Adding simple permission to routes
This commit is contained in:
@@ -1,10 +1,12 @@
|
||||
from beanie import PydanticObjectId
|
||||
from beanie.operators import And, RegEx, Eq
|
||||
|
||||
from fastapi import APIRouter, HTTPException
|
||||
from fastapi import APIRouter, HTTPException, Depends
|
||||
from fastapi_paginate import Page, Params, add_pagination
|
||||
from fastapi_paginate.ext.motor import paginate
|
||||
|
||||
from ..user.manager import get_current_user, get_current_superuser
|
||||
|
||||
|
||||
def parse_sort(sort_by):
|
||||
if not sort_by:
|
||||
@@ -55,18 +57,19 @@ def get_crud_router(model, model_create, model_read, model_update):
|
||||
router = APIRouter()
|
||||
|
||||
@router.post("/", response_description="{} added to the database".format(model.__name__))
|
||||
async def create(item: model_create) -> dict:
|
||||
async def create(item: model_create, user=Depends(get_current_user)) -> dict:
|
||||
await item.validate_foreign_key()
|
||||
o = await model(**item.dict()).create()
|
||||
return {"message": "{} added successfully".format(model.__name__), "id": o.id}
|
||||
|
||||
@router.get("/{id}", response_description="{} record retrieved".format(model.__name__))
|
||||
async def read_id(id: PydanticObjectId) -> model_read:
|
||||
async def read_id(id: PydanticObjectId, user=Depends(get_current_user)) -> model_read:
|
||||
item = await model.get(id)
|
||||
return model_read(**item.dict())
|
||||
|
||||
@router.get("/", response_model=Page[model_read], response_description="{} records retrieved".format(model.__name__))
|
||||
async def read_list(size: int = 50, page: int = 1, sort_by: str = None, query: str = None) -> Page[model_read]:
|
||||
async def read_list(size: int = 50, page: int = 1, sort_by: str = None, query: str = None,
|
||||
user=Depends(get_current_user)) -> Page[model_read]:
|
||||
sort = parse_sort(sort_by)
|
||||
query = parse_query(query, model_read)
|
||||
|
||||
@@ -75,7 +78,7 @@ def get_crud_router(model, model_create, model_read, model_update):
|
||||
return await items
|
||||
|
||||
@router.put("/{id}", response_description="{} record updated".format(model.__name__))
|
||||
async def update(id: PydanticObjectId, req: model_update) -> model_read:
|
||||
async def update(id: PydanticObjectId, req: model_update, user=Depends(get_current_user)) -> model_read:
|
||||
req = {k: v for k, v in req.dict().items() if v is not None}
|
||||
update_query = {"$set": {
|
||||
field: value for field, value in req.items()
|
||||
@@ -92,7 +95,7 @@ def get_crud_router(model, model_create, model_read, model_update):
|
||||
return model_read(**item.dict())
|
||||
|
||||
@router.delete("/{id}", response_description="{} record deleted from the database".format(model.__name__))
|
||||
async def delete(id: PydanticObjectId) -> dict:
|
||||
async def delete(id: PydanticObjectId, user=Depends(get_current_superuser)) -> dict:
|
||||
item = await model.get(id)
|
||||
|
||||
if not item:
|
||||
|
||||
Reference in New Issue
Block a user