From 66c2a71c8a2250ff0fcf19e18b3bca839b363dec Mon Sep 17 00:00:00 2001 From: luxferre Date: Wed, 27 May 2026 15:42:53 +0100 Subject: [PATCH] feat: auth requirements to org endpoints --- src/organisation/router.py | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/src/organisation/router.py b/src/organisation/router.py index f198bdc..3fda26e 100644 --- a/src/organisation/router.py +++ b/src/organisation/router.py @@ -18,13 +18,14 @@ from fastapi import APIRouter, status from fastapi.params import Query from src.exceptions import UnprocessableContent +from src.contact.models import Contact from src.contact.schemas import ContactAddress from src.contact.exceptions import ContactNotFoundException from src.database import db_dependency -from src.contact.models import Contact from src.user.models import User from src.user.exceptions import UserNotFoundException from src.auth.service import claims_dependency +from src.auth.dependencies import super_admin_dependency, org_model_root_claim_query_dependency, org_model_root_claim_body_dependency from src.organisation.dependencies import org_model_query_dependency, org_model_body_dependency from src.organisation.constants import ContactType @@ -41,7 +42,7 @@ router = APIRouter( @router.get("/id", response_model=OrgOrgGetResponse) -async def get_org_by_id(org_model: org_model_query_dependency): +async def get_org_by_id(org_model: org_model_root_claim_query_dependency): response = { "name": org_model.name, "status": org_model.status, @@ -83,7 +84,7 @@ async def create_org(db: db_dependency, user: claims_dependency, request_model: @router.patch("/questionnaire") -async def update_questionnaire(db: db_dependency, org_model: org_model_body_dependency, request_model: OrgQuestionnairePatchRequest): +async def update_questionnaire(db: db_dependency, org_model: org_model_root_claim_query_dependency, request_model: OrgQuestionnairePatchRequest): """ Route for updating questionnaire. The partial bool allows for submission of partially completed questionnaire and/or @@ -99,19 +100,19 @@ async def update_questionnaire(db: db_dependency, org_model: org_model_body_depe @router.patch("/status") -async def update_status(db: db_dependency, org_model: org_model_body_dependency, request_model: OrgStatusPatchRequest): +async def update_status(db: db_dependency, org_model: org_model_body_dependency, su: super_admin_dependency, request_model: OrgStatusPatchRequest): org_model.status = request_model.status db.commit() @router.get("/users", response_model=OrgUserGetResponse) -async def get_users(org_model: org_model_query_dependency): +async def get_users(org_model: org_model_root_claim_query_dependency): return {"users": [user.email for user in org_model.user_rel]} @router.post("/users") -async def add_user_to_org(db: db_dependency, org_model: org_model_body_dependency, request_model: OrgUserPostRequest): +async def add_user_to_org(db: db_dependency, org_model: org_model_root_claim_body_dependency, request_model: OrgUserPostRequest): # TODO: user_model_body_dependency user_model = db.get(User, request_model.user_id) if user_model in org_model.user_rel: @@ -121,13 +122,13 @@ async def add_user_to_org(db: db_dependency, org_model: org_model_body_dependenc @router.delete("/", status_code=status.HTTP_204_NO_CONTENT) -async def delete_organisation_by_id(db: db_dependency, org_model: org_model_body_dependency, request_model: OrgDeleteOrgRequest): +async def delete_organisation_by_id(db: db_dependency, org_model: org_model_body_dependency, su: super_admin_dependency, request_model: OrgDeleteOrgRequest): db.delete(org_model) db.commit() @router.patch("/root_user", status_code=status.HTTP_204_NO_CONTENT) -async def update_root_user(db: db_dependency, org_model: org_model_body_dependency, request_model: OrgRootPatchRequest): +async def update_root_user(db: db_dependency, org_model: org_model_body_dependency, su: super_admin_dependency, request_model: OrgRootPatchRequest): # TODO: user_model_body_dependency root_user_model = db.get(User, request_model.user_id) if root_user_model is None: @@ -138,12 +139,12 @@ async def update_root_user(db: db_dependency, org_model: org_model_body_dependen @router.get("/groups", response_model=OrgGroupGetResponse) -async def get_org_groups(org_model: org_model_query_dependency): +async def get_org_groups(org_model: org_model_root_claim_query_dependency): return {"groups": [group.name for group in org_model.group_rel]} @router.delete("/user", status_code=status.HTTP_204_NO_CONTENT) -async def remove_user_from_org(db: db_dependency, org_model: org_model_body_dependency, request_model: OrgUserDeleteRequest): +async def remove_user_from_org(db: db_dependency, org_model: org_model_root_claim_query_dependency, request_model: OrgUserDeleteRequest): # TODO: user_model_body_dependency user_id = request_model.user_id user = db.get(User, user_id) @@ -159,7 +160,7 @@ async def remove_user_from_org(db: db_dependency, org_model: org_model_body_depe @router.get("/contact", response_model=OrgContactGetResponse) -async def get_contact(org_model: org_model_query_dependency, contact_type: Annotated[ContactType, Query()]): +async def get_contact(org_model: org_model_root_claim_query_dependency, contact_type: Annotated[ContactType, Query()]): match contact_type: case "billing": contact_model = org_model.billing_contact_rel @@ -180,7 +181,7 @@ async def get_contact(org_model: org_model_query_dependency, contact_type: Annot @router.patch("/contact", response_model=OrgContactGetResponse) -async def update_contact(db: db_dependency, org_model: org_model_body_dependency, request_model: OrgContactPatchRequest): +async def update_contact(db: db_dependency, org_model: org_model_root_claim_body_dependency, request_model: OrgContactPatchRequest): match request_model.contact_type: case "billing": contact_model = org_model.billing_contact_rel