Update checkAuth with roles

2023-12-04 19:54:29 +00:00 · 2023-12-04 19:54:29 +00:00 · d8aa2dde19
parent 1079da8418
commit d8aa2dde19
3 changed files with 15 additions and 17 deletions
--- a/flights-domain/flights-information/src/api/cruds/flight.py
+++ b/flights-domain/flights-information/src/api/cruds/flight.py
@ -105,8 +105,8 @@ def update_flight(db: Session, update_data, id):
    db_flight = db.query(Flight).filter(Flight.id == id).first()
    if db_flight is None:
        raise KeyError
-    if db_flight.user_id != update_data["user_id"]:
-        raise PermissionError
+    # if db_flight.user_id != update_data["user_id"] and role != "admin":
+    #     raise PermissionError

    new_flight = Flight(
        **{
@ -135,7 +135,8 @@ def update_flight(db: Session, update_data, id):
        raise ValueError("collision")

    for key, value in update_data.items():
-        setattr(db_flight, key, value)
+        if key != "user_id":
+            setattr(db_flight, key, value)
    setattr(db_flight, "last_updated", func.now())

    db.commit()
--- a/gateway/src/api/routes/auth.py
+++ b/gateway/src/api/routes/auth.py
@ -50,22 +50,19 @@ async def status(req: Request, authorization: Annotated[str | None, Header()] =
 async def checkAuth(
    req: Request,
    authorization: Annotated[str | None, Header()] = None,
-    isAirline=False,
+    roles=["user", "airline", "admin"],
    userId=None,
 ):
    response = await status(req, authorization)
-    if isAirline:
-        if response["role"] == "airline":
-            return response["id"]
-        else:
-            raise HTTPException(
-                status_code=403, detail="You don't have the required permissions."
-            )
-    elif userId:
+    if response["role"] not in roles:
+        raise HTTPException(
+            status_code=403, detail="You don't have the required permissions."
+        )
+    if userId:
        if response["id"] != int(userId):
            raise HTTPException(
                status_code=403, detail="You don't have the required permissions."
            )
        return None
    else:
-        return response["id"]
+        return response
--- a/gateway/src/api/routes/flights.py
+++ b/gateway/src/api/routes/flights.py
@ -29,9 +29,9 @@ async def create_flight(
    req: Request,
    authorization: Annotated[str | None, Header()] = None,
 ):
-    id = await checkAuth(req, authorization, isAirline=True)
+    authData = await checkAuth(req, authorization, roles=["airline"])
    flight_data = flight.model_dump()
-    flight_data["user_id"] = id
+    flight_data["user_id"] = authData["id"]
    request_id = req.state.request_id
    header = {"x-api-request-id": request_id}
    (response, status, _) = await request(
@ -66,9 +66,9 @@ async def update_flight(
    req: Request,
    authorization: Annotated[str | None, Header()] = None,
 ):
-    user_id = await checkAuth(req, authorization, isAirline=True)
+    authData = await checkAuth(req, authorization, roles=["airline", "admin"])
    update = flight_update.model_dump()
-    update["user_id"] = user_id
+    update["user_id"] = authData["id"]
    request_id = req.state.request_id
    header = {"x-api-request-id": request_id}
    (response, status, _) = await request(