diff --git a/src/auth/service.py b/src/auth/service.py index 120e1c8..78abc8e 100644 --- a/src/auth/service.py +++ b/src/auth/service.py @@ -240,8 +240,15 @@ def notify_admin_on_rate_limit_sync( log.error(f"Error notifying admin: {str(e)}") return {"status": False, "message": str(e), "data": payload} - +async def admin_required(request: Request): + user = await get_current_user(request) + if user.role != "Admin" or user.role != "Superadmin": + raise HTTPException( + status_code=403, detail="Invalid authorization code." + ) + return user +Admin = Annotated[UserBase, Depends(admin_required)] CurrentUser = Annotated[UserBase, Depends(get_current_user)] Token = Annotated[str, Depends(get_token)] InternalKey = Annotated[str, Depends(internal_key)] \ No newline at end of file diff --git a/src/overhaul_gantt/router.py b/src/overhaul_gantt/router.py index 08e704e..3fa2999 100644 --- a/src/overhaul_gantt/router.py +++ b/src/overhaul_gantt/router.py @@ -67,7 +67,7 @@ async def get_gantt_spreadsheet(db_session: DbSession): @router.post( "/spreadsheet", response_model=StandardResponse[dict], dependencies=[Depends(csrf_protect)] ) -async def update_gantt_spreadsheet(db_session: DbSession, spreadsheet_in: OverhaulGanttIn): +async def update_gantt_spreadsheet(db_session: DbSession, spreadsheet_in: OverhaulGanttIn, admin: Admin): """Get all scope pagination.""" # return