diff --git a/print_service/routes/file.py b/print_service/routes/file.py index 5205e0f..78e77e2 100644 --- a/print_service/routes/file.py +++ b/print_service/routes/file.py @@ -4,6 +4,7 @@ import aiofiles import aiofiles.os +from auth_lib.fastapi import UnionAuth from fastapi import APIRouter, File, UploadFile from fastapi.exceptions import HTTPException from fastapi.params import Depends @@ -63,7 +64,8 @@ class SendInput(BaseModel): description='Фамилия', example='Иванов', ) - number: str = Field( + number: str | None = Field( + default=None, description='Номер профсоюзного или студенческого билетов', example='1015000', ) @@ -96,7 +98,8 @@ class ReceiveOutput(BaseModel): # endregion - +def has_send_scope(union_auth: UnionAuth = Depends(UnionAuth(scopes=["print.file.send"], allow_none=True))): + return union_auth is not None # region handlers @router.post( @@ -107,21 +110,33 @@ class ReceiveOutput(BaseModel): }, response_model=SendOutput, ) -async def send(inp: SendInput, settings: Settings = Depends(get_settings)): +async def send(inp: SendInput, + has_send_scope: bool = Depends(has_send_scope), + settings: Settings = Depends(get_settings), +): """Получить пин код для загрузки и скачивания файла. Полученный пин-код можно использовать в методах POST и GET `/file/{pin}`. """ + if not has_send_scope and inp.number is None: + raise HTTPException(status_code=400, detail="Поле number обязательно для пользователей без скоупа print.file.send") + + user = db.session.query(UnionMember) if not settings.ALLOW_STUDENT_NUMBER: user = user.filter(UnionMember.union_number != None) - user = user.filter( - or_( - func.upper(UnionMember.student_number) == inp.number.upper(), - func.upper(UnionMember.union_number) == inp.number.upper(), - ), - func.upper(UnionMember.surname) == inp.surname.upper(), - ).one_or_none() + if inp.number is not None: + user = user.filter( + or_( + func.upper(UnionMember.student_number) == inp.number.upper(), + func.upper(UnionMember.union_number) == inp.number.upper(), + ), + func.upper(UnionMember.surname) == inp.surname.upper(), + ).one_or_none() + else: + user = user.filter( + func.upper(UnionMember.surname) == inp.surname.upper(), + ) if not user: raise NotInUnion() try: diff --git a/print_service/routes/user.py b/print_service/routes/user.py index 4096a1f..9becd3b 100644 --- a/print_service/routes/user.py +++ b/print_service/routes/user.py @@ -47,40 +47,34 @@ class UpdateUserList(BaseModel): async def check_union_member( surname: constr(strip_whitespace=True, to_upper=True, min_length=1), number: Optional[str] = constr(strip_whitespace=True, to_upper=True, min_length=1), - # scope: scope = Depends(UnionAuth(scopes=["print.file.send"], allow_none=True)), - user = Depends(UnionAuth(scopes=["print.file.send"], allow_none=True)), v: Optional[str] = __version__, ): """Проверяет наличие пользователя в списке.""" - if "print.file.send" in [scope["name"] for scope in user.get('session_scopes')]: + + surname = surname.upper() + user = db.session.query(UnionMember) + if not settings.ALLOW_STUDENT_NUMBER: + user = user.filter(UnionMember.union_number != None) + user: UnionMember = user.filter( + or_( + func.upper(UnionMember.student_number) == number, + func.upper(UnionMember.union_number) == number, + ), + func.upper(UnionMember.surname) == surname, + ).one_or_none() + + if v == '1': + return bool(user) + + if not user: + raise UserNotFound() + else: return { 'surname': user.surname, + 'number': number, + 'student_number': user.student_number, + 'union_number': user.union_number, } - else: - surname = surname.upper() - user = db.session.query(UnionMember) - if not settings.ALLOW_STUDENT_NUMBER: - user = user.filter(UnionMember.union_number != None) - user: UnionMember = user.filter( - or_( - func.upper(UnionMember.student_number) == number, - func.upper(UnionMember.union_number) == number, - ), - func.upper(UnionMember.surname) == surname, - ).one_or_none() - - if v == '1': - return bool(user) - - if not user: - raise UserNotFound() - else: - return { - 'surname': user.surname, - 'number': number, - 'student_number': user.student_number, - 'union_number': user.union_number, - } @router.post('/is_union_member')