fix: admin issue

This commit is contained in:
Timothy J. Baek 2024-02-10 17:54:33 -08:00
parent e5863d37c5
commit 3af8d16e6a
2 changed files with 9 additions and 7 deletions

View file

@ -32,9 +32,8 @@ async def get_users(skip: int = 0, limit: int = 50, user=Depends(get_admin_user)
@router.post("/update/role", response_model=Optional[UserModel])
async def update_user_role(
form_data: UserRoleUpdateForm, user=Depends(get_admin_user)
):
async def update_user_role(form_data: UserRoleUpdateForm, user=Depends(get_admin_user)):
if user.id != form_data.id:
return Users.update_user_role_by_id(form_data.id, form_data.role)
@ -115,4 +114,3 @@ async def delete_user_by_id(user_id: str, user=Depends(get_admin_user)):
status_code=status.HTTP_403_FORBIDDEN,
detail=ERROR_MESSAGES.ACTION_PROHIBITED,
)

View file

@ -58,7 +58,9 @@ def extract_token_from_auth_header(auth_header: str):
return auth_header[len("Bearer ") :]
def get_current_user(auth_token: HTTPAuthorizationCredentials = Depends(bearer_security)):
def get_current_user(
auth_token: HTTPAuthorizationCredentials = Depends(bearer_security),
):
data = decode_token(auth_token.credentials)
if data != None and "id" in data:
user = Users.get_user_by_id(data["id"])
@ -75,17 +77,19 @@ def get_current_user(auth_token: HTTPAuthorizationCredentials = Depends(bearer_s
)
def get_verified_user(user: Users = Depends(get_current_user)):
def get_verified_user(user=Depends(get_current_user)):
if user.role not in {"user", "admin"}:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
)
return user
def get_admin_user(user: Users = Depends(get_current_user)):
def get_admin_user(user=Depends(get_current_user)):
if user.role != "admin":
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
)
return user