From 7d109f0f738a81b74417c8b83a5232b595c0f0e3 Mon Sep 17 00:00:00 2001 From: luxferre Date: Tue, 2 Jun 2026 12:22:36 +0100 Subject: [PATCH 1/9] fix: inverted conditional in get group users --- src/iam/router.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/iam/router.py b/src/iam/router.py index f2f6a34..ee31a4e 100644 --- a/src/iam/router.py +++ b/src/iam/router.py @@ -86,7 +86,7 @@ async def get_group_permissions(group_model: group_model_query_dependency, org_m @router.get("/group/users", response_model=IAMGetGroupUsersResponse) async def get_group_users(group_model: group_model_query_dependency, org_model: org_model_root_claim_query_dependency): - if group_model.org_id == org_model.id: + if group_model.org_id != org_model.id: raise UnauthorizedException() return {"users": group_model.user_rel} From e4559b8ee4b96198266568355e223a1a60f11ca8 Mon Sep 17 00:00:00 2001 From: luxferre Date: Tue, 2 Jun 2026 13:34:05 +0100 Subject: [PATCH 2/9] minor: >0 check on org ids in bodies --- src/organisation/schemas.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/organisation/schemas.py b/src/organisation/schemas.py index 3620e38..c34ef16 100644 --- a/src/organisation/schemas.py +++ b/src/organisation/schemas.py @@ -8,7 +8,7 @@ Models follow the nomenclature of: """ from typing import Optional -from pydantic import EmailStr, ConfigDict +from pydantic import EmailStr, ConfigDict, Field from src.schemas import CustomBaseModel from src.contact.schemas import ContactModel @@ -23,7 +23,7 @@ class Questionnaire(CustomBaseModel): question_three: Optional[str] = None class OrgIDMixin(CustomBaseModel): - organisation_id: int + organisation_id: int = Field(gt=0) class OrgPostOrgRequest(CustomBaseModel): From 3ea782d68fed41bfd5bd2d4e1dedd5cc1f25674a Mon Sep 17 00:00:00 2001 From: luxferre Date: Tue, 2 Jun 2026 13:37:42 +0100 Subject: [PATCH 3/9] minor: min length on group name post --- src/iam/schemas.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/iam/schemas.py b/src/iam/schemas.py index 3f34390..d30ea4b 100644 --- a/src/iam/schemas.py +++ b/src/iam/schemas.py @@ -8,7 +8,7 @@ Models follow the nomenclature of: """ from typing import Optional -from pydantic import EmailStr, ConfigDict +from pydantic import EmailStr, ConfigDict, Field from src.organisation.schemas import OrgIDMixin from src.schemas import CustomBaseModel @@ -45,7 +45,7 @@ class IAMGetGroupUsersResponse(CustomBaseModel): users : list[UserSchema] class IAMPostGroupRequest(OrgIDMixin): - name: str + name: str = Field(min_length=3) class IAMPostGroupResponse(CustomBaseModel): group: GroupSchema From 5104257a50f59d04fb73f53a7a445a06331afc81 Mon Sep 17 00:00:00 2001 From: luxferre Date: Tue, 2 Jun 2026 13:50:13 +0100 Subject: [PATCH 4/9] fix: missing org id in req body --- src/iam/schemas.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/iam/schemas.py b/src/iam/schemas.py index d30ea4b..3fcd448 100644 --- a/src/iam/schemas.py +++ b/src/iam/schemas.py @@ -50,7 +50,7 @@ class IAMPostGroupRequest(OrgIDMixin): class IAMPostGroupResponse(CustomBaseModel): group: GroupSchema -class IAMPutGroupPermissionRequest(GroupIDMixin, PermIDMixin): +class IAMPutGroupPermissionRequest(GroupIDMixin, PermIDMixin, OrgIDMixin): pass class IAMPutGroupPermissionResponse(CustomBaseModel): From c6542f48c14a2fa5bf3285976dc08780804989c5 Mon Sep 17 00:00:00 2001 From: luxferre Date: Tue, 2 Jun 2026 13:52:52 +0100 Subject: [PATCH 5/9] fix: multiple inverted conditionals --- src/iam/router.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/iam/router.py b/src/iam/router.py index ee31a4e..1cf904c 100644 --- a/src/iam/router.py +++ b/src/iam/router.py @@ -108,7 +108,7 @@ async def create_group(db: db_dependency, org_model: org_model_root_claim_body_d @router.put("/group/permission", response_model=IAMPutGroupPermissionResponse) async def add_group_permission(db: db_dependency, group_model: group_model_body_dependency, perm_model: perm_model_body_dependency, org_model: org_model_root_claim_body_dependency, request_model: IAMPutGroupPermissionRequest): - if group_model.org_id == org_model.id: + if group_model.org_id != org_model.id: raise UnauthorizedException() if perm_model in group_model.permission_rel: @@ -124,7 +124,7 @@ async def add_group_permission(db: db_dependency, group_model: group_model_body_ @router.put("/group/user") async def add_group_user(db: db_dependency, group_model: group_model_body_dependency, user_model: user_model_body_dependency, org_model: org_model_root_claim_body_dependency, request_model: IAMPutGroupUserRequest): - if group_model.org_id == org_model.id: + if group_model.org_id != org_model.id: raise UnauthorizedException() if user_model in group_model.user_rel: @@ -139,7 +139,7 @@ async def add_group_user(db: db_dependency, group_model: group_model_body_depend @router.delete("/group/permissions") async def remove_group_permissions(db: db_dependency, group_model: group_model_body_dependency, perm_model: perm_model_body_dependency, org_model: org_model_root_claim_body_dependency, request_model: IAMDeleteGroupPermissionRequest): - if group_model.org_id == org_model.id: + if group_model.org_id != org_model.id: raise UnauthorizedException() group_model.permission_rel.remove(perm_model) @@ -152,7 +152,7 @@ async def remove_group_permissions(db: db_dependency, group_model: group_model_b @router.delete("/group/user") async def remove_group_user(db: db_dependency, group_model: group_model_body_dependency, user_model: user_model_body_dependency, org_model: org_model_root_claim_body_dependency, request_model: IAMDeleteGroupUserRequest): - if group_model.org_id == org_model.id: + if group_model.org_id != org_model.id: raise UnauthorizedException() user_model.group_rel.remove(group_model) From 5ec1f2272ac2604219fbf9092f0e3a6abbf3cba4 Mon Sep 17 00:00:00 2001 From: luxferre Date: Tue, 2 Jun 2026 14:18:04 +0100 Subject: [PATCH 6/9] minor: >0 perm & group id in bodies --- src/iam/schemas.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/iam/schemas.py b/src/iam/schemas.py index 3fcd448..3650dbc 100644 --- a/src/iam/schemas.py +++ b/src/iam/schemas.py @@ -33,10 +33,10 @@ class GroupSchema(CustomBaseModel): name: str class GroupIDMixin(CustomBaseModel): - group_id: int + group_id: int = Field(gt=0) class PermIDMixin(CustomBaseModel): - permission_id: int + permission_id: int = Field(gt=0) class IAMGetGroupPermissionsResponse(CustomBaseModel): permissions: list[PermissionSchema] From 2f4b7b8733f74c7044a0d6ebb60edce43636fd00 Mon Sep 17 00:00:00 2001 From: luxferre Date: Tue, 2 Jun 2026 14:21:05 +0100 Subject: [PATCH 7/9] fix: missing org id in req --- src/iam/schemas.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/iam/schemas.py b/src/iam/schemas.py index 3650dbc..67569ee 100644 --- a/src/iam/schemas.py +++ b/src/iam/schemas.py @@ -57,7 +57,7 @@ class IAMPutGroupPermissionResponse(CustomBaseModel): group: GroupSchema permissions: list[PermissionSchema] -class IAMPutGroupUserRequest(GroupIDMixin, UserIDMixin): +class IAMPutGroupUserRequest(GroupIDMixin, UserIDMixin, OrgIDMixin): pass class IAMPutGroupUserResponse(CustomBaseModel): From 3052565258714ebc621a958d1e81007647d614dd Mon Sep 17 00:00:00 2001 From: luxferre Date: Tue, 2 Jun 2026 14:37:07 +0100 Subject: [PATCH 8/9] fix: userschema config Required for Pydantic to map a SQLAlchemy model to it. --- src/iam/schemas.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/iam/schemas.py b/src/iam/schemas.py index 67569ee..ff6cbfc 100644 --- a/src/iam/schemas.py +++ b/src/iam/schemas.py @@ -16,6 +16,8 @@ from user.schemas import UserIDMixin class UserSchema(CustomBaseModel): + model_config = ConfigDict(from_attributes=True, extra="ignore") + id: int first_name: str last_name: str From 9403e9291fba2a75212d5155f11235e6e2f2c219 Mon Sep 17 00:00:00 2001 From: luxferre Date: Tue, 2 Jun 2026 14:40:24 +0100 Subject: [PATCH 9/9] minor: >0 user id in bodies --- src/user/schemas.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/user/schemas.py b/src/user/schemas.py index b688412..3578005 100644 --- a/src/user/schemas.py +++ b/src/user/schemas.py @@ -2,11 +2,13 @@ Pydantic models for the user module """ from typing import Optional +from pydantic import Field + from src.schemas import CustomBaseModel class UserIDMixin(CustomBaseModel): - user_id: int + user_id: int = Field(gt=0) class OIDCClaims(CustomBaseModel):