forked from sr2/cloud-api
feat: more accurate status codes
403 Forbidden replacing many 401 Unauthorized usages.
This commit is contained in:
parent
b3ae655009
commit
c2e035dede
11 changed files with 81 additions and 74 deletions
|
|
@ -11,6 +11,7 @@ Exports:
|
|||
from typing import Annotated
|
||||
from fastapi import Depends
|
||||
|
||||
from src.exceptions import ForbiddenException
|
||||
from src.user.dependencies import user_model_claims_dependency
|
||||
from src.user.models import User
|
||||
from src.organisation.dependencies import (
|
||||
|
|
@ -19,8 +20,6 @@ from src.organisation.dependencies import (
|
|||
)
|
||||
from src.organisation.models import Organisation as Org
|
||||
|
||||
from src.auth.exceptions import UnauthorizedException
|
||||
|
||||
|
||||
async def org_query_user_claims(
|
||||
org_model: org_model_query_dependency, user_model: user_model_claims_dependency
|
||||
|
|
@ -28,7 +27,7 @@ async def org_query_user_claims(
|
|||
if user_model in org_model.user_rel:
|
||||
return True
|
||||
|
||||
raise UnauthorizedException()
|
||||
raise ForbiddenException()
|
||||
|
||||
|
||||
org_query_user_claims_dependency = Annotated[bool, Depends(org_query_user_claims)]
|
||||
|
|
@ -45,10 +44,10 @@ async def org_query_root_claims(
|
|||
try:
|
||||
if await user_model_super_admin(user_model, su_emails):
|
||||
return org_model
|
||||
except UnauthorizedException:
|
||||
except ForbiddenException:
|
||||
pass
|
||||
|
||||
raise UnauthorizedException(message="Must be the org's root user")
|
||||
raise ForbiddenException(message="Must be the org's root user")
|
||||
|
||||
|
||||
org_model_root_claim_query_dependency = Annotated[
|
||||
|
|
@ -67,10 +66,10 @@ async def org_body_root_claims(
|
|||
try:
|
||||
if await user_model_super_admin(user_model, su_emails):
|
||||
return org_model
|
||||
except UnauthorizedException:
|
||||
except ForbiddenException:
|
||||
pass
|
||||
|
||||
raise UnauthorizedException(message="Must be the org's root user")
|
||||
raise ForbiddenException(message="Must be the org's root user")
|
||||
|
||||
|
||||
org_model_root_claim_body_dependency = Annotated[
|
||||
|
|
@ -99,7 +98,7 @@ async def user_model_super_admin(
|
|||
if user_model.email in super_admin_emails:
|
||||
return user_model
|
||||
|
||||
raise UnauthorizedException(message="Must be super admin")
|
||||
raise ForbiddenException(message="Must be super admin")
|
||||
|
||||
|
||||
super_admin_dependency = Annotated[type[User], Depends(user_model_super_admin)]
|
||||
|
|
|
|||
|
|
@ -4,16 +4,3 @@ Module specific exceptions for the auth module
|
|||
Exceptions:
|
||||
- UnauthorizedException: Takes an optional message string
|
||||
"""
|
||||
|
||||
from typing import Optional
|
||||
|
||||
from fastapi import HTTPException, status
|
||||
|
||||
|
||||
class UnauthorizedException(HTTPException):
|
||||
def __init__(self, message: Optional[str] = None) -> None:
|
||||
detail = "Not authorized" if not message else message
|
||||
super().__init__(
|
||||
status_code=status.HTTP_401_UNAUTHORIZED,
|
||||
detail=detail,
|
||||
)
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ from urllib.request import urlopen
|
|||
from fastapi import Depends
|
||||
from fastapi.security import OpenIdConnect
|
||||
|
||||
from src.auth.exceptions import UnauthorizedException
|
||||
from src.exceptions import UnauthorizedException
|
||||
from src.auth.config import auth_settings
|
||||
from src.user.service import add_user_to_db
|
||||
from src.database import db_dependency
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue