minor: renames and error messages
This commit is contained in:
parent
94cf6c5258
commit
c8024daa97
3 changed files with 12 additions and 11 deletions
|
|
@ -75,20 +75,20 @@ async def can_act_on_resource(valid_key: service_key_dependency, db: db_dependen
|
||||||
else:
|
else:
|
||||||
return False
|
return False
|
||||||
except Exception:
|
except Exception:
|
||||||
raise UnauthorizedException()
|
return False
|
||||||
|
|
||||||
|
|
||||||
@router.get("/group/permissions", response_model=IAMGetGroupPermissionsResponse)
|
@router.get("/group/permissions", response_model=IAMGetGroupPermissionsResponse)
|
||||||
async def get_group_permissions(group_model: group_model_query_dependency, org_model: org_model_root_claim_query_dependency):
|
async def get_group_permissions(group_model: group_model_query_dependency, org_model: org_model_root_claim_query_dependency):
|
||||||
if group_model.org_id != org_model.id:
|
if group_model.org_id != org_model.id:
|
||||||
raise UnauthorizedException()
|
raise UnauthorizedException("Group does not belong to this organization")
|
||||||
return {"permissions": group_model.permission_rel}
|
return {"permissions": group_model.permission_rel}
|
||||||
|
|
||||||
|
|
||||||
@router.get("/group/users", response_model=IAMGetGroupUsersResponse)
|
@router.get("/group/users", response_model=IAMGetGroupUsersResponse)
|
||||||
async def get_group_users(group_model: group_model_query_dependency, org_model: org_model_root_claim_query_dependency):
|
async def get_group_users(group_model: group_model_query_dependency, org_model: org_model_root_claim_query_dependency):
|
||||||
if group_model.org_id != org_model.id:
|
if group_model.org_id != org_model.id:
|
||||||
raise UnauthorizedException()
|
raise UnauthorizedException("User does not belong to this organization")
|
||||||
return {"users": group_model.user_rel}
|
return {"users": group_model.user_rel}
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -110,7 +110,7 @@ async def create_group(db: db_dependency, org_model: org_model_root_claim_body_d
|
||||||
@router.put("/group/permission", response_model=IAMPutGroupPermissionResponse)
|
@router.put("/group/permission", response_model=IAMPutGroupPermissionResponse)
|
||||||
async def add_group_permission(db: db_dependency, group_model: group_model_body_dependency, perm_model: perm_model_body_dependency, org_model: org_model_root_claim_body_dependency, request_model: IAMPutGroupPermissionRequest):
|
async def add_group_permission(db: db_dependency, group_model: group_model_body_dependency, perm_model: perm_model_body_dependency, org_model: org_model_root_claim_body_dependency, request_model: IAMPutGroupPermissionRequest):
|
||||||
if group_model.org_id != org_model.id:
|
if group_model.org_id != org_model.id:
|
||||||
raise UnauthorizedException()
|
raise UnauthorizedException("Group does not belong to this organization")
|
||||||
|
|
||||||
if perm_model in group_model.permission_rel:
|
if perm_model in group_model.permission_rel:
|
||||||
raise ConflictException("Group already has this permission")
|
raise ConflictException("Group already has this permission")
|
||||||
|
|
@ -126,7 +126,7 @@ async def add_group_permission(db: db_dependency, group_model: group_model_body_
|
||||||
@router.put("/group/user", response_model=IAMPutGroupUserResponse)
|
@router.put("/group/user", response_model=IAMPutGroupUserResponse)
|
||||||
async def add_group_user(db: db_dependency, group_model: group_model_body_dependency, user_model: user_model_body_dependency, org_model: org_model_root_claim_body_dependency, request_model: IAMPutGroupUserRequest):
|
async def add_group_user(db: db_dependency, group_model: group_model_body_dependency, user_model: user_model_body_dependency, org_model: org_model_root_claim_body_dependency, request_model: IAMPutGroupUserRequest):
|
||||||
if group_model.org_id != org_model.id:
|
if group_model.org_id != org_model.id:
|
||||||
raise UnauthorizedException()
|
raise UnauthorizedException("Group does not belong to this organization")
|
||||||
|
|
||||||
if user_model in group_model.user_rel:
|
if user_model in group_model.user_rel:
|
||||||
raise ConflictException("User already in group")
|
raise ConflictException("User already in group")
|
||||||
|
|
@ -141,7 +141,7 @@ async def add_group_user(db: db_dependency, group_model: group_model_body_depend
|
||||||
@router.delete("/group/permissions")
|
@router.delete("/group/permissions")
|
||||||
async def remove_group_permissions(db: db_dependency, group_model: group_model_body_dependency, perm_model: perm_model_body_dependency, org_model: org_model_root_claim_body_dependency, request_model: IAMDeleteGroupPermissionRequest):
|
async def remove_group_permissions(db: db_dependency, group_model: group_model_body_dependency, perm_model: perm_model_body_dependency, org_model: org_model_root_claim_body_dependency, request_model: IAMDeleteGroupPermissionRequest):
|
||||||
if group_model.org_id != org_model.id:
|
if group_model.org_id != org_model.id:
|
||||||
raise UnauthorizedException()
|
raise UnauthorizedException("Group does not belong to this organization")
|
||||||
|
|
||||||
group_model.permission_rel.remove(perm_model)
|
group_model.permission_rel.remove(perm_model)
|
||||||
db.flush()
|
db.flush()
|
||||||
|
|
@ -154,7 +154,7 @@ async def remove_group_permissions(db: db_dependency, group_model: group_model_b
|
||||||
@router.delete("/group/user")
|
@router.delete("/group/user")
|
||||||
async def remove_group_user(db: db_dependency, group_model: group_model_body_dependency, user_model: user_model_body_dependency, org_model: org_model_root_claim_body_dependency, request_model: IAMDeleteGroupUserRequest):
|
async def remove_group_user(db: db_dependency, group_model: group_model_body_dependency, user_model: user_model_body_dependency, org_model: org_model_root_claim_body_dependency, request_model: IAMDeleteGroupUserRequest):
|
||||||
if group_model.org_id != org_model.id:
|
if group_model.org_id != org_model.id:
|
||||||
raise UnauthorizedException()
|
raise UnauthorizedException("Group does not belong to this organization")
|
||||||
|
|
||||||
user_model.group_rel.remove(group_model)
|
user_model.group_rel.remove(group_model)
|
||||||
db.flush()
|
db.flush()
|
||||||
|
|
|
||||||
|
|
@ -9,6 +9,7 @@ from typing import Annotated
|
||||||
from src.service.models import Service
|
from src.service.models import Service
|
||||||
from src.database import db_dependency
|
from src.database import db_dependency
|
||||||
from src.schemas import ResourceName
|
from src.schemas import ResourceName
|
||||||
|
from src.auth.exceptions import UnauthorizedException
|
||||||
|
|
||||||
from fastapi import HTTPException, status, Request, Depends
|
from fastapi import HTTPException, status, Request, Depends
|
||||||
|
|
||||||
|
|
@ -16,11 +17,11 @@ from fastapi import HTTPException, status, Request, Depends
|
||||||
def valid_service_key(db: db_dependency, request: Request, rn: ResourceName) -> bool:
|
def valid_service_key(db: db_dependency, request: Request, rn: ResourceName) -> bool:
|
||||||
api_key = request.headers.get("X-API-Key", None)
|
api_key = request.headers.get("X-API-Key", None)
|
||||||
if not api_key:
|
if not api_key:
|
||||||
raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED)
|
raise UnauthorizedException("Missing API key")
|
||||||
service = rn.service
|
service = rn.service
|
||||||
result = db.query(Service).filter(Service.name == service).filter(Service.api_key == api_key).first()
|
result = db.query(Service).filter(Service.name == service).filter(Service.api_key == api_key).first()
|
||||||
if result is None:
|
if result is None:
|
||||||
raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED)
|
raise UnauthorizedException("Invalid API key")
|
||||||
|
|
||||||
return True
|
return True
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -8,7 +8,7 @@ from .conftest import no_user_client
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.anyio
|
@pytest.mark.anyio
|
||||||
async def test_get_self_db(no_user_client: AsyncClient):
|
async def test_get_self_db_auth_user(no_user_client: AsyncClient):
|
||||||
resp = await no_user_client.get("/user/self/db")
|
resp = await no_user_client.get("/user/self/db")
|
||||||
assert resp.status_code != 422
|
assert resp.status_code != 422
|
||||||
assert resp.status_code == 401
|
assert resp.status_code == 401
|
||||||
|
|
@ -16,7 +16,7 @@ async def test_get_self_db(no_user_client: AsyncClient):
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.anyio
|
@pytest.mark.anyio
|
||||||
async def test_post_org_success(no_user_client: AsyncClient):
|
async def test_post_org_success_auth_user(no_user_client: AsyncClient):
|
||||||
resp = await no_user_client.post("/org", json={"name": "New Test Org"})
|
resp = await no_user_client.post("/org", json={"name": "New Test Org"})
|
||||||
assert resp.status_code != 422
|
assert resp.status_code != 422
|
||||||
assert resp.status_code == 401
|
assert resp.status_code == 401
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue