feat: root user dependencies also allow super admins

2026-05-28 10:56:08 +01:00 · 2026-05-28 10:56:08 +01:00 · 88a64d2047
commit 88a64d2047
parent 9efd86cd5f
1 changed files with 19 additions and 6 deletions
--- a/src/auth/dependencies.py
+++ b/src/auth/dependencies.py
@ -19,6 +19,13 @@ from src.organisation.models import Organisation as Org
 from src.auth.exceptions import UnauthorizedException
 def is_super_admin(user_model) -> bool:
 	super_admin_emails = ["chris@sr2.uk"]
 	if user_model.email not in super_admin_emails:
 		raise UnauthorizedException()
 	return True
 async def org_query_user_claims(org_model: org_model_query_dependency, user_model: user_model_claims_dependency):
 	if user_model in org_model.user_rel:
 		return True
@ -33,6 +40,9 @@ async def org_query_root_claims(user_model: user_model_claims_dependency, org_mo
 	if org_model.root_user_id == user_model.id:
 		return org_model
 	if is_super_admin(user_model):
 		return org_model
 	raise UnauthorizedException()
@ -43,17 +53,20 @@ async def org_body_root_claims(user_model: user_model_claims_dependency, org_mod
 	if org_model.root_user_id == user_model.id:
 		return org_model
 	if is_super_admin(user_model):
 		return org_model
 	raise UnauthorizedException()
 org_model_root_claim_body_dependency = Annotated[type[Org], Depends(org_body_root_claims)]
-async def is_super_admin(user_model: user_model_claims_dependency):
+async def user_model_super_admin(user_model: user_model_claims_dependency):
-	super_admin_emails = []
+	if is_super_admin(user_model):
-	if user_model.email not in super_admin_emails:
+		return user_model
-		raise UnauthorizedException()
+
-	return True
+	raise UnauthorizedException()
-super_admin_dependency = Annotated[bool, Depends(is_super_admin)]
+super_admin_dependency = Annotated[bool, Depends(user_model_super_admin)]