security(v3): harden multi-tenant isolation and enhance failure feedback

2026-02-13 18:45:20 -05:00
parent 61e17f1efa
commit 2266f149f7
15 changed files with 389 additions and 317 deletions
--- a/app/lib_api_crud_v3.py
+++ b/app/lib_api_crud_v3.py
@@ -113,7 +113,12 @@ def apply_forced_account_filter(and_qry_dict: Optional[Dict], account: AccountCo
        except:
            has_col = False
        
+        if not has_col:
+            return forced
+        
+    # CRITICAL: Always apply the filter. If account_id is None, it filters for NULL.
    forced[target_col] = account.account_id
+        
    return forced

 def filter_order_by(order_by_li: Any, model: Any, table_name: str = None) -> Optional[Dict[str, str]]: