feat(service_professionals): Standardize authentication to use partner_id across all endpoints

- Update JWT token extraction to use partner_id instead of staff_id in all endpoints
- Modify get_my_profile and update_my_profile to extract partner_id from token payload
- Add staff_id, staff_code, and user_type to auth dependency return values for service professional context
- Update error messages to reference partner_id for consistency with system-wide authentication standard
- Clarify in documentation that partner_id contains staff_id value for service professionals
- Update JWT token structure documentation to show partner_id as primary identifier
- Ensure all database queries use partner_id for lookups while maintaining staff_id in token for reference

SERVICE_PROFESSIONALS_API_QUICK_REF.md

@@ -9,7 +9,7 @@ API for service professionals to view and update their own profile. Authenticati
 ```
 
 ## Authentication
-All endpoints require JWT authentication with `staff_id` in the token payload.
+All endpoints require JWT authentication with `partner_id` in the token payload (which contains the staff_id for service professionals).
 
 **Header:**
 ```

SERVICE_PROFESSIONALS_IMPLEMENTATION_SUMMARY.md

@@ -73,17 +73,18 @@ The following are handled by admin interfaces:
 ### Authentication Flow
 
 1. Service professional logs in via Auth-MS (OTP-based)
-2. Auth-MS returns JWT with staff_id in payload
+2. Auth-MS returns JWT with `partner_id` in payload (contains staff_id)
 3. Professional uses JWT to access SPA-MS endpoints
-4. SPA-MS extracts staff_id from JWT
-5. Operations performed on professional's own record
+4. SPA-MS extracts `partner_id` from JWT
+5. Operations performed on professional's own record using partner_id
 
 ### JWT Token Structure
 
 ```json
 {
-  "sub": "staff_id",
-  "staff_id": "550e8400-e29b-41d4-a716-446655440001",
+  "sub": "staff_id_value",
+  "partner_id": "staff_id_value",
+  "staff_id": "staff_id_value",
   "staff_code": "SP001",
   "user_type": "service_professional",
   "exp": 1234567890,
@@ -91,6 +92,8 @@ The following are handled by admin interfaces:
 }
 ```
 
+**Note:** `partner_id` is the standard identifier used across all microservices. For service professionals, it contains the `staff_id` value.
+
 ### Example Usage
 
 #### Get My Profile

app/dependencies/auth.py

@@ -52,13 +52,16 @@ async def verify_token(authorization: Optional[str] = Header(None)) -> dict:
         if not partner_id:
             raise HTTPException(
                 status_code=status.HTTP_401_UNAUTHORIZED,
-                detail="Token missing partner_id/user_id",
+                detail="Token missing partner_id/user_id/staff_id",
                 headers={"WWW-Authenticate": "Bearer"}
             )
         
         return {
             "partner_id": partner_id,
             "user_id": payload.get("user_id"),
+            "staff_id": payload.get("staff_id"),  # Include staff_id for service professionals
+            "staff_code": payload.get("staff_code"),  # Include staff_code for reference
+            "user_type": payload.get("user_type"),  # Include user_type to identify professional
             "merchant_id": payload.get("merchant_id"),
             "role": payload.get("role"),
             "email": payload.get("email"),

app/service_professionals/controllers/router.py

@@ -28,11 +28,11 @@ async def get_my_profile(
     Get current service professional's profile.
     
     Retrieves profile information for the authenticated service professional
-    based on staff_id from JWT token.
+    based on partner_id from JWT token (which contains staff_id).
     
     **Authentication:**
     - Requires valid JWT token in Authorization header
-    - Extracts staff_id from token
+    - Extracts partner_id from token (contains staff_id for service professionals)
     
     **Returns:**
     - Service professional profile details
@@ -43,20 +43,20 @@ async def get_my_profile(
     - 500: Server error
     """
     try:
-        # Extract staff_id from JWT token
-        staff_id = token_data.get("staff_id")
-        if not staff_id:
+        # Extract partner_id from JWT token (contains staff_id for service professionals)
+        partner_id = token_data.get("partner_id")
+        if not partner_id:
             raise HTTPException(
                 status_code=status.HTTP_401_UNAUTHORIZED,
-                detail="Staff ID not found in token"
+                detail="Partner ID not found in token"
             )
         
-        professional = await service.get_by_id(staff_id)
+        professional = await service.get_by_id(partner_id)
         
         if not professional:
             raise HTTPException(
                 status_code=status.HTTP_404_NOT_FOUND,
-                detail=f"Service professional with staff ID {staff_id} not found"
+                detail=f"Service professional not found"
             )
         
         return professional
@@ -81,7 +81,7 @@ async def update_my_profile(
     Update current service professional's profile.
     
     Allows service professionals to update their own profile information.
-    Staff ID is extracted from JWT token for security.
+    Partner ID is extracted from JWT token for security (contains staff_id).
     
     **Supports updating:**
     - Basic info (name, designation, role, phone, email)
@@ -92,7 +92,7 @@ async def update_my_profile(
     
     **Authentication:**
     - Requires valid JWT token in Authorization header
-    - Extracts staff_id from token
+    - Extracts partner_id from token (contains staff_id for service professionals)
     - Can only update own profile
     
     **Request Body:**
@@ -110,16 +110,16 @@ async def update_my_profile(
     - 500: Server error
     """
     try:
-        # Extract staff_id from JWT token
-        staff_id = token_data.get("staff_id")
-        if not staff_id:
+        # Extract partner_id from JWT token (contains staff_id for service professionals)
+        partner_id = token_data.get("partner_id")
+        if not partner_id:
             raise HTTPException(
                 status_code=status.HTTP_401_UNAUTHORIZED,
-                detail="Staff ID not found in token"
+                detail="Partner ID not found in token"
             )
         
