fix: corriger la détection admin (combiner DB + ADMIN_EMAILS)

- is_admin utilise maintenant user.is_admin OR settings.is_admin(email)
- Ajouter authentification Redis dans Helm (existingSecret)
- REDIS_PASSWORD injecté depuis le secret externe

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

Author: Clément VALENTIN

apps/api/src/routers/accounts.py

@@ -271,8 +271,9 @@ async def get_current_user_info(
     )
 
     # Add is_admin field, debug_mode, and role
+    # is_admin is true if: database flag OR email in ADMIN_EMAILS env var
     user_data = user_response.model_dump()
-    user_data['is_admin'] = settings.is_admin(user.email)
+    user_data['is_admin'] = user.is_admin or settings.is_admin(user.email)
     user_data['debug_mode'] = user.debug_mode
 
     # Add role information with permissions

helm/myelectricaldata/templates/_helpers.tpl

@@ -191,12 +191,44 @@ postgresql+asyncpg://{{ $username }}:$(POSTGRES_PASSWORD)@{{ $host }}:{{ $port }
 {{- end }}
 
 {{/*
-Redis URL
+Redis secret name - Supports external secrets or subchart-generated secrets
+*/}}
+{{- define "myelectricaldata.redis.secretName" -}}
+{{- if .Values.redis.enabled }}
+  {{- if .Values.redis.auth.existingSecret }}
+    {{- .Values.redis.auth.existingSecret }}
+  {{- else }}
+    {{- printf "%s-redis" .Release.Name }}
+  {{- end }}
+{{- else if .Values.externalRedis.existingSecret }}
+  {{- .Values.externalRedis.existingSecret }}
+{{- else }}
+  {{- printf "%s-external-redis" (include "myelectricaldata.fullname" .) }}
+{{- end }}
+{{- end }}
+
+{{/*
+Redis secret key - Returns the key name for the password in the secret
+*/}}
+{{- define "myelectricaldata.redis.secretKey" -}}
+{{- if .Values.redis.enabled }}
+  {{- if .Values.redis.auth.existingSecret }}
+    {{- .Values.redis.auth.existingSecretKey | default "redis-password" }}
+  {{- else }}
+    {{- "redis-password" }}
+  {{- end }}
+{{- else }}
+  {{- "password" }}
+{{- end }}
+{{- end }}
+
+{{/*
+Redis URL - uses REDIS_PASSWORD env var for the password
 */}}
 {{- define "myelectricaldata.redisUrl" -}}
 {{- $host := include "myelectricaldata.redis.host" . -}}
 {{- $port := include "myelectricaldata.redis.port" . -}}
-redis://{{ $host }}:{{ $port }}/0
+redis://:$(REDIS_PASSWORD)@{{ $host }}:{{ $port }}/0
 {{- end }}
 
 {{/*

helm/myelectricaldata/templates/backend/backend-deployment.yaml

@@ -67,6 +67,12 @@ spec:
                   key: {{ include "myelectricaldata.postgres.secretKey" . | trim }}
             - name: DATABASE_URL
               value: {{ include "myelectricaldata.databaseUrl" . | quote }}
+            # Redis password MUST be defined before REDIS_URL for $(REDIS_PASSWORD) substitution
+            - name: REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "myelectricaldata.redis.secretName" . | trim }}
+                  key: {{ include "myelectricaldata.redis.secretKey" . | trim }}
             - name: REDIS_URL
               value: {{ include "myelectricaldata.redisUrl" . | quote }}
             - name: ENEDIS_ENVIRONMENT

helm/myelectricaldata/values.yaml

@@ -250,6 +250,15 @@ redis:
     tag: "7-alpine"
     pullPolicy: IfNotPresent
 
+  # Redis authentication
+  auth:
+    # Option 1: Set password directly (Helm creates the secret)
+    password: ""
+    # Option 2: Use an existing secret with a generated password
+    # The secret must contain the key specified in existingSecretKey
+    existingSecret: ""           # e.g., "redis-credentials"
+    existingSecretKey: "redis-password"  # Key containing the password in the secret
+
   # Redis configuration
   config:
     maxmemory: "256mb"