gitark/taskncoffee
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix dep user for endpoints

Browse Source
This commit is contained in:
IluaAir
2025-09-28 22:18:23 +03:00
parent 23927e5347
commit ddaa5b0c74
3 changed files with 27 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
src/api/v1/tasks.py
View File

@@ -1,28 +1,20 @@
from typing import Annotated from typing import Annotated
from fastapi import APIRouter, Body, Depends from fastapi import APIRouter, Body, Depends, HTTPException
from src.api.dependacies.db_dep import sessionDep from src.api.dependacies.db_dep import sessionDep
from src.api.dependacies.task_dep import TaskFilterDep from src.api.dependacies.user_dep import ActiveUser
from src.api.dependacies.user_dep import ActiveUser, TaskOwnerDep
from src.schemas.tasks import TaskADDRequest, TaskPATCHRequest from src.schemas.tasks import TaskADDRequest, TaskPATCHRequest
from src.services.tasks import TaskService from src.services.tasks import TaskService
from src.services.users import UserService
router = APIRouter(prefix="/tasks", tags=["Tasks"]) router = APIRouter(prefix="/tasks", tags=["Tasks"])
@router.get("/")
async def get_tasks(session: sessionDep, user: ActiveUser, filter: TaskFilterDep):
result = await UserService(session).get_user_with_tasks(
user_id=user.id, **filter.model_dump(exclude_unset=True)
)
return result
@router.get("/{id}") @router.get("/{id}")
async def get_task_id(session: sessionDep, id: int, _: TaskOwnerDep): async def get_task_id(session: sessionDep, id: int, user: ActiveUser):
task = await TaskService(session).get_task(id) task = await TaskService(session).get_task(id)
if task.user_id != user.id and user.is_superuser is False:
raise HTTPException(status_code=403, detail="Forbidden")
return task return task
@@ -42,17 +34,26 @@ async def post_task(
async def patch_task( async def patch_task(
session: sessionDep, session: sessionDep,
id: int, id: int,
_: TaskOwnerDep, user: ActiveUser,
task_data: TaskPATCHRequest = Body(), task_data: TaskPATCHRequest = Body(),
): ):
task = await TaskService(session).update_task(id, task_data) if user.is_superuser is False:
return task task = await TaskService(session).get_task(id)
if task.user_id != user.id:
raise HTTPException(status_code=403, detail="Forbidden")
updated_task = await TaskService(session).update_task(id, task_data)
return updated_task
@router.delete("/{id}") @router.delete("/{id}")
async def delete_task( async def delete_task(
session: sessionDep, session: sessionDep,
id: int, id: int,
_: TaskOwnerDep, user: ActiveUser,
): ):
if user.is_superuser is False:
task = await TaskService(session).get_task(id)
if task.user_id != user.id:
raise HTTPException(status_code=403, detail="Forbidden")
await TaskService(session).delete_task(id) await TaskService(session).delete_task(id)
return {"message": "Task deleted successfully"}

9
src/api/v1/users.py
View File

@@ -4,7 +4,6 @@ from src.api.dependacies.db_dep import sessionDep
from src.api.dependacies.user_dep import ( from src.api.dependacies.user_dep import (
ActiveUser, ActiveUser,
AdminUser, AdminUser,
OwnerDep,
) )
from src.core.settings import settings from src.core.settings import settings
from src.schemas.users import UserUpdate from src.schemas.users import UserUpdate
@@ -20,7 +19,7 @@ async def get_all_users(session: sessionDep, _: AdminUser):
@router.get("/{id}") @router.get("/{id}")
async def get_user_by_id(session: sessionDep, id: int, _: OwnerDep): async def get_user_by_id(session: sessionDep, id: int, _: AdminUser):
user = await UserService(session).get_user_by_filter_or_raise(id=id) user = await UserService(session).get_user_by_filter_or_raise(id=id)
return user return user
@@ -39,9 +38,11 @@ async def get_user_tasks(session: sessionDep, id: int, user: ActiveUser):
async def patch_user( async def patch_user(
session: sessionDep, session: sessionDep,
id: int, id: int,
_: OwnerDep, user: ActiveUser,
user_update: UserUpdate = Body(), user_update: UserUpdate = Body(),
): ):
if user.id != id and user.is_superuser is False:
raise HTTPException(status_code=403, detail="Forbidden")
updated_user = await UserService(session).update_user( updated_user = await UserService(session).update_user(
id=id, update_data=user_update id=id, update_data=user_update
) )
@@ -49,6 +50,6 @@ async def patch_user(
@router.delete("/{id}") @router.delete("/{id}")
async def delete_user(session: sessionDep, id: int, _: AdminUser): async def delete_user(session: sessionDep, id: int, user: AdminUser):
await UserService(session).delete_user(id) await UserService(session).delete_user(id)
return {"message": "User deleted successfully"} return {"message": "User deleted successfully"}

8
src/services/tasks.py
View File

@@ -1,13 +1,10 @@
from fastapi import HTTPException from fastapi import HTTPException
from src.models.tasks import TasksORM
from src.schemas.tasks import Task, TaskADDRequest, TaskPATCHRequest from src.schemas.tasks import Task, TaskADDRequest, TaskPATCHRequest
from src.services.base import BaseService from src.services.base import BaseService
class TaskService(BaseService): class TaskService(BaseService):
model = TasksORM
async def create_task(self, user_id: int, task_data: TaskADDRequest) -> Task: async def create_task(self, user_id: int, task_data: TaskADDRequest) -> Task:
user = await self.session.user.get_one_or_none(id=user_id) user = await self.session.user.get_one_or_none(id=user_id)
if user is None: if user is None:
@@ -29,7 +26,10 @@ class TaskService(BaseService):
await self.session.commit() await self.session.commit()
async def update_task( async def update_task(
self, task_id: int, task_data: TaskPATCHRequest, exclude_unset: bool = True self,
task_id: int,
task_data: TaskPATCHRequest,
exclude_unset: bool = True,
): ):
task = await self.session.task.update_one( task = await self.session.task.update_one(
id=task_id, data=task_data.model_dump(exclude_unset=exclude_unset) id=task_id, data=task_data.model_dump(exclude_unset=exclude_unset)