fix: allow partner portal SSR to reach admin_api (/me/) for impersonation

ALLOWED_HOSTS was missing partner.eventifyplus.com + docker internal hostnames (eventify-backend, eventify-django). Partner Next.js server-side authorize() fetch to /api/v1/auth/me/ was rejected with HTTP 400 DisallowedHost, so admin "Login as Partner" redirected to /login?error=ImpersonationFailed instead of /dashboard. Also added `partner` FK to UserSerializer so the /me/ response exposes the partner id the portal needs to set session.user.partnerId. Deployed to both eventify-backend and eventify-django containers via docker cp + HUP. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-22 10:30:58 +05:30
parent d9a2af7168
commit 46b391bd51
3 changed files with 15 additions and 1 deletions
--- a/admin_api/serializers.py
+++ b/admin_api/serializers.py
@@ -5,9 +5,10 @@ User = get_user_model()
 class UserSerializer(serializers.ModelSerializer):
    name = serializers.SerializerMethodField()
    role = serializers.SerializerMethodField()
+    partner = serializers.PrimaryKeyRelatedField(read_only=True)
    class Meta:
        model = User
-        fields = ['id', 'email', 'username', 'name', 'role']
+        fields = ['id', 'email', 'username', 'name', 'role', 'partner']
    def get_name(self, obj):
        return f"{obj.first_name} {obj.last_name}".strip() or obj.username
    def get_role(self, obj):