feat: org status check moved

Accessing endpoints as super admin no longer requires the org to be approved.
2026-06-12 14:50:32 +01:00 · 2026-06-12 14:50:32 +01:00 · 092e12a892
commit 092e12a892
parent a655eaf543
4 changed files with 94 additions and 115 deletions
--- a/src/auth/dependencies.py
+++ b/src/auth/dependencies.py
@ -9,8 +9,9 @@ Exports:
 """

 from typing import Annotated
-from fastapi import Depends
+from fastapi import Depends, Request

+from src.auth.service import org_status_check
 from src.exceptions import ForbiddenException
 from src.user.dependencies import user_model_claims_dependency
 from src.user.models import User
@ -37,16 +38,19 @@ async def org_query_root_claims(
 	user_model: user_model_claims_dependency,
 	org_model: org_model_query_dependency,
 	su_emails: su_list_dependency,
+	request: Request,
 ):
-	if org_model.root_user_id == user_model.id:
-		return org_model
-
 	try:
 		if await user_model_super_admin(user_model, su_emails):
 			return org_model
 	except ForbiddenException:
 		pass

+	await org_status_check(org_model, request)
+
+	if org_model.root_user_id == user_model.id:
+		return org_model
+
 	raise ForbiddenException(message="Must be the org's root user")


@ -59,16 +63,19 @@ async def org_body_root_claims(
 	user_model: user_model_claims_dependency,
 	org_model: org_model_body_dependency,
 	su_emails: su_list_dependency,
+	request: Request,
 ):
-	if org_model.root_user_id == user_model.id:
-		return org_model
-
 	try:
 		if await user_model_super_admin(user_model, su_emails):
 			return org_model
 	except ForbiddenException:
 		pass

+	await org_status_check(org_model, request)
+
+	if org_model.root_user_id == user_model.id:
+		return org_model
+
 	raise ForbiddenException(message="Must be the org's root user")