From 3af8d16e6ad24f7a5fd5c6de30fb61b31e62f1c8 Mon Sep 17 00:00:00 2001
From: "Timothy J. Baek" <timothyjrbeck@gmail.com>
Date: Sat, 10 Feb 2024 17:54:33 -0800
Subject: [PATCH] fix: admin issue

---
 backend/apps/web/routers/users.py |  6 ++----
 backend/utils/utils.py            | 10 +++++++---
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/backend/apps/web/routers/users.py b/backend/apps/web/routers/users.py
index ce4cac77..18c6c620 100644
--- a/backend/apps/web/routers/users.py
+++ b/backend/apps/web/routers/users.py
@@ -32,9 +32,8 @@ async def get_users(skip: int = 0, limit: int = 50, user=Depends(get_admin_user)
 
 
 @router.post("/update/role", response_model=Optional[UserModel])
-async def update_user_role(
-    form_data: UserRoleUpdateForm, user=Depends(get_admin_user)
-):
+async def update_user_role(form_data: UserRoleUpdateForm, user=Depends(get_admin_user)):
+
     if user.id != form_data.id:
         return Users.update_user_role_by_id(form_data.id, form_data.role)
 
@@ -115,4 +114,3 @@ async def delete_user_by_id(user_id: str, user=Depends(get_admin_user)):
         status_code=status.HTTP_403_FORBIDDEN,
         detail=ERROR_MESSAGES.ACTION_PROHIBITED,
     )
-
diff --git a/backend/utils/utils.py b/backend/utils/utils.py
index 97b4afb2..c6d01814 100644
--- a/backend/utils/utils.py
+++ b/backend/utils/utils.py
@@ -58,7 +58,9 @@ def extract_token_from_auth_header(auth_header: str):
     return auth_header[len("Bearer ") :]
 
 
-def get_current_user(auth_token: HTTPAuthorizationCredentials = Depends(bearer_security)):
+def get_current_user(
+    auth_token: HTTPAuthorizationCredentials = Depends(bearer_security),
+):
     data = decode_token(auth_token.credentials)
     if data != None and "id" in data:
         user = Users.get_user_by_id(data["id"])
@@ -75,17 +77,19 @@ def get_current_user(auth_token: HTTPAuthorizationCredentials = Depends(bearer_s
         )
 
 
-def get_verified_user(user: Users = Depends(get_current_user)):
+def get_verified_user(user=Depends(get_current_user)):
     if user.role not in {"user", "admin"}:
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED,
             detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
         )
+    return user
 
 
-def get_admin_user(user: Users = Depends(get_current_user)):
+def get_admin_user(user=Depends(get_current_user)):
     if user.role != "admin":
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED,
             detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
         )
+    return user