feat: auth requirements to org endpoints

src/organisation/router.py

@@ -18,13 +18,14 @@ from fastapi import APIRouter, status
 from fastapi.params import Query
 
 from src.exceptions import UnprocessableContent
+from src.contact.models import Contact
 from src.contact.schemas import ContactAddress
 from src.contact.exceptions import ContactNotFoundException
 from src.database import db_dependency
-from src.contact.models import Contact
 from src.user.models import User
 from src.user.exceptions import UserNotFoundException
 from src.auth.service import claims_dependency
+from src.auth.dependencies import super_admin_dependency, org_model_root_claim_query_dependency, org_model_root_claim_body_dependency
 
 from src.organisation.dependencies import org_model_query_dependency, org_model_body_dependency
 from src.organisation.constants import ContactType
@@ -41,7 +42,7 @@ router = APIRouter(
 
 
 @router.get("/id", response_model=OrgOrgGetResponse)
-async def get_org_by_id(org_model: org_model_query_dependency):
+async def get_org_by_id(org_model: org_model_root_claim_query_dependency):
 	response = {
 		"name": org_model.name,
 		"status": org_model.status,
@@ -83,7 +84,7 @@ async def create_org(db: db_dependency, user: claims_dependency, request_model:
 
 
 @router.patch("/questionnaire")
-async def update_questionnaire(db: db_dependency, org_model: org_model_body_dependency, request_model: OrgQuestionnairePatchRequest):
+async def update_questionnaire(db: db_dependency, org_model: org_model_root_claim_query_dependency, request_model: OrgQuestionnairePatchRequest):
 	"""
 	Route for updating questionnaire.
 	The partial bool allows for submission of partially completed questionnaire and/or
@@ -99,19 +100,19 @@ async def update_questionnaire(db: db_dependency, org_model: org_model_body_depe
 
 
 @router.patch("/status")
-async def update_status(db: db_dependency, org_model: org_model_body_dependency, request_model: OrgStatusPatchRequest):
+async def update_status(db: db_dependency, org_model: org_model_body_dependency, su: super_admin_dependency, request_model: OrgStatusPatchRequest):
 	org_model.status = request_model.status
 
 	db.commit()
 
 
 @router.get("/users", response_model=OrgUserGetResponse)
-async def get_users(org_model: org_model_query_dependency):
+async def get_users(org_model: org_model_root_claim_query_dependency):
 		return {"users": [user.email for user in org_model.user_rel]}
 
 
 @router.post("/users")
-async def add_user_to_org(db: db_dependency, org_model: org_model_body_dependency, request_model: OrgUserPostRequest):
+async def add_user_to_org(db: db_dependency, org_model: org_model_root_claim_body_dependency, request_model: OrgUserPostRequest):
 	# TODO: user_model_body_dependency
 	user_model = db.get(User, request_model.user_id)
 	if user_model in org_model.user_rel:
@@ -121,13 +122,13 @@ async def add_user_to_org(db: db_dependency, org_model: org_model_body_dependenc
 
 
 @router.delete("/", status_code=status.HTTP_204_NO_CONTENT)
-async def delete_organisation_by_id(db: db_dependency, org_model: org_model_body_dependency, request_model: OrgDeleteOrgRequest):
+async def delete_organisation_by_id(db: db_dependency, org_model: org_model_body_dependency, su: super_admin_dependency, request_model: OrgDeleteOrgRequest):
 	db.delete(org_model)
 	db.commit()
 
 
 @router.patch("/root_user", status_code=status.HTTP_204_NO_CONTENT)
-async def update_root_user(db: db_dependency, org_model: org_model_body_dependency, request_model: OrgRootPatchRequest):
+async def update_root_user(db: db_dependency, org_model: org_model_body_dependency, su: super_admin_dependency, request_model: OrgRootPatchRequest):
 	# TODO: user_model_body_dependency
 	root_user_model = db.get(User, request_model.user_id)
 	if root_user_model is None:
@@ -138,12 +139,12 @@ async def update_root_user(db: db_dependency, org_model: org_model_body_dependen
 
 
 @router.get("/groups", response_model=OrgGroupGetResponse)
-async def get_org_groups(org_model: org_model_query_dependency):
+async def get_org_groups(org_model: org_model_root_claim_query_dependency):
 	return {"groups": [group.name for group in org_model.group_rel]}
 
 
 @router.delete("/user", status_code=status.HTTP_204_NO_CONTENT)
-async def remove_user_from_org(db: db_dependency, org_model: org_model_body_dependency, request_model: OrgUserDeleteRequest):
+async def remove_user_from_org(db: db_dependency, org_model: org_model_root_claim_query_dependency, request_model: OrgUserDeleteRequest):
 	# TODO: user_model_body_dependency
 	user_id = request_model.user_id
 	user = db.get(User, user_id)
@@ -159,7 +160,7 @@ async def remove_user_from_org(db: db_dependency, org_model: org_model_body_depe
 
 
 @router.get("/contact", response_model=OrgContactGetResponse)
-async def get_contact(org_model: org_model_query_dependency, contact_type: Annotated[ContactType, Query()]):
+async def get_contact(org_model: org_model_root_claim_query_dependency, contact_type: Annotated[ContactType, Query()]):
 	match contact_type:
 		case "billing":
 			contact_model = org_model.billing_contact_rel
@@ -180,7 +181,7 @@ async def get_contact(org_model: org_model_query_dependency, contact_type: Annot
 
 
 @router.patch("/contact", response_model=OrgContactGetResponse)
-async def update_contact(db: db_dependency, org_model: org_model_body_dependency, request_model: OrgContactPatchRequest):
+async def update_contact(db: db_dependency, org_model: org_model_root_claim_body_dependency, request_model: OrgContactPatchRequest):
 	match request_model.contact_type:
 		case "billing":
 			contact_model = org_model.billing_contact_rel