feat: Global-Admin Org-Switcher fuer info@aegis-sight.de

Ermoeglicht dem Global Admin (is_global_admin Flag) zwischen Organisationen zu wechseln. Neue Endpoints: GET /api/auth/organizations, POST /api/auth/switch-org. Org-Dropdown im Header-Menue, nur fuer Global Admin sichtbar. Komplett herausnehmbar (Flag + Code-Bloecke). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-08 22:25:41 +02:00
Commit c22ae854fe
--- a/src/routers/auth.py
+++ b/src/routers/auth.py
@@ -140,6 +140,13 @@ async def verify_magic_link(
    )
    await db.commit()

+    # Global-Admin-Flag aus DB lesen
+    ga_cursor = await db.execute(
+        "SELECT is_global_admin FROM users WHERE id = ?", (ml["user_id"],)
+    )
+    ga_row = await ga_cursor.fetchone()
+    _is_global_admin = bool(ga_row["is_global_admin"]) if ga_row else False
+
    # JWT erstellen
    token = create_token(
        user_id=ml["user_id"],
@@ -148,6 +155,7 @@ async def verify_magic_link(
        role=ml["role"],
        tenant_id=ml["organization_id"],
        org_slug=ml["org_slug"],
+        is_global_admin=_is_global_admin,
    )

    return TokenResponse(
@@ -208,4 +216,63 @@ async def get_me(
        license_status=license_info.get("status", "unknown"),
        license_type=license_info.get("license_type", ""),
        read_only=license_info.get("read_only", False),
+        is_global_admin=current_user.get("is_global_admin", False),
    )
+
+
+# --- Global Admin: Org-Wechsel (herausnehmbar) ---
+
+from models import SwitchOrgRequest, OrgListItem
+
+
+@router.get("/organizations")
+async def list_all_organizations(
+    current_user: dict = Depends(get_current_user),
+    db: aiosqlite.Connection = Depends(db_dependency),
+):
+    """Alle Organisationen auflisten (nur fuer Global Admin)."""
+    if not current_user.get("is_global_admin"):
+        raise HTTPException(status_code=403, detail="Keine Berechtigung")
+
+    cursor = await db.execute(
+        "SELECT id, name, slug, is_active FROM organizations ORDER BY name"
+    )
+    rows = await cursor.fetchall()
+    return [dict(row) for row in rows]
+
+
+@router.post("/switch-org")
+async def switch_organization(
+    data: SwitchOrgRequest,
+    current_user: dict = Depends(get_current_user),
+    db: aiosqlite.Connection = Depends(db_dependency),
+):
+    """Organisation wechseln (nur fuer Global Admin). Gibt neues JWT zurueck."""
+    if not current_user.get("is_global_admin"):
+        raise HTTPException(status_code=403, detail="Keine Berechtigung")
+
+    # Ziel-Org pruefen
+    cursor = await db.execute(
+        "SELECT id, name, slug FROM organizations WHERE id = ?", (data.organization_id,)
+    )
+    org = await cursor.fetchone()
+    if not org:
+        raise HTTPException(status_code=404, detail="Organisation nicht gefunden")
+
+    # Neues JWT mit anderem tenant_id ausstellen
+    token = create_token(
+        user_id=current_user["id"],
+        username=current_user["username"],
+        email=current_user["email"],
+        role=current_user["role"],
+        tenant_id=org["id"],
+        org_slug=org["slug"],
+        is_global_admin=True,
+    )
+
+    return {
+        "access_token": token,
+        "token_type": "bearer",
+        "org_name": org["name"],
+        "org_slug": org["slug"],
+    }