Adding simple permission to routes

2023-03-08 15:08:45 +01:00
parent ac3268e6c8
commit bf536fe8f7
5 changed files with 36 additions and 27 deletions
--- a/back/app/contract/init.py
+++ b/back/app/contract/init.py
@@ -10,24 +10,19 @@ from .schemas import ContractCreate, ContractRead, ContractUpdate

 from ..entity.models import Entity
 from ..template.models import ProvisionTemplate
+from ..user.manager import get_current_user, get_current_superuser

 contract_router = get_crud_router(Contract, ContractCreate, ContractRead, ContractUpdate)
 del(contract_router.routes[0])
 del(contract_router.routes[2])
 del(contract_router.routes[2])

-contract_router.include_router(draft_router, prefix="/draft", tags=["draft"], )
-contract_router.include_router(print_router, prefix="/print", tags=["print"], )
-
-
-def can_create_contract():
-    class User:
-        entity_id = '63d127bcf355de8e65a193e1'
-    return User()
+contract_router.include_router(draft_router, prefix="/draft", )
+contract_router.include_router(print_router, prefix="/print", )


@contract_router.post("/", response_description="Contract Successfully created")
-async def create(item: ContractCreate, user=Depends(can_create_contract)) -> dict:
+async def create(item: ContractCreate, user=Depends(get_current_user)) -> dict:
    await item.validate_foreign_key()

    draft = await ContractDraft.get(item.draft_id)
@@ -72,5 +67,15 @@ async def create(item: ContractCreate, user=Depends(can_create_contract)) -> dic


@contract_router.put("/{id}", response_description="")
-async def update(id: str, req: ContractUpdate) -> ContractRead:
+async def update(id: str, contract_form: ContractUpdate, user=Depends(get_current_superuser)) -> ContractRead:
    raise HTTPException(status_code=400, detail="No modification on contract")
+
+
+@contract_router.get("/signature/{signature_id}", response_description="")
+async def get_signature(signature_id: str) -> ContractRead:
+    raise HTTPException(status_code=500, detail="Not implemented")
+
+
+@contract_router.post("/signature/{signature_id}", response_description="")
+async def affix_signature(signature_id: str, signature_form: ContractCreate) -> ContractRead:
+    raise HTTPException(status_code=500, detail="Not implemented")
--- a/back/app/core/routes.py
+++ b/back/app/core/routes.py
@@ -1,10 +1,12 @@
 from beanie import PydanticObjectId
 from beanie.operators import And, RegEx, Eq

-from fastapi import APIRouter, HTTPException
+from fastapi import APIRouter, HTTPException, Depends
 from fastapi_paginate import Page, Params, add_pagination
 from fastapi_paginate.ext.motor import paginate

+from ..user.manager import get_current_user, get_current_superuser
+

 def parse_sort(sort_by):
    if not sort_by:
@@ -55,18 +57,19 @@ def get_crud_router(model, model_create, model_read, model_update):
    router = APIRouter()

    @router.post("/", response_description="{} added to the database".format(model.__name__))
-    async def create(item: model_create) -> dict:
+    async def create(item: model_create, user=Depends(get_current_user)) -> dict:
        await item.validate_foreign_key()
        o = await model(**item.dict()).create()
        return {"message": "{} added successfully".format(model.__name__), "id": o.id}

    @router.get("/{id}", response_description="{} record retrieved".format(model.__name__))
-    async def read_id(id: PydanticObjectId) -> model_read:
+    async def read_id(id: PydanticObjectId, user=Depends(get_current_user)) -> model_read:
        item = await model.get(id)
        return model_read(**item.dict())

    @router.get("/", response_model=Page[model_read], response_description="{} records retrieved".format(model.__name__))
-    async def read_list(size: int = 50, page: int = 1, sort_by: str = None, query: str = None) -> Page[model_read]:
+    async def read_list(size: int = 50, page: int = 1, sort_by: str = None, query: str = None,
+                        user=Depends(get_current_user)) -> Page[model_read]:
        sort = parse_sort(sort_by)
        query = parse_query(query, model_read)

