fix: set RLS tenant context for chat conversation lookups

Chat API queries on web_conversations need tenant context set before RLS policies allow the SELECT. Also fixes crypto.randomUUID fallback. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-25 13:34:38 -06:00
parent 5b02b233f3
commit ee1c2f70f8
2 changed files with 16 additions and 5 deletions
--- a/packages/portal
+++ b/packages/portal
--- a/packages/shared/shared/api/chat.py
+++ b/packages/shared/shared/api/chat.py
@@ -247,10 +247,21 @@ async def list_messages(

    Ownership enforced: caller must own the conversation OR be platform_admin.
    """
-    # Fetch conversation first to verify ownership and get tenant_id
+    # Set tenant context for RLS — use caller's tenant_id first to allow the lookup
+    # For platform admins, temporarily set from the header (may be the selected tenant)
+    initial_tenant_id = caller.tenant_id
+    if initial_tenant_id:
+        initial_token = _rls_set(engine, initial_tenant_id)
+    else:
+        initial_token = None
+
+    try:
        conv_stmt = select(WebConversation).where(WebConversation.id == conversation_id)
        conv_result = await session.execute(conv_stmt)
        conversation = conv_result.scalar_one_or_none()
+    finally:
+        if initial_token is not None:
+            current_tenant_id.reset(initial_token)

    if conversation is None:
        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Conversation not found")