feat: improved caor request model
All checks were successful
ci / lint_and_test (push) Successful in 14s
All checks were successful
ci / lint_and_test (push) Successful in 14s
Issue: #23
This commit is contained in:
parent
768a3881ef
commit
939abaefe9
4 changed files with 44 additions and 17 deletions
|
|
@ -24,7 +24,6 @@ from src.organisation.exceptions import OrgNotFoundException
|
|||
from src.service.exceptions import ServiceNotFoundException
|
||||
from src.exceptions import ConflictException
|
||||
from src.database import db_dependency
|
||||
from src.schemas import ResourceName
|
||||
from src.auth.exceptions import UnauthorizedException
|
||||
from src.auth.service import claims_dependency
|
||||
from src.auth.dependencies import (
|
||||
|
|
@ -55,10 +54,11 @@ from src.iam.dependencies import (
|
|||
perm_model_query_dependency,
|
||||
)
|
||||
from src.iam.schemas import (
|
||||
GroupSchema,
|
||||
IAMCAoRRequest,
|
||||
IAMGetGroupPermissionsResponse,
|
||||
IAMGetGroupUsersResponse,
|
||||
IAMPostGroupRequest,
|
||||
GroupSchema,
|
||||
IAMPostGroupResponse,
|
||||
IAMPutGroupPermissionRequest,
|
||||
IAMPutGroupPermissionResponse,
|
||||
|
|
@ -87,10 +87,11 @@ async def can_act_on_resource(
|
|||
valid_key: service_key_dependency,
|
||||
db: db_dependency,
|
||||
user_claims: claims_dependency,
|
||||
rn: ResourceName,
|
||||
action: str,
|
||||
request_model: IAMCAoRRequest,
|
||||
) -> bool:
|
||||
try:
|
||||
rn = request_model.rn
|
||||
action = request_model.action
|
||||
user_id = user_claims["db_id"]
|
||||
rn_org = rn.organisation
|
||||
rn_service = rn.service
|
||||
|
|
|
|||
|
|
@ -12,6 +12,7 @@ from pydantic import EmailStr, ConfigDict, Field
|
|||
|
||||
from src.schemas import (
|
||||
CustomBaseModel,
|
||||
ResourceName,
|
||||
ServiceIDMixin,
|
||||
OrgIDMixin,
|
||||
UserIDMixin,
|
||||
|
|
@ -43,6 +44,11 @@ class GroupSchema(CustomBaseModel):
|
|||
name: str
|
||||
|
||||
|
||||
class IAMCAoRRequest(CustomBaseModel):
|
||||
action: str
|
||||
rn: ResourceName
|
||||
|
||||
|
||||
class IAMGetGroupPermissionsResponse(CustomBaseModel):
|
||||
permissions: list[PermissionSchema]
|
||||
|
||||
|
|
|
|||
|
|
@ -8,9 +8,9 @@ Exports:
|
|||
from typing import Annotated
|
||||
from datetime import datetime, timedelta, timezone
|
||||
|
||||
from src.iam.schemas import IAMCAoRRequest
|
||||
from src.service.models import Service
|
||||
from src.database import db_dependency
|
||||
from src.schemas import ResourceName
|
||||
from src.auth.exceptions import UnauthorizedException
|
||||
from src.utils import send_email, generate_jwt
|
||||
|
||||
|
|
@ -18,7 +18,10 @@ from src.utils import send_email, generate_jwt
|
|||
from fastapi import Request, Depends
|
||||
|
||||
|
||||
def valid_service_key(db: db_dependency, request: Request, rn: ResourceName) -> bool:
|
||||
def valid_service_key(
|
||||
db: db_dependency, request: Request, request_model: IAMCAoRRequest
|
||||
) -> bool:
|
||||
rn = request_model.rn
|
||||
api_key = request.headers.get("X-API-Key", None)
|
||||
if not api_key:
|
||||
raise UnauthorizedException("Missing API key")
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue