Multi-tenancy : espaces de travail + fix auth reload (rate limiter OPTIONS)

- Modèles Organization + OrgMember, migration Alembic (SQLite compatible) - organization_id nullable sur Document, Decision, Mandate, VotingProtocol - Service, schéma, router /organizations + dependency get_active_org_id - Seed : Duniter G1 + Axiom Team ; tout le contenu seed attaché à Duniter G1 - Backend : list/create filtrés par header X-Organization - Frontend : store organizations, WorkspaceSelector réel, useApi injecte l'org - Fix critique : rate_limiter exclut les requêtes OPTIONS (CORS preflight) → résout le bug "Failed to fetch /auth/me" au reload (429 sur preflight) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-23 15:17:14 +02:00
parent 224e5b0f5e
commit 79e468b40f
31 changed files with 1296 additions and 159 deletions
--- a/backend/app/models/init.py
+++ b/backend/app/models/init.py
@@ -1,4 +1,5 @@
 from app.models.user import DuniterIdentity, Session
+from app.models.organization import Organization, OrgMember
 from app.models.document import Document, DocumentItem, ItemVersion
 from app.models.decision import Decision, DecisionStep
 from app.models.vote import VoteSession, Vote
@@ -9,6 +10,7 @@ from app.models.cache import BlockchainCache

 __all__ = [
    "DuniterIdentity", "Session",
+    "Organization", "OrgMember",
    "Document", "DocumentItem", "ItemVersion",
    "Decision", "DecisionStep",
    "VoteSession", "Vote",
--- a/backend/app/models/decision.py
+++ b/backend/app/models/decision.py
@@ -16,6 +16,7 @@ class Decision(Base):
    context: Mapped[str | None] = mapped_column(Text)
    decision_type: Mapped[str] = mapped_column(String(64), nullable=False)  # runtime_upgrade, document_change, mandate_vote, custom
    status: Mapped[str] = mapped_column(String(32), default="draft")  # draft, qualification, review, voting, executed, closed
+    organization_id: Mapped[uuid.UUID | None] = mapped_column(ForeignKey("organizations.id"), nullable=True, index=True)
    voting_protocol_id: Mapped[uuid.UUID | None] = mapped_column(ForeignKey("voting_protocols.id"))
    created_by_id: Mapped[uuid.UUID | None] = mapped_column(ForeignKey("duniter_identities.id"))
    created_at: Mapped[datetime] = mapped_column(DateTime(timezone=True), server_default=func.now())
--- a/backend/app/models/document.py
+++ b/backend/app/models/document.py
@@ -17,6 +17,7 @@ class Document(Base):
    version: Mapped[str] = mapped_column(String(32), default="0.1.0")
    status: Mapped[str] = mapped_column(String(32), default="draft")  # draft, active, archived
    description: Mapped[str | None] = mapped_column(Text)
+    organization_id: Mapped[uuid.UUID | None] = mapped_column(ForeignKey("organizations.id"), nullable=True, index=True)
    ipfs_cid: Mapped[str | None] = mapped_column(String(128))
    chain_anchor: Mapped[str | None] = mapped_column(String(128))
    genesis_json: Mapped[str | None] = mapped_column(Text)  # JSON: source files, repos, forum URLs, formula trigger
--- a/backend/app/models/mandate.py
+++ b/backend/app/models/mandate.py
@@ -15,6 +15,7 @@ class Mandate(Base):
    description: Mapped[str | None] = mapped_column(Text)
    mandate_type: Mapped[str] = mapped_column(String(64), nullable=False)  # techcomm, smith, custom
    status: Mapped[str] = mapped_column(String(32), default="draft")  # draft, candidacy, voting, active, reporting, completed, revoked
+    organization_id: Mapped[uuid.UUID | None] = mapped_column(ForeignKey("organizations.id"), nullable=True, index=True)
    mandatee_id: Mapped[uuid.UUID | None] = mapped_column(ForeignKey("duniter_identities.id"))
    decision_id: Mapped[uuid.UUID | None] = mapped_column(ForeignKey("decisions.id"))
    starts_at: Mapped[datetime | None] = mapped_column(DateTime(timezone=True))
--- a/backend/app/models/organization.py
+++ b/backend/app/models/organization.py
@@ -0,0 +1,42 @@
+import uuid
+from datetime import datetime
+
+from sqlalchemy import String, Text, Boolean, DateTime, ForeignKey, Uuid, func
+from sqlalchemy.orm import Mapped, mapped_column, relationship
+
+from app.database import Base
+
+
+class Organization(Base):
+    __tablename__ = "organizations"
+
+    id: Mapped[uuid.UUID] = mapped_column(Uuid, primary_key=True, default=uuid.uuid4)
+    name: Mapped[str] = mapped_column(String(128), nullable=False)
+    slug: Mapped[str] = mapped_column(String(128), unique=True, nullable=False, index=True)
+    # commune, enterprise, association, collective, basin, intercommunality, community
+    org_type: Mapped[str] = mapped_column(String(64), default="community")
+    # True = all authenticated users see & interact with content (Duniter G1, Axiom Team)
+    # False = membership required
+    is_transparent: Mapped[bool] = mapped_column(Boolean, default=False)
+    color: Mapped[str | None] = mapped_column(String(32))   # CSS color or mood token
+    icon: Mapped[str | None] = mapped_column(String(64))    # lucide icon name
+    description: Mapped[str | None] = mapped_column(Text)
+    created_at: Mapped[datetime] = mapped_column(DateTime(timezone=True), server_default=func.now())
+
+    members: Mapped[list["OrgMember"]] = relationship(
+        back_populates="organization", cascade="all, delete-orphan"
+    )
+
+
+class OrgMember(Base):
+    __tablename__ = "org_members"
+
+    id: Mapped[uuid.UUID] = mapped_column(Uuid, primary_key=True, default=uuid.uuid4)
+    org_id: Mapped[uuid.UUID] = mapped_column(ForeignKey("organizations.id"), nullable=False)
+    identity_id: Mapped[uuid.UUID] = mapped_column(
+        ForeignKey("duniter_identities.id"), nullable=False
+    )
+    role: Mapped[str] = mapped_column(String(32), default="member")  # admin, member, observer
+    created_at: Mapped[datetime] = mapped_column(DateTime(timezone=True), server_default=func.now())
+
+    organization: Mapped["Organization"] = relationship(back_populates="members")
--- a/backend/app/models/protocol.py
+++ b/backend/app/models/protocol.py
@@ -44,6 +44,7 @@ class VotingProtocol(Base):
    description: Mapped[str | None] = mapped_column(Text)
    vote_type: Mapped[str] = mapped_column(String(32), nullable=False)  # binary, nuanced
    formula_config_id: Mapped[uuid.UUID] = mapped_column(ForeignKey("formula_configs.id"), nullable=False)
+    organization_id: Mapped[uuid.UUID | None] = mapped_column(ForeignKey("organizations.id"), nullable=True, index=True)
    mode_params: Mapped[str | None] = mapped_column(String(64))  # e.g. "D30M50B.1G.2T.1"
    is_meta_governed: Mapped[bool] = mapped_column(Boolean, default=False)
    created_at: Mapped[datetime] = mapped_column(DateTime(timezone=True), server_default=func.now())