Добавил проверку на наличие скоупа print.file.send

print_service/routes/file.py

@@ -4,6 +4,7 @@
 
 import aiofiles
 import aiofiles.os
+from auth_lib.fastapi import UnionAuth
 from fastapi import APIRouter, File, UploadFile
 from fastapi.exceptions import HTTPException
 from fastapi.params import Depends
@@ -63,7 +64,8 @@ class SendInput(BaseModel):
         description='Фамилия',
         example='Иванов',
     )
-    number: str = Field(
+    number: str | None = Field(
+        default=None,
         description='Номер профсоюзного или студенческого билетов',
         example='1015000',
     )
@@ -107,21 +109,34 @@ class ReceiveOutput(BaseModel):
     },
     response_model=SendOutput,
 )
-async def send(inp: SendInput, settings: Settings = Depends(get_settings)):
+async def send(
+    inp: SendInput,
+    _=Depends(UnionAuth(scopes=["print.file.send"]), allow_none=True),
+    settings: Settings = Depends(get_settings),
+):
     """Получить пин код для загрузки и скачивания файла.
 
     Полученный пин-код можно использовать в методах POST и GET `/file/{pin}`.
     """
+    if not has_send_scope and inp.number is None:
+        raise NotInUnion()
+
     user = db.session.query(UnionMember)
     if not settings.ALLOW_STUDENT_NUMBER:
         user = user.filter(UnionMember.union_number != None)
-    user = user.filter(
-        or_(
-            func.upper(UnionMember.student_number) == inp.number.upper(),
-            func.upper(UnionMember.union_number) == inp.number.upper(),
-        ),
-        func.upper(UnionMember.surname) == inp.surname.upper(),
-    ).one_or_none()
+
+    if inp.number is not None:
+        user = user.filter(
+            or_(
+                func.upper(UnionMember.student_number) == inp.number.upper(),
+                func.upper(UnionMember.union_number) == inp.number.upper(),
+            ),
+            func.upper(UnionMember.surname) == inp.surname.upper(),
+        ).one_or_none()
+    else:
+        if not "print.file.send" in [scope["name"] for scope in user.get('session_scopes')]:
+            raise NotInUnion()
+
     if not user:
         raise NotInUnion()
     try:

print_service/routes/user.py

@@ -46,10 +46,11 @@ class UpdateUserList(BaseModel):
 )
 async def check_union_member(
     surname: constr(strip_whitespace=True, to_upper=True, min_length=1),
-    number: constr(strip_whitespace=True, to_upper=True, min