From 51bb48372c757b7ecb2f475c740e4d81a3ba3624 Mon Sep 17 00:00:00 2001
From: luxferre <chris@sr2.uk>
Date: Wed, 27 May 2026 15:34:18 +0100
Subject: [PATCH] feat: auth dependency for root user with org in body

---
 src/auth/dependencies.py | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/auth/dependencies.py b/src/auth/dependencies.py
index 209179f..7c17d02 100644
--- a/src/auth/dependencies.py
+++ b/src/auth/dependencies.py
@@ -13,7 +13,7 @@ from typing import Annotated
 from fastapi import Depends
 
 from src.user.dependencies import user_model_claims_dependency
-from src.organisation.dependencies import org_model_query_dependency
+from src.organisation.dependencies import org_model_query_dependency, org_model_body_dependency
 from src.organisation.models import Organisation as Org
 
 from src.auth.exceptions import UnauthorizedException
@@ -39,6 +39,16 @@ async def org_query_root_claims(user_model: user_model_claims_dependency, org_mo
 org_model_root_claim_query_dependency = Annotated[type[Org], Depends(org_query_root_claims)]
 
 
+async def org_body_root_claims(user_model: user_model_claims_dependency, org_model: org_model_body_dependency):
+	if org_model.root_user_id == user_model.id:
+		return org_model
+
+	raise UnauthorizedException()
+
+
+org_model_root_claim_body_dependency = Annotated[type[Org], Depends(org_body_root_claims)]
+
+
 async def is_super_admin(user_model: user_model_claims_dependency):
 	super_admin_emails = []
 	if user_model.email not in super_admin_emails: