update

Backend/src/payments/routes/audit_trail_routes.py

@@ -12,6 +12,7 @@ import json
 from ...shared.config.database import get_db
 from ...shared.config.logging_config import get_logger
 from ...security.middleware.auth import authorize_roles
+from ...security.middleware.step_up_auth import authorize_financial_access
 from ...auth.models.user import User
 from ..models.financial_audit_trail import FinancialAuditTrail, FinancialActionType
 from ..services.financial_audit_service import financial_audit_service
@@ -33,7 +34,7 @@ async def get_financial_audit_trail(
     end_date: Optional[str] = Query(None),
     page: int = Query(1, ge=1),
     limit: int = Query(100, ge=1, le=1000),
-    current_user: User = Depends(authorize_roles('admin', 'accountant')),
+    current_user: User = Depends(authorize_financial_access('admin', 'accountant')),
     db: Session = Depends(get_db)
 ):
     """Get financial audit trail records with filters. Requires step-up authentication."""
@@ -205,7 +206,7 @@ async def get_financial_audit_trail(
 @router.get('/{record_id}')
 async def get_audit_record(
     record_id: int,
-    current_user: User = Depends(authorize_roles('admin', 'accountant')),
+    current_user: User = Depends(authorize_financial_access('admin', 'accountant')),
     db: Session = Depends(get_db)
 ):
     """Get a specific audit trail record."""
@@ -259,7 +260,7 @@ async def export_audit_trail(
     user_id: Optional[int] = Query(None),
     start_date: Optional[str] = Query(None),
     end_date: Optional[str] = Query(None),
-    current_user: User = Depends(authorize_roles('admin', 'accountant')),
+    current_user: User = Depends(authorize_financial_access('admin', 'accountant')),
     db: Session = Depends(get_db)
 ):
     """Export financial audit trail to CSV or JSON. Requires step-up authentication."""
@@ -497,7 +498,7 @@ async def cleanup_old_audit_records(
 @router.get('/retention/stats')
 async def get_retention_stats(
     retention_days: int = Query(2555, ge=365, le=3650),
-    current_user: User = Depends(authorize_roles('admin', 'accountant')),
+    current_user: User = Depends(authorize_financial_access('admin', 'accountant')),
     db: Session = Depends(get_db)
 ):
     """Get statistics about audit trail retention."""

Backend/src/payments/routes/financial_routes.py

@@ -8,6 +8,7 @@ import io
 from ...shared.config.database import get_db
 from ...shared.config.logging_config import get_logger
 from ...security.middleware.auth import authorize_roles
+from ...security.middleware.step_up_auth import authorize_financial_access
 from ...auth.models.user import User
 from ..models.payment import Payment, PaymentStatus, PaymentMethod
 from ..models.invoice import Invoice, InvoiceStatus
@@ -27,7 +28,7 @@ router = APIRouter(prefix='/financial', tags=['financial'])
 async def get_profit_loss_report(
     start_date: Optional[str] = Query(None),
     end_date: Optional[str] = Query(None),
-    current_user: User = Depends(authorize_roles('admin', 'accountant')),
+    current_user: User = Depends(authorize_financial_access('admin', 'accountant')),
     db: Session = Depends(get_db)
 ):
     """Generate Profit & Loss statement."""
@@ -240,7 +241,7 @@ async def get_profit_loss_report(
 @router.get('/balance-sheet')
 async def get_balance_sheet(
     as_of_date: Optional[str] = Query(None),
-    current_user: User = Depends(authorize_roles('admin', 'accountant')),
+    current_user: User = Depends(authorize_financial_access('admin', 'accountant')),
     db: Session = Depends(get_db)
 ):
     """Generate Balance Sheet statement."""
@@ -413,7 +414,7 @@ async def get_tax_report(
     start_date: Optional[str] = Query(None),
     end_date: Optional[str] = Query(None),
     format: Optional[str] = Query('json', regex='^(json|csv)$'),
-    current_user: User = Depends(authorize_roles('admin', 'accountant')),
+    current_user: User = Depends(authorize_financial_access('admin', 'accountant')),
     db: Session = Depends(get_db)
 ):
     """Generate tax report with export capability. Requires step-up authentication for exports."""
@@ -545,7 +546,7 @@ async def get_payment_reconciliation(
     start_date: Optional[str] = Query(None),
     end_date: Optional[str] = Query(None),
     include_exceptions: bool = Query(True),
-    current_user: User = Depends(authorize_roles('admin', 'accountant')),
+    current_user: User = Depends(authorize_financial_access('admin', 'accountant')),
     db: Session = Depends(get_db)
 ):
     """Generate payment reconciliation report with exception integration."""
@@ -643,7 +644,7 @@ async def get_payment_reconciliation(
 async def get_refund_history(
     start_date: Optional[str] = Query(None),
     end_date: Optional[str] = Query(None),
-    current_user: User = Depends(authorize_roles('admin', 'accountant')),
+    current_user: User = Depends(authorize_financial_access('admin', 'accountant')),
     db: Session = Depends(get_db)
 ):
     """Get refund history and statistics."""

Backend/src/payments/routes/gl_routes.py

@@ -8,6 +8,7 @@ from datetime import datetime
 from ...shared.config.database import get_db
 from ...shared.config.logging_config import get_logger
 from ...security.middleware.auth import authorize_roles, get_current_user
+from ...security.middleware.step_up_auth import authorize_financial_access
 from ...auth.models.user import User
 from ..services.gl_service import gl_service
 from ..models.fiscal_period import FiscalPeriod, PeriodStatus
@@ -23,7 +24,7 @@ router = APIRouter(prefix='/financial/gl', tags=['general-ledger'])
 async def get_trial_balance(
     period_id: Optional[int] = Query(None),
     as_of_date: Optional[str] = Query(None),
-    current_user: User = Depends(authorize_roles('admin', 'accountant')),
+    current_user: User = Depends(authorize_financial_access('admin', 'accountant')),
     db: Session = Depends(get_db)
 ):
     """Get trial balance for a period or as of a date."""
@@ -42,7 +43,7 @@ async def get_trial_balance(
 
 @router.get('/periods')
 async def get_fiscal_periods(
-    current_user: User = Depends(authorize_roles('admin', 'accountant')),
+    current_user: User = Depends(authorize_financial_access('admin', 'accountant')),
     db: Session = Depends(get_db)
 ):
     """Get all fiscal periods."""
@@ -156,7 +157,7 @@ async def close_fiscal_period(
 
 @router.get('/accounts')
 async def get_chart_of_accounts(
-    current_user: User = Depends(authorize_roles('admin', 'accountant')),
+    current_user: User = Depends(authorize_financial_access('admin', 'accountant')),
     db: Session = Depends(get_db)
 ):
     """Get chart of accounts."""
@@ -188,7 +189,7 @@ async def get_journal_entries(
     status: Optional[str] = Query(None),
     page: int = Query(1, ge=1),
     limit: int = Query(50, ge=1, le=100),
-    current_user: User = Depends(authorize_roles('admin', 'accountant')),
+    current_user: User = Depends(authorize_financial_access('admin', 'accountant')),
     db: Session = Depends(get_db)
 ):
     """Get journal entries with pagination."""

Backend/src/payments/routes/invoice_routes.py

@@ -5,6 +5,7 @@ from datetime import datetime
 from ...shared.config.database import get_db
 from ...shared.config.logging_config import get_logger
 from ...security.middleware.auth import get_current_user, authorize_roles
+from ...security.middleware.step_up_auth import authorize_financial_access
 from ...auth.models.user import User
 from ..models.invoice import Invoice, InvoiceStatus
 from ...bookings.models.booking import Booking
@@ -130,7 +131,7 @@ async def create_invoice(request: Request, invoice_data: CreateInvoiceRequest, c
         raise HTTPException(status_code=500, detail=str(e))
 
