fix: admin issue

This commit is contained in:
Timothy J. Baek 2024-02-10 17:54:33 -08:00
parent e5863d37c5
commit 3af8d16e6a
2 changed files with 9 additions and 7 deletions

View file

@ -32,9 +32,8 @@ async def get_users(skip: int = 0, limit: int = 50, user=Depends(get_admin_user)
@router.post("/update/role", response_model=Optional[UserModel]) @router.post("/update/role", response_model=Optional[UserModel])
async def update_user_role( async def update_user_role(form_data: UserRoleUpdateForm, user=Depends(get_admin_user)):
form_data: UserRoleUpdateForm, user=Depends(get_admin_user)
):
if user.id != form_data.id: if user.id != form_data.id:
return Users.update_user_role_by_id(form_data.id, form_data.role) return Users.update_user_role_by_id(form_data.id, form_data.role)
@ -115,4 +114,3 @@ async def delete_user_by_id(user_id: str, user=Depends(get_admin_user)):
status_code=status.HTTP_403_FORBIDDEN, status_code=status.HTTP_403_FORBIDDEN,
detail=ERROR_MESSAGES.ACTION_PROHIBITED, detail=ERROR_MESSAGES.ACTION_PROHIBITED,
) )

View file

@ -58,7 +58,9 @@ def extract_token_from_auth_header(auth_header: str):
return auth_header[len("Bearer ") :] return auth_header[len("Bearer ") :]
def get_current_user(auth_token: HTTPAuthorizationCredentials = Depends(bearer_security)): def get_current_user(
auth_token: HTTPAuthorizationCredentials = Depends(bearer_security),
):
data = decode_token(auth_token.credentials) data = decode_token(auth_token.credentials)
if data != None and "id" in data: if data != None and "id" in data:
user = Users.get_user_by_id(data["id"]) user = Users.get_user_by_id(data["id"])
@ -75,17 +77,19 @@ def get_current_user(auth_token: HTTPAuthorizationCredentials = Depends(bearer_s
) )
def get_verified_user(user: Users = Depends(get_current_user)): def get_verified_user(user=Depends(get_current_user)):
if user.role not in {"user", "admin"}: if user.role not in {"user", "admin"}:
raise HTTPException( raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED, status_code=status.HTTP_401_UNAUTHORIZED,
detail=ERROR_MESSAGES.ACCESS_PROHIBITED, detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
) )
return user
def get_admin_user(user: Users = Depends(get_current_user)): def get_admin_user(user=Depends(get_current_user)):
if user.role != "admin": if user.role != "admin":
raise HTTPException( raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED, status_code=status.HTTP_401_UNAUTHORIZED,
detail=ERROR_MESSAGES.ACCESS_PROHIBITED, detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
) )
return user