slococo
/
fids
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update checkAuth with roles

This commit is contained in:
bsquillari 2023-12-04 19:54:29 +00:00
parent 1079da8418
commit d8aa2dde19
3 changed files with 15 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
flights-domain/flights-information/src/api/cruds/flight.py
View File

@ -105,8 +105,8 @@ def update_flight(db: Session, update_data, id):
db_flight = db.query(Flight).filter(Flight.id == id).first() db_flight = db.query(Flight).filter(Flight.id == id).first()
if db_flight is None: if db_flight is None:
raise KeyError raise KeyError
if db_flight.user_id != update_data["user_id"]: # if db_flight.user_id != update_data["user_id"] and role != "admin":
raise PermissionError # raise PermissionError
new_flight = Flight( new_flight = Flight(
**{ **{
@ -135,7 +135,8 @@ def update_flight(db: Session, update_data, id):
raise ValueError("collision") raise ValueError("collision")
for key, value in update_data.items(): for key, value in update_data.items():
setattr(db_flight, key, value) if key != "user_id":
setattr(db_flight, key, value)
setattr(db_flight, "last_updated", func.now()) setattr(db_flight, "last_updated", func.now())
db.commit() db.commit()

17
gateway/src/api/routes/auth.py
View File

@ -50,22 +50,19 @@ async def status(req: Request, authorization: Annotated[str | None, Header()] =
async def checkAuth( async def checkAuth(
req: Request, req: Request,
authorization: Annotated[str | None, Header()] = None, authorization: Annotated[str | None, Header()] = None,
isAirline=False, roles=["user", "airline", "admin"],
userId=None, userId=None,
): ):
response = await status(req, authorization) response = await status(req, authorization)
if isAirline: if response["role"] not in roles:
if response["role"] == "airline": raise HTTPException(
return response["id"] status_code=403, detail="You don't have the required permissions."
else: )
raise HTTPException( if userId:
status_code=403, detail="You don't have the required permissions."
)
elif userId:
if response["id"] != int(userId): if response["id"] != int(userId):
raise HTTPException( raise HTTPException(
status_code=403, detail="You don't have the required permissions." status_code=403, detail="You don't have the required permissions."
) )
return None return None
else: else:
return response["id"] return response

8
gateway/src/api/routes/flights.py
View File

@ -29,9 +29,9 @@ async def create_flight(
req: Request, req: Request,
authorization: Annotated[str | None, Header()] = None, authorization: Annotated[str | None, Header()] = None,
): ):
id = await checkAuth(req, authorization, isAirline=True) authData = await checkAuth(req, authorization, roles=["airline"])
flight_data = flight.model_dump() flight_data = flight.model_dump()
flight_data["user_id"] = id flight_data["user_id"] = authData["id"]
request_id = req.state.request_id request_id = req.state.request_id
header = {"x-api-request-id": request_id} header = {"x-api-request-id": request_id}
(response, status, _) = await request( (response, status, _) = await request(
@ -66,9 +66,9 @@ async def update_flight(
req: Request, req: Request,
authorization: Annotated[str | None, Header()] = None, authorization: Annotated[str | None, Header()] = None,
): ):
user_id = await checkAuth(req, authorization, isAirline=True) authData = await checkAuth(req, authorization, roles=["airline", "admin"])
update = flight_update.model_dump() update = flight_update.model_dump()
update["user_id"] = user_id update["user_id"] = authData["id"]
request_id = req.state.request_id request_id = req.state.request_id
header = {"x-api-request-id": request_id} header = {"x-api-request-id": request_id}
(response, status, _) = await request( (response, status, _) = await request(