Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Userdata fixes. #8

Merged
merged 3 commits into from
Jul 29, 2023
Merged

Userdata fixes. #8

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
1b32b32
Userdata fixes.
Temmmmmo Jul 28, 2023
f16f7db
Fixes after review
Temmmmmo Jul 28, 2023
99f2514
Update user.py
Temmmmmo Jul 28, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion userdata_api/settings.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
class Settings(BaseSettings):
"""Application settings"""

DB_DSN: PostgresDsn
DB_DSN: PostgresDsn = 'postgresql://postgres@localhost:5432/postgres'
ROOT_PATH: str = '/' + os.getenv("APP_NAME", "")

CORS_ALLOW_ORIGINS: list[str] = ['*']
Expand Down
10 changes: 7 additions & 3 deletions userdata_api/utils/user.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ async def patch_user_info(
raise Forbidden(f"Admin source requires 'userdata.info.admin' scope")
if new.source != "admin" and new.source != "user":
raise Forbidden("HTTP protocol applying only 'admin' and 'user' source")
if new.source == "user" and user["user_id"] != user_id:
if new.source == "user" and user["id"] != user_id:
raise Forbidden(f"'user' source requires information own")
for item in new.items:
param = (
Expand All @@ -50,7 +50,11 @@ async def patch_user_info(
)
if not param:
raise ObjectNotFound(Param, item.param)
if param.category.update_scope not in scope_names and not (new.source == "user" and user["user_id"] == user_id):
if (
param.category.update_scope is not None
and param.category.update_scope not in scope_names
and not (new.source == "user" and user["id"] == user_id)
):
db.session.rollback()
raise Forbidden(f"Updating category {param.category.name=} requires {param.category.update_scope=} scope")
info = (
Expand Down Expand Up @@ -105,7 +109,7 @@ async def get_user_info(user_id: int, user: dict[str, int | list[dict[str, str |
param_dict: dict[Param, list[Info] | Info | None] = {}
for info in infos:
## Проверка доступов - нужен либо скоуп на категориию либо нужно быть овнером информации
if info.category.read_scope and info.category.read_scope not in scope_names and user["user_id"] != user_id:
if info.category.read_scope and info.category.read_scope not in scope_names and user["id"] != user_id:
continue
if info.param not in param_dict.keys():
param_dict[info.param] = [] if info.param.pytype == list[str] else None
Expand Down