 @router.put('/{id}')
-async def update_invoice(request: Request, id: int, invoice_data: UpdateInvoiceRequest, current_user: User=Depends(authorize_roles('admin', 'accountant')), db: Session=Depends(get_db)):
+async def update_invoice(request: Request, id: int, invoice_data: UpdateInvoiceRequest, current_user: User=Depends(authorize_financial_access('admin', 'accountant')), db: Session=Depends(get_db)):
     try:
         invoice = db.query(Invoice).filter(Invoice.id == id).first()
         if not invoice:
@@ -171,7 +172,7 @@ async def update_invoice(request: Request, id: int, invoice_data: UpdateInvoiceR
         raise HTTPException(status_code=500, detail=str(e))
 
 @router.post('/{id}/mark-paid')
-async def mark_invoice_as_paid(request: Request, id: int, payment_data: MarkInvoicePaidRequest, current_user: User=Depends(authorize_roles('admin', 'accountant')), db: Session=Depends(get_db)):
+async def mark_invoice_as_paid(request: Request, id: int, payment_data: MarkInvoicePaidRequest, current_user: User=Depends(authorize_financial_access('admin', 'accountant')), db: Session=Depends(get_db)):
     try:
         request_id = get_request_id(request)
         amount = payment_data.amount

Backend/src/payments/routes/reconciliation_routes.py

@@ -8,6 +8,7 @@ from datetime import datetime
 from ...shared.config.database import get_db
 from ...shared.config.logging_config import get_logger
 from ...security.middleware.auth import authorize_roles, get_current_user
+from ...security.middleware.step_up_auth import authorize_financial_access
 from ...auth.models.user import User
 from ..services.reconciliation_service import reconciliation_service
 from ..models.reconciliation_exception import ExceptionStatus, ExceptionType
@@ -21,7 +22,7 @@ router = APIRouter(prefix='/financial/reconciliation', tags=['reconciliation'])
 async def run_reconciliation(
     start_date: Optional[str] = Query(None),
     end_date: Optional[str] = Query(None),
-    current_user: User = Depends(authorize_roles('admin', 'accountant')),
+    current_user: User = Depends(authorize_financial_access('admin', 'accountant')),
     db: Session = Depends(get_db)
 ):
     """Run reconciliation and detect exceptions."""
@@ -55,7 +56,7 @@ async def get_reconciliation_exceptions(
     severity: Optional[str] = Query(None),
     page: int = Query(1, ge=1),
     limit: int = Query(50, ge=1, le=100),
-    current_user: User = Depends(authorize_roles('admin', 'accountant')),
+    current_user: User = Depends(authorize_financial_access('admin', 'accountant')),
     db: Session = Depends(get_db)
 ):
     """Get reconciliation exceptions with filters."""
@@ -96,7 +97,7 @@ async def get_reconciliation_exceptions(
 async def assign_exception(
     exception_id: int,
     assign_data: dict,
-    current_user: User = Depends(authorize_roles('admin', 'accountant')),
+    current_user: User = Depends(authorize_financial_access('admin', 'accountant')),
     db: Session = Depends(get_db)
 ):
     """Assign an exception to a user."""
@@ -130,7 +131,7 @@ async def assign_exception(
 async def resolve_exception(
     exception_id: int,
     resolve_data: dict,
-    current_user: User = Depends(authorize_roles('admin', 'accountant')),
+    current_user: User = Depends(authorize_financial_access('admin', 'accountant')),
     db: Session = Depends(get_db)
 ):
     """Resolve an exception."""
@@ -165,7 +166,7 @@ async def resolve_exception(
 async def add_exception_comment(
     exception_id: int,
     comment_data: dict,
-    current_user: User = Depends(authorize_roles('admin', 'accountant')),
+    current_user: User = Depends(authorize_financial_access('admin', 'accountant')),
     db: Session = Depends(get_db)
 ):
     """Add a comment to an exception."""
@@ -198,7 +199,7 @@ async def add_exception_comment(
 
 @router.get('/exceptions/stats')
 async def get_exception_stats(
-    current_user: User = Depends(authorize_roles('admin', 'accountant')),
+    current_user: User = Depends(authorize_financial_access('admin', 'accountant')),
     db: Session = Depends(get_db)
 ):
     """Get statistics about reconciliation exceptions."""