fix dep user for endpoints
This commit is contained in:
IluaAir
@@ -1,28 +1,20 @@
|
||||
from typing import Annotated
|
||||
|
||||
from fastapi import APIRouter, Body, Depends
|
||||
from fastapi import APIRouter, Body, Depends, HTTPException
|
||||
|
||||
from src.api.dependacies.db_dep import sessionDep
|
||||
from src.api.dependacies.task_dep import TaskFilterDep
|
||||
from src.api.dependacies.user_dep import ActiveUser, TaskOwnerDep
|
||||
from src.api.dependacies.user_dep import ActiveUser
|
||||
from src.schemas.tasks import TaskADDRequest, TaskPATCHRequest
|
||||
from src.services.tasks import TaskService
|
||||
from src.services.users import UserService
|
||||
|
||||
router = APIRouter(prefix="/tasks", tags=["Tasks"])
|
||||
|
||||
|
||||
@router.get("/")
|
||||
async def get_tasks(session: sessionDep, user: ActiveUser, filter: TaskFilterDep):
|
||||
result = await UserService(session).get_user_with_tasks(
|
||||
user_id=user.id, **filter.model_dump(exclude_unset=True)
|
||||
)
|
||||
return result
|
||||
|
||||
|
||||
@router.get("/{id}")
|
||||
async def get_task_id(session: sessionDep, id: int, _: TaskOwnerDep):
|
||||
async def get_task_id(session: sessionDep, id: int, user: ActiveUser):
|
||||
task = await TaskService(session).get_task(id)
|
||||
if task.user_id != user.id and user.is_superuser is False:
|
||||
raise HTTPException(status_code=403, detail="Forbidden")
|
||||
return task
|
||||
|
||||
|
||||
@@ -42,17 +34,26 @@ async def post_task(
|
||||
async def patch_task(
|
||||
session: sessionDep,
|
||||
id: int,
|
||||
_: TaskOwnerDep,
|
||||
user: ActiveUser,
|
||||
task_data: TaskPATCHRequest = Body(),
|
||||
):
|
||||
task = await TaskService(session).update_task(id, task_data)
|
||||
return task
|
||||
if user.is_superuser is False:
|
||||
task = await TaskService(session).get_task(id)
|
||||
if task.user_id != user.id:
|
||||
raise HTTPException(status_code=403, detail="Forbidden")
|
||||
updated_task = await TaskService(session).update_task(id, task_data)
|
||||
return updated_task
|
||||
|
||||
|
||||
@router.delete("/{id}")
|
||||
async def delete_task(
|
||||
session: sessionDep,
|
||||
id: int,
|
||||
_: TaskOwnerDep,
|
||||
user: ActiveUser,
|
||||
):
|
||||
if user.is_superuser is False:
|
||||
task = await TaskService(session).get_task(id)
|
||||
if task.user_id != user.id:
|
||||
raise HTTPException(status_code=403, detail="Forbidden")
|
||||
await TaskService(session).delete_task(id)
|
||||
return {"message": "Task deleted successfully"}
|
||||
|
||||
@@ -4,7 +4,6 @@ from src.api.dependacies.db_dep import sessionDep
|
||||
from src.api.dependacies.user_dep import (
|
||||
ActiveUser,
|
||||
AdminUser,
|
||||
OwnerDep,
|
||||
)
|
||||
from src.core.settings import settings
|
||||
from src.schemas.users import UserUpdate
|
||||
@@ -20,7 +19,7 @@ async def get_all_users(session: sessionDep, _: AdminUser):
|
||||
|
||||
|
||||
@router.get("/{id}")
|
||||
async def get_user_by_id(session: sessionDep, id: int, _: OwnerDep):
|
||||
async def get_user_by_id(session: sessionDep, id: int, _: AdminUser):
|
||||
user = await UserService(session).get_user_by_filter_or_raise(id=id)
|
||||
return user
|
||||
|
||||
@@ -39,9 +38,11 @@ async def get_user_tasks(session: sessionDep, id: int, user: ActiveUser):
|
||||
async def patch_user(
|
||||
session: sessionDep,
|
||||
id: int,
|
||||
_: OwnerDep,
|
||||
user: ActiveUser,
|
||||
user_update: UserUpdate = Body(),
|
||||
):
|
||||
if user.id != id and user.is_superuser is False:
|
||||
raise HTTPException(status_code=403, detail="Forbidden")
|
||||
updated_user = await UserService(session).update_user(
|
||||
id=id, update_data=user_update
|
||||
)
|
||||
@@ -49,6 +50,6 @@ async def patch_user(
|
||||
|
||||
|
||||
@router.delete("/{id}")
|
||||
async def delete_user(session: sessionDep, id: int, _: AdminUser):
|
||||
async def delete_user(session: sessionDep, id: int, user: AdminUser):
|
||||
await UserService(session).delete_user(id)
|
||||
return {"message": "User deleted successfully"}
|
||||
|
||||
@@ -1,13 +1,10 @@
|
||||
from fastapi import HTTPException
|
||||
|
||||
from src.models.tasks import TasksORM
|
||||
from src.schemas.tasks import Task, TaskADDRequest, TaskPATCHRequest
|
||||
from src.services.base import BaseService
|
||||
|
||||
|
||||
class TaskService(BaseService):
|
||||
model = TasksORM
|
||||
|
||||
async def create_task(self, user_id: int, task_data: TaskADDRequest) -> Task:
|
||||
user = await self.session.user.get_one_or_none(id=user_id)
|
||||
if user is None:
|
||||
@@ -29,7 +26,10 @@ class TaskService(BaseService):
|
||||
await self.session.commit()
|
||||
|
||||
async def update_task(
|
||||
self, task_id: int, task_data: TaskPATCHRequest, exclude_unset: bool = True
|
||||
self,
|
||||
task_id: int,
|
||||
task_data: TaskPATCHRequest,
|
||||
exclude_unset: bool = True,
|
||||
):
|
||||
task = await self.session.task.update_one(
|
||||
id=task_id, data=task_data.model_dump(exclude_unset=exclude_unset)
|
||||
|
||||
Reference in New Issue
Block a user