feat: Implement a super-admin restricted endpoint to update tenant display names in both Keycloak and the local database.

sonal-aot · sonal-aot · commit c37cf00b2af7 · 2026-03-18T16:04:18.000+05:30
diff --git a/extensions/m8flow-backend/src/m8flow_backend/api.yml b/extensions/m8flow-backend/src/m8flow_backend/api.yml
@@ -275,9 +275,9 @@ paths:
           description: Tenant not found
 
     put:
-      summary: Update a tenant
-      description: Updates tenant name and/or status. Slug cannot be updated. Cannot update DELETED tenants.
-      operationId: m8flow_backend.routes.tenant_controller.update_tenant
+      summary: Update tenant display name
+      description: Updates the tenant's human-readable name in both the local database and the Keycloak realm (displayName). Restricted to 'super-admin' role. The slug and ID are immutable and cannot be changed.
+      operationId: m8flow_backend.routes.keycloak_controller.update_tenant_name
       tags:
         - Tenant
       parameters:
@@ -286,24 +286,21 @@ paths:
           required: true
           schema:
             type: string
-          description: Unique identifier of the tenant to update
+          description: Unique identifier (UUID) of the tenant to update
       requestBody:
         required: true
         content:
           application/json:
             schema:
               type: object
+              required:
+                - name
               properties:
                 name:
                   type: string
-                  description: New name for the tenant
-                status:
-                  type: string
-                  enum: [ACTIVE, INACTIVE, DELETED]
-                  description: New status for the tenant
+                  description: New display name for the tenant
               example:
                 name: "Updated Tenant Name"
-                status: "ACTIVE"
       responses:
         "200":
           description: Tenant updated successfully
diff --git a/extensions/m8flow-backend/src/m8flow_backend/routes/keycloak_controller.py b/extensions/m8flow-backend/src/m8flow_backend/routes/keycloak_controller.py
@@ -12,14 +12,19 @@
     realm_exists,
     tenant_login as tenant_login_svc,
     tenant_login_authorization_url,
+    update_realm,
     verify_admin_token,
+    get_master_admin_token,
 )
 from sqlalchemy.exc import IntegrityError
+from spiffworkflow_backend.exceptions.api_error import ApiError
+from spiffworkflow_backend.services.authorization_service import AuthorizationService
+from m8flow_backend.helpers.response_helper import success_response, handle_api_errors
 
 from m8flow_backend.tenancy import create_tenant_if_not_exists
 from m8flow_backend.models.m8flow_tenant import M8flowTenantModel
 from spiffworkflow_backend.models.db import db
-from flask import request
+from flask import request, g
 
 logger = logging.getLogger(__name__)
 
@@ -188,3 +193,63 @@ def delete_tenant_realm(realm_id: str) -> tuple[dict, int]:
     except Exception as e:
         logger.exception("Error deleting tenant %s", realm_id)
         return {"detail": str(e)}, 500
+
+
+@handle_api_errors
+def update_tenant_name(tenant_id: str, body: dict) -> tuple[dict, int]:
+    """Update a tenant's name in both Keycloak (displayName) and Postgres. 
+    Restricted to super-admin role. Uses internal master admin token.
+    """
+    user = getattr(g, 'user', None)
+    if not user:
+        raise ApiError(error_code="not_authenticated", message="User not authenticated", status_code=401)
+    
+    # Check for super-admin permission via m8flow.yml configuration
+    is_authorized = AuthorizationService.user_has_permission(user, "update", request.path)
+        
+    if not is_authorized:
+        logger.warning(
+            "User %s (groups: %s) attempted to update tenant %s without required permissions", 
+            user.username, 
+            [getattr(g, 'identifier', g.name) for g in getattr(user, 'groups', [])],
+            tenant_id
+        )
+        raise ApiError(error_code="forbidden", message="Only super-admin can update tenant name", status_code=403)
+
+    new_name = body.get("name")
+    if not new_name or not str(new_name).strip():
+        return {"detail": "name is required"}, 400
+    new_name = str(new_name).strip()
+
+    try:
+        tenant = (
+            db.session.query(M8flowTenantModel)
+            .filter(M8flowTenantModel.id == tenant_id)
+            .one_or_none()
+        )
+        if not tenant:
+            return {"detail": "Tenant not found"}, 404
+
+        # Fetch Keycloak admin token internally
+        admin_token = get_master_admin_token()
+
+        # Update Keycloak realm displayName
+        update_realm(tenant.slug, display_name=new_name, admin_token=admin_token)
+
+        # Update Postgres tenant name
+        tenant.name = new_name
+        db.session.commit()
+        logger.info("Updated tenant name: id=%s slug=%s to name=%s (updated by %s)", 
+                    tenant_id, tenant.slug, new_name, user.username)
+
+        return {"message": "Tenant name updated successfully", "name": new_name}, 200
+
+    except requests.exceptions.HTTPError as e:
+        status = e.response.status_code if e.response is not None else 500
+        detail = (e.response.text or str(e))[:500] if e.response is not None else str(e)
+        logger.warning("Keycloak update realm HTTP error: %s %s", status, detail)
+        return {"detail": detail}, status
+    except Exception as e:
+        db.session.rollback()
+        logger.exception("Error updating tenant name %s", tenant_id)
+        return {"detail": str(e)}, 500
diff --git a/extensions/m8flow-backend/src/m8flow_backend/routes/tenant_controller.py b/extensions/m8flow-backend/src/m8flow_backend/routes/tenant_controller.py
@@ -59,26 +59,3 @@ def get_all_tenants():
     tenants = TenantService.get_all_tenants()
     return success_response([_serialize_tenant(t) for t in tenants], 200)
 
-@handle_api_errors
-def update_tenant(tenant_id, body):
-    """Update tenant name and status. Slug cannot be updated."""
-    user = _require_authenticated_user()
-    body = body or {}
-
-    if 'slug' in body: 
-        raise ApiError(
-            error_code="slug_update_forbidden",
-            message="Slug cannot be updated. It is immutable after creation.",
-            status_code=400
-        )
-
-    tenant = TenantService.update_tenant(
-        tenant_id=tenant_id,
-        name=body.get('name'),
-        status_str=body.get('status'),
-        user_id=user.username
-    )
-    
-    return success_response({
-        "message": f"Tenant '{tenant.name}' has been successfully updated."
-    }, 200)
diff --git a/extensions/m8flow-backend/src/m8flow_backend/services/keycloak_service.py b/extensions/m8flow-backend/src/m8flow_backend/services/keycloak_service.py
@@ -852,6 +852,38 @@ def delete_realm(realm_id: str, admin_token: str | None = None) -> None:
     logger.info("Deleted Keycloak realm: %s", realm_id)
 
 
+def update_realm(realm_id: str, display_name: str, admin_token: str | None = None) -> None:
+    """Update a realm in Keycloak (specifically displayName)."""
+    if not realm_id or not str(realm_id).strip():
+        raise ValueError("realm_id is required")
+
+    if not display_name or not str(display_name).strip():
+        raise ValueError("display_name is required")
+    
+    if not admin_token or not str(admin_token).strip():
+        raise ValueError("admin_token is required")
+
+    realm_id = str(realm_id).strip()
+    display_name = str(display_name).strip()
+    admin_token = str(admin_token).strip()
+
+    base_url = keycloak_url()
+
+    payload = {
+        "realm": realm_id,
+        "displayName": display_name
+    }
+
+    r = requests.put(
+        f"{base_url}/admin/realms/{realm_id}",
+        json=payload,
+        headers={"Authorization": f"Bearer {admin_token}", "Content-Type": "application/json"},
+        timeout=30,
+    )
+    r.raise_for_status()
+    logger.info("Updated Keycloak realm %s: displayName=%s", realm_id, display_name)
+
+
 def verify_admin_token(token: str) -> bool:
     """
     Verify that the provided token is a valid admin token.
diff --git a/extensions/m8flow-backend/src/m8flow_backend/services/tenant_service.py b/extensions/m8flow-backend/src/m8flow_backend/services/tenant_service.py
@@ -77,50 +77,3 @@ def get_all_tenants():
                 status_code=500
             )
 
-    @staticmethod
-    def update_tenant(tenant_id: str, name: str | None, status_str: str | None, user_id: str):
-        TenantService._check_not_default_tenant(tenant_id)
-        
-        tenant = M8flowTenantModel.query.filter_by(id=tenant_id).first()
-        
-        if not tenant:
-            raise ApiError(
-                error_code="tenant_not_found",
-                message=f"Tenant with ID '{tenant_id}' not found.",
-                status_code=404
-            )
-        
-        if tenant.status == TenantStatus.DELETED:
-            raise ApiError(
-                error_code="tenant_deleted",
-                message=f"Cannot update tenant with ID '{tenant_id}' because it is deleted.",
-                status_code=400
-            )
-
-        try:
-            if name:
-                tenant.name = name
-            
-            if status_str:
-                try:
-                    tenant.status = TenantStatus(status_str)
-                except ValueError:
-                    raise ApiError(
-                        error_code="invalid_status",
-                        message=f"Invalid status value: '{status_str}'. Must be one of: ACTIVE, INACTIVE, DELETED.",
-                        status_code=400
-                    )
-            
-            tenant.modified_by = user_id
-            db.session.commit()
-            return tenant
-        except ApiError:
-            db.session.rollback()
-            raise
-        except Exception as e:
-            db.session.rollback()
-            raise ApiError(
-                error_code="database_error",
-                message=f"Error updating tenant: {str(e)}",
-                status_code=500
-            )
diff --git a/extensions/m8flow-backend/tests/unit/m8flow_backend/routes/test_tenant_controller.py b/extensions/m8flow-backend/tests/unit/m8flow_backend/routes/test_tenant_controller.py
@@ -183,118 +183,3 @@ def test_get_all_tenants_excludes_default(self, app, mock_admin_user):
                 tenant_ids = [t["id"] for t in data]
                 assert "default" not in tenant_ids
 
-    def test_update_tenant_name_success(self, app, mock_admin_user):
-        """Test successfully updating tenant name."""
-        with app.app_context():
-            with app.test_request_context("/"):
-                g.user = mock_admin_user
-                
-                # Create tenant
-                tenant = M8flowTenantModel(
-                    id="update-tenant-1",
-                    name="Original Name",
-                    slug="update-tenant",
-                    status=TenantStatus.ACTIVE,
-                    created_by="admin",
-                    modified_by="admin"
-                )
-                db.session.add(tenant)
-                db.session.commit()
-                
-                # Update name
-                body = {"name": "Updated Name"}
-                response = tenant_controller.update_tenant("update-tenant-1", body)
-                assert response.status_code == 200
-                
-                # Verify update
-                updated_tenant = M8flowTenantModel.query.filter_by(id="update-tenant-1").first()
-                assert updated_tenant.name == "Updated Name"
-
-    def test_update_tenant_status_success(self, app, mock_admin_user):
-        """Test successfully updating tenant status."""
-        with app.app_context():
-            with app.test_request_context("/"):
-                g.user = mock_admin_user
-                
-                # Create tenant
-                tenant = M8flowTenantModel(
-                    id="status-tenant-1",
-                    name="Status Tenant",
-                    slug="status-tenant",
-                    status=TenantStatus.ACTIVE,
-                    created_by="admin",
-                    modified_by="admin"
-                )
-                db.session.add(tenant)
-                db.session.commit()
-                
-                # Update status
-                body = {"status": "INACTIVE"}
-                response = tenant_controller.update_tenant("status-tenant-1", body)
-                assert response.status_code == 200
-                
-                # Verify update
-                updated_tenant = M8flowTenantModel.query.filter_by(id="status-tenant-1").first()
-                assert updated_tenant.status == TenantStatus.INACTIVE
-
-    def test_update_tenant_slug_forbidden(self, app, mock_admin_user):
-        """Test that updating tenant slug is forbidden."""
-        with app.app_context():
-            with app.test_request_context("/"):
-                g.user = mock_admin_user
-                
-                # Create tenant
-                tenant = M8flowTenantModel(
-                    id="immutable-slug-1",
-                    name="Immutable Slug",
-                    slug="original-slug",
-                    status=TenantStatus.ACTIVE,
-                    created_by="admin",
-                    modified_by="admin"
-                )
-                db.session.add(tenant)
-                db.session.commit()
-                
-                # Attempt to update slug
-                body = {"slug": "new-slug"}
-                
-                response = tenant_controller.update_tenant("immutable-slug-1", body)
-                assert response.status_code == 400
-                assert response.get_json()["error_code"] == "slug_update_forbidden"
-
-    def test_update_deleted_tenant_forbidden(self, app, mock_admin_user):
-        """Test that updating a deleted tenant is forbidden."""
-        with app.app_context():
-            with app.test_request_context("/"):
-                g.user = mock_admin_user
-                
-                # Create deleted tenant
-                tenant = M8flowTenantModel(
-                    id="deleted-tenant-1",
-                    name="Deleted Tenant",
-                    slug="deleted-tenant",
-                    status=TenantStatus.DELETED,
-                    created_by="admin",
-                    modified_by="admin"
-                )
-                db.session.add(tenant)
-                db.session.commit()
-                
-                # Attempt to update
-                body = {"name": "New Name"}
-                
-                response = tenant_controller.update_tenant("deleted-tenant-1", body)
-                assert response.status_code == 400
-                assert response.get_json()["error_code"] == "tenant_deleted"
-
-
-    def test_permission_check_update_no_user(self, app):
-        """Test that update fails when user is not authenticated."""
-        with app.app_context():
-            with app.test_request_context("/"):
-                # No user in g
-                
-                body = {"name": "New Name"}
-                response = tenant_controller.update_tenant("some-tenant", body)
-                assert response.status_code == 401
-                assert response.get_json()["error_code"] == "not_authenticated"
