gitark/taskncoffee
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix dep user for endpoints

Browse Source
This commit is contained in:
IluaAir
2025-09-28 22:18:23 +03:00
parent 23927e5347
commit ddaa5b0c74
3 changed files with 27 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
src/api/v1/tasks.py
View File

@@ -1,28 +1,20 @@
from typing import Annotated
from fastapi import APIRouter, Body, Depends
from fastapi import APIRouter, Body, Depends, HTTPException
from src.api.dependacies.db_dep import sessionDep
from src.api.dependacies.task_dep import TaskFilterDep
from src.api.dependacies.user_dep import ActiveUser, TaskOwnerDep
from src.api.dependacies.user_dep import ActiveUser
from src.schemas.tasks import TaskADDRequest, TaskPATCHRequest
from src.services.tasks import TaskService
from src.services.users import UserService
router = APIRouter(prefix="/tasks", tags=["Tasks"])
@router.get("/")
async def get_tasks(session: sessionDep, user: ActiveUser, filter: TaskFilterDep):
result = await UserService(session).get_user_with_tasks(
user_id=user.id, **filter.model_dump(exclude_unset=True)
)
return result
@router.get("/{id}")
async def get_task_id(session: sessionDep, id: int, _: TaskOwnerDep):
async def get_task_id(session: sessionDep, id: int, user: ActiveUser):
task = await TaskService(session).get_task(id)
if task.user_id != user.id and user.is_superuser is False:
raise HTTPException(status_code=403, detail="Forbidden")
return task
@@ -42,17 +34,26 @@ async def post_task(
async def patch_task(
session: sessionDep,
id: int,
_: TaskOwnerDep,
user: ActiveUser,
task_data: TaskPATCHRequest = Body(),
):
task = await TaskService(session).update_task(id, task_data)
return task
if user.is_superuser is False:
task = await TaskService(session).get_task(id)
if task.user_id != user.id:
raise HTTPException(status_code=403, detail="Forbidden")
updated_task = await TaskService(session).update_task(id, task_data)
return updated_task
@router.delete("/{id}")
async def delete_task(
session: sessionDep,
id: int,
_: TaskOwnerDep,
user: ActiveUser,
):
if user.is_superuser is False:
task = await TaskService(session).get_task(id)
if task.user_id != user.id:
raise HTTPException(status_code=403, detail="Forbidden")
await TaskService(session).delete_task(id)
return {"message": "Task deleted successfully"}