-        # Extract updated_by from token (use staff_id as identifier)
-        updated_by = staff_id
+        # Extract updated_by from token (use partner_id as identifier)
+        updated_by = partner_id
         
         # Only include fields that were actually provided
         update_data = request.dict(exclude_unset=True)
@@ -131,7 +131,7 @@ async def update_my_profile(
             )
         
         professional = await service.update(
-            staff_id=staff_id,
+            partner_id=partner_id,
             data=update_data,
             updated_by=updated_by
         )
@@ -139,7 +139,7 @@ async def update_my_profile(
         if not professional:
             raise HTTPException(
                 status_code=status.HTTP_404_NOT_FOUND,
-                detail=f"Service professional with staff ID {staff_id} not found"
+                detail=f"Service professional not found"
             )
         
         return professional

app/service_professionals/models/model.py

@@ -22,7 +22,7 @@ class AddressModel(BaseModel):
 
 class ServiceProfessionalModel(BaseModel):
     """Service Professional model for MongoDB."""
-    staff_id: str = Field(..., description="Unique staff identifier")
+    partner_id: str = Field(..., description="Unique partner identifier")
     staff_code: str = Field(..., description="Staff code for identification")
     name: str = Field(..., description="Full name")
     designation: str = Field(..., description="Job designation/title")
@@ -42,7 +42,7 @@ class ServiceProfessionalModel(BaseModel):
     class Config:
         json_schema_extra = {
             "example": {
-                "staff_id": "550e8400-e29b-41d4-a716-446655440001",
+                "partner_id": "550e8400-e29b-41d4-a716-446655440001",
                 "staff_code": "SP001",
                 "name": "Priya Sharma",
                 "designation": "Senior Beautician",

app/service_professionals/schemas/schema.py

@@ -46,7 +46,7 @@ class ServiceProfessionalUpdateRequest(BaseModel):
 
 class ServiceProfessionalResponse(BaseModel):
     """Response schema for service professional."""
-    staff_id: str
+    partner_id: str
     staff_code: str
     name: str
     designation: str

app/service_professionals/services/service.py

@@ -19,23 +19,23 @@ class ServiceProfessionalService:
         self.db: AsyncIOMotorDatabase = get_database()
         self.collection = self.db[SERVICE_PROFESSIONALS_COLLECTION]
     
-    async def get_by_id(self, staff_id: str) -> Optional[ServiceProfessionalModel]:
+    async def get_by_id(self, partner_id: str) -> Optional[ServiceProfessionalModel]:
         """
-        Get service professional by ID.
+        Get service professional by partner ID.
         
         Args:
-            staff_id: Staff ID
+            partner_id: Partner ID
             
         Returns:
             Service professional or None
         """
         try:
-            doc = await self.collection.find_one({"staff_id": staff_id, "is_deleted": False})
+            doc = await self.collection.find_one({"partner_id": partner_id, "is_deleted": False})
             if doc:
                 return ServiceProfessionalModel(**doc)
             return None
         except Exception as e:
-            logger.error(f"Error fetching service professional {staff_id}: {str(e)}", exc_info=True)
+            logger.error(f"Error fetching service professional {partner_id}: {str(e)}", exc_info=True)
             raise HTTPException(
                 status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
                 detail="Failed to fetch service professional"
@@ -43,7 +43,7 @@ class ServiceProfessionalService:
     
     async def update(
         self,
-        staff_id: str,
+        partner_id: str,
         data: Dict,
         updated_by: str
     ) -> Optional[ServiceProfessionalModel]:
@@ -51,7 +51,7 @@ class ServiceProfessionalService:
         Update service professional.
         
         Args:
-            staff_id: Staff ID
+            partner_id: Partner ID
             data: Update data
             updated_by: Username of updater
             
@@ -63,7 +63,7 @@ class ServiceProfessionalService:
         """
         try:
             # Check if exists
-            existing = await self.collection.find_one({"staff_id": staff_id, "is_deleted": False})
+            existing = await self.collection.find_one({"partner_id": partner_id, "is_deleted": False})
             if not existing:
                 return None
             
@@ -71,7 +71,7 @@ class ServiceProfessionalService:
             if "staff_code" in data and data["staff_code"] != existing.get("staff_code"):
                 code_exists = await self.collection.find_one({
                     "staff_code": data["staff_code"],
-                    "staff_id": {"$ne": staff_id},
+                    "partner_id": {"$ne": partner_id},
                     "is_deleted": False
                 })
                 if code_exists:
@@ -84,7 +84,7 @@ class ServiceProfessionalService:
             if "phone" in data and data["phone"] != existing.get("phone"):
                 phone_exists = await self.collection.find_one({
                     "phone": data["phone"],
-                    "staff_id": {"$ne": staff_id},
+                    "partner_id": {"$ne": partner_id},
                     "is_deleted": False
                 })
                 if phone_exists:
@@ -105,21 +105,21 @@ class ServiceProfessionalService:
             
             # Update document
             await self.collection.update_one(
-                {"staff_id": staff_id},
+                {"partner_id": partner_id},
                 {"$set": data}
             )
             
             # Fetch updated document
-            updated_doc = await self.collection.find_one({"staff_id": staff_id})
+            updated_doc = await self.collection.find_one({"partner_id": partner_id})
             
-            logger.info(f"Updated service professional: {staff_id}")
+            logger.info(f"Updated service professional: {partner_id}")
             
             return ServiceProfessionalModel(**updated_doc)
             
         except HTTPException:
             raise
         except Exception as e:
-            logger.error(f"Error updating service professional {staff_id}: {str(e)}", exc_info=True)
+            logger.error(f"Error updating service professional {partner_id}: {str(e)}", exc_info=True)
             raise HTTPException(
                 status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
                 detail="Failed to update service professional"