@@ -75,7 +78,7 @@ def get_crud_router(model, model_create, model_read, model_update):
        return await items

    @router.put("/{id}", response_description="{} record updated".format(model.__name__))
-    async def update(id: PydanticObjectId, req: model_update) -> model_read:
+    async def update(id: PydanticObjectId, req: model_update, user=Depends(get_current_user)) -> model_read:
        req = {k: v for k, v in req.dict().items() if v is not None}
        update_query = {"$set": {
            field: value for field, value in req.items()
@@ -92,7 +95,7 @@ def get_crud_router(model, model_create, model_read, model_update):
        return model_read(**item.dict())

    @router.delete("/{id}", response_description="{} record deleted from the database".format(model.__name__))
-    async def delete(id: PydanticObjectId) -> dict:
+    async def delete(id: PydanticObjectId, user=Depends(get_current_superuser)) -> dict:
        item = await model.get(id)

        if not item:
--- a/back/app/user/init.py
+++ b/back/app/user/init.py
@@ -1,3 +1,3 @@
-from .routes import router as user_router, get_auth_router
-
+from .routes import router as user_router
+from .manager import get_auth_router
 from .models import User, AccessToken
--- a/back/app/user/manager.py
+++ b/back/app/user/manager.py
@@ -107,6 +107,7 @@ fastapi_users = FastAPIUsers[User, uuid.UUID](
 )

 get_current_user = fastapi_users.current_user(active=True)
+get_current_superuser = fastapi_users.current_user(active=True, superuser=True)


 def get_auth_router():
--- a/back/app/user/routes.py
+++ b/back/app/user/routes.py
@@ -7,15 +7,15 @@ from typing import List

 from .models import User
 from .schemas import UserRead, UserUpdate, UserCreate
-from .manager import get_user_manager, get_current_user, get_auth_router
+from .manager import get_user_manager, get_current_user, get_current_superuser


 router = APIRouter()


@router.post("/", response_description="User added to the database")
-async def create(user: UserCreate, user_manager=Depends(get_user_manager)) -> dict:
-    await user_manager.create(user, safe=True)
+async def create(user_form: UserCreate, user_manager=Depends(get_user_manager), user=Depends(get_current_superuser)) -> dict:
+    await user_manager.create(user_form, safe=True)
    return {"message": "User added successfully"}


@@ -26,22 +26,22 @@ async def read_me(user=Depends(get_current_user)) -> UserRead:


@router.get("/{id}", response_description="User record retrieved")
-async def read_id(id: PydanticObjectId) -> UserRead:
+async def read_id(id: PydanticObjectId, user=Depends(get_current_superuser)) -> UserRead:
    user = await User.get(id)
    return UserRead(**user.dict())


@router.get("/", response_model=List[UserRead], response_description="User records retrieved")
-async def read_list() -> List[UserRead]:
+async def read_list(user=Depends(get_current_superuser)) -> List[UserRead]:
    users = await User.find_all().to_list()
    return users


@router.put("/{id}", response_description="User record updated")
-async def update(id: PydanticObjectId, req: UserUpdate) -> UserRead:
-    req = {k: v for k, v in req.dict().items() if v is not None}
+async def update(id: PydanticObjectId, user_form: UserUpdate, user=Depends(get_current_superuser)) -> UserRead:
+    user_form = {k: v for k, v in user_form.dict().items() if v is not None}
    update_query = {"$set": {
-        field: value for field, value in req.items()
+        field: value for field, value in user_form.items()
    }}

    user = await User.get(id)
@@ -56,7 +56,7 @@ async def update(id: PydanticObjectId, req: UserUpdate) -> UserRead:


@router.delete("/{id}", response_description="User record deleted from the database")
-async def delete(id: PydanticObjectId) -> dict:
+async def delete(id: PydanticObjectId, user=Depends(get_current_superuser)) -> dict:
    record = await User.get(id)

    if not record: