.logger.error(f'Error adding document: {str(e)}')
            flash('An error occurred while adding the document.', 'danger')
--- a/eveai_app/views/list_views/user_list_views.py
+++ b/eveai_app/views/list_views/user_list_views.py
@@ -4,15 +4,67 @@ from sqlalchemy.exc import SQLAlchemyError
 import ast

 from common.models.user import Tenant, User, TenantDomain, TenantProject, TenantMake, PartnerTenant, PartnerService
-from common.services.user import UserServices
+from common.services.user import UserServices, PartnerServices
+from common.utils.eveai_exceptions import EveAINoSessionPartner, EveAINoManagementPartnerService
+from common.utils.security_utils import current_user_has_role
 from eveai_app.views.list_views.list_view_utils import render_list_view

 # Tenant list view helper
 def get_tenants_list_view():
    """Generate the tenants list view configuration"""
    # Get all tenants (no server side filtering - handled client-side)
-    tenant_query = Tenant.query.order_by(Tenant.id)
-    all_tenants = tenant_query.all()
+    is_partner_admin = current_user_has_role('Partner Admin')
+    is_super_user = current_user_has_role('Super User')
+
+    if is_partner_admin and not is_super_user:
+        # Partner Admin (not Super User) - filter tenants based on management service + own tenant
+        try:
+            partner = session.get('partner')
+            if not partner:
+                # No partner in session, return empty list
+                all_tenants = []
+            else:
+                tenant_ids = set()
+
+                # Add the partner's own tenant
+                partner_tenant_id = partner.get('tenant_id')
+                if partner_tenant_id:
+                    tenant_ids.add(partner_tenant_id)
+
+                # Add tenants associated with the management service
+                management_service = PartnerServices.get_management_service()
+                if management_service:
+                    management_service_id = management_service['id']
+                    # Get tenant IDs associated with this management service via PartnerTenant
+                    partner_tenants = PartnerTenant.query.filter_by(
+                        partner_service_id=management_service_id
+                    ).all()
+                    for pt in partner_tenants:
+                        tenant_ids.add(pt.tenant_id)
+
+                # Query for all allowed tenants
+                if tenant_ids:
+                    tenant_query = Tenant.query.filter(Tenant.id.in_(tenant_ids)).order_by(Tenant.id)
+                    all_tenants = tenant_query.all()
+                else:
+                    all_tenants = []
+
+        except (EveAINoSessionPartner, EveAINoManagementPartnerService):
+            # No partner in session or no management service
+            # Still try to get the partner's own tenant if available
+            try:
+                partner = session.get('partner')
+                if partner and partner.get('tenant_id'):
+                    tenant_query = Tenant.query.filter_by(id=partner['tenant_id']).order_by(Tenant.id)
+                    all_tenants = tenant_query.all()
+                else:
+                    all_tenants = []
+            except Exception:
+                all_tenants = []
+    else:
+        # Super User or other roles - get all tenants
+        tenant_query = Tenant.query.order_by(Tenant.id)
+        all_tenants = tenant_query.all()

    # Prepare data for Tabulator
    data = []