minor: renames and error messages
This commit is contained in:
parent
94cf6c5258
commit
c8024daa97
3 changed files with 12 additions and 11 deletions
|
|
@ -75,20 +75,20 @@ async def can_act_on_resource(valid_key: service_key_dependency, db: db_dependen
|
|||
else:
|
||||
return False
|
||||
except Exception:
|
||||
raise UnauthorizedException()
|
||||
return False
|
||||
|
||||
|
||||
@router.get("/group/permissions", response_model=IAMGetGroupPermissionsResponse)
|
||||
async def get_group_permissions(group_model: group_model_query_dependency, org_model: org_model_root_claim_query_dependency):
|
||||
if group_model.org_id != org_model.id:
|
||||
raise UnauthorizedException()
|
||||
raise UnauthorizedException("Group does not belong to this organization")
|
||||
return {"permissions": group_model.permission_rel}
|
||||
|
||||
|
||||
@router.get("/group/users", response_model=IAMGetGroupUsersResponse)
|
||||
async def get_group_users(group_model: group_model_query_dependency, org_model: org_model_root_claim_query_dependency):
|
||||
if group_model.org_id != org_model.id:
|
||||
raise UnauthorizedException()
|
||||
raise UnauthorizedException("User does not belong to this organization")
|
||||
return {"users": group_model.user_rel}
|
||||
|
||||
|
||||
|
|
@ -110,7 +110,7 @@ async def create_group(db: db_dependency, org_model: org_model_root_claim_body_d
|
|||
@router.put("/group/permission", response_model=IAMPutGroupPermissionResponse)
|
||||
async def add_group_permission(db: db_dependency, group_model: group_model_body_dependency, perm_model: perm_model_body_dependency, org_model: org_model_root_claim_body_dependency, request_model: IAMPutGroupPermissionRequest):
|
||||
if group_model.org_id != org_model.id:
|
||||
raise UnauthorizedException()
|
||||
raise UnauthorizedException("Group does not belong to this organization")
|
||||
|
||||
if perm_model in group_model.permission_rel:
|
||||
raise ConflictException("Group already has this permission")
|
||||
|
|
@ -126,7 +126,7 @@ async def add_group_permission(db: db_dependency, group_model: group_model_body_
|
|||
@router.put("/group/user", response_model=IAMPutGroupUserResponse)
|
||||
async def add_group_user(db: db_dependency, group_model: group_model_body_dependency, user_model: user_model_body_dependency, org_model: org_model_root_claim_body_dependency, request_model: IAMPutGroupUserRequest):
|
||||
if group_model.org_id != org_model.id:
|
||||
raise UnauthorizedException()
|
||||
raise UnauthorizedException("Group does not belong to this organization")
|
||||
|
||||
if user_model in group_model.user_rel:
|
||||
raise ConflictException("User already in group")
|
||||
|
|
@ -141,7 +141,7 @@ async def add_group_user(db: db_dependency, group_model: group_model_body_depend
|
|||
@router.delete("/group/permissions")
|
||||
async def remove_group_permissions(db: db_dependency, group_model: group_model_body_dependency, perm_model: perm_model_body_dependency, org_model: org_model_root_claim_body_dependency, request_model: IAMDeleteGroupPermissionRequest):
|
||||
if group_model.org_id != org_model.id:
|
||||
raise UnauthorizedException()
|
||||
raise UnauthorizedException("Group does not belong to this organization")
|
||||
|
||||
group_model.permission_rel.remove(perm_model)
|
||||
db.flush()
|
||||
|
|
@ -154,7 +154,7 @@ async def remove_group_permissions(db: db_dependency, group_model: group_model_b
|
|||
@router.delete("/group/user")
|
||||
async def remove_group_user(db: db_dependency, group_model: group_model_body_dependency, user_model: user_model_body_dependency, org_model: org_model_root_claim_body_dependency, request_model: IAMDeleteGroupUserRequest):
|
||||
if group_model.org_id != org_model.id:
|
||||
raise UnauthorizedException()
|
||||
raise UnauthorizedException("Group does not belong to this organization")
|
||||
|
||||
user_model.group_rel.remove(group_model)
|
||||
db.flush()
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ from typing import Annotated
|
|||
from src.service.models import Service
|
||||
from src.database import db_dependency
|
||||
from src.schemas import ResourceName
|
||||
from src.auth.exceptions import UnauthorizedException
|
||||
|
||||
from fastapi import HTTPException, status, Request, Depends
|
||||
|
||||
|
|
@ -16,11 +17,11 @@ from fastapi import HTTPException, status, Request, Depends
|
|||
def valid_service_key(db: db_dependency, request: Request, rn: ResourceName) -> bool:
|
||||
api_key = request.headers.get("X-API-Key", None)
|
||||
if not api_key:
|
||||
raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED)
|
||||
raise UnauthorizedException("Missing API key")
|
||||
service = rn.service
|
||||
result = db.query(Service).filter(Service.name == service).filter(Service.api_key == api_key).first()
|
||||
if result is None:
|
||||
raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED)
|
||||
raise UnauthorizedException("Invalid API key")
|
||||
|
||||
return True
|
||||
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ from .conftest import no_user_client
|
|||
|
||||
|
||||
@pytest.mark.anyio
|
||||
async def test_get_self_db(no_user_client: AsyncClient):
|
||||
async def test_get_self_db_auth_user(no_user_client: AsyncClient):
|
||||
resp = await no_user_client.get("/user/self/db")
|
||||
assert resp.status_code != 422
|
||||
assert resp.status_code == 401
|
||||
|
|
@ -16,7 +16,7 @@ async def test_get_self_db(no_user_client: AsyncClient):
|
|||
|
||||
|
||||
@pytest.mark.anyio
|
||||
async def test_post_org_success(no_user_client: AsyncClient):
|
||||
async def test_post_org_success_auth_user(no_user_client: AsyncClient):
|
||||
resp = await no_user_client.post("/org", json={"name": "New Test Org"})
|
||||
assert resp.status_code != 422
|
||||
assert resp.status_code == 401
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue