feat: implement admin_required dependency and restrict gantt spreadsheet updates to admin users

oh_security
Cizz22 1 month ago
parent 19066475c9
commit 20ea1b580a

@ -240,8 +240,15 @@ def notify_admin_on_rate_limit_sync(
log.error(f"Error notifying admin: {str(e)}") log.error(f"Error notifying admin: {str(e)}")
return {"status": False, "message": str(e), "data": payload} return {"status": False, "message": str(e), "data": payload}
async def admin_required(request: Request):
user = await get_current_user(request)
if user.role != "Admin" or user.role != "Superadmin":
raise HTTPException(
status_code=403, detail="Invalid authorization code."
)
return user
Admin = Annotated[UserBase, Depends(admin_required)]
CurrentUser = Annotated[UserBase, Depends(get_current_user)] CurrentUser = Annotated[UserBase, Depends(get_current_user)]
Token = Annotated[str, Depends(get_token)] Token = Annotated[str, Depends(get_token)]
InternalKey = Annotated[str, Depends(internal_key)] InternalKey = Annotated[str, Depends(internal_key)]

@ -67,7 +67,7 @@ async def get_gantt_spreadsheet(db_session: DbSession):
@router.post( @router.post(
"/spreadsheet", response_model=StandardResponse[dict], dependencies=[Depends(csrf_protect)] "/spreadsheet", response_model=StandardResponse[dict], dependencies=[Depends(csrf_protect)]
) )
async def update_gantt_spreadsheet(db_session: DbSession, spreadsheet_in: OverhaulGanttIn): async def update_gantt_spreadsheet(db_session: DbSession, spreadsheet_in: OverhaulGanttIn, admin: Admin):
"""Get all scope pagination.""" """Get all scope pagination."""
# return # return

Loading…
Cancel
Save