sr2/cloud-api
6
0
Fork 1
Code Issues 8 Pull requests 2 Projects Releases Packages Wiki Activity Actions
cloud-api/src/auth/dependencies.py
luxferre 42349b0182 docs: auth docstrings 
Issue: #13
2026-05-28 11:22:47 +01:00

71 lines
2.2 KiB
Python
Raw Blame History

"""
Auth dependencies
Exports:
- org_query_user_claims_dependency: bool: Verifies user belongs to org
- org_model_root_claim_query_dependency: org_model: verifies org exists and user is either root or su, gets org from query
- org_model_root_claim_body_dependency: org_model: verifies org exists and user is either root or su, gets org from body
- super_admin_dependency: user_model: verifies the user is a super admin
"""
from typing import Annotated
from fastapi import Depends
from src.user.dependencies import user_model_claims_dependency
from src.user.models import User
from src.organisation.dependencies import org_model_query_dependency, org_model_body_dependency
from src.organisation.models import Organisation as Org
from src.auth.exceptions import UnauthorizedException
def is_super_admin(user_model) -> bool:
super_admin_emails = ["chris@sr2.uk"]
if user_model.email not in super_admin_emails:
raise UnauthorizedException()
return True
async def org_query_user_claims(org_model: org_model_query_dependency, user_model: user_model_claims_dependency):
if user_model in org_model.user_rel:
return True
raise UnauthorizedException()
org_query_user_claims_dependency = Annotated[bool, Depends(org_query_user_claims)]
async def org_query_root_claims(user_model: user_model_claims_dependency, org_model: org_model_query_dependency):
if org_model.root_user_id == user_model.id:
return org_model
if is_super_admin(user_model):
return org_model
raise UnauthorizedException()
org_model_root_claim_query_dependency = Annotated[type[Org], Depends(org_query_root_claims)]
async def org_body_root_claims(user_model: user_model_claims_dependency, org_model: org_model_body_dependency):
if org_model.root_user_id == user_model.id:
return org_model
if is_super_admin(user_model):
return org_model
raise UnauthorizedException()
org_model_root_claim_body_dependency = Annotated[type[Org], Depends(org_body_root_claims)]
async def user_model_super_admin(user_model: user_model_claims_dependency):
if is_super_admin(user_model):
return user_model
raise UnauthorizedException()
super_admin_dependency = Annotated[type[User], Depends(user_model_super_admin)]
Reference in a new issue View git blame Copy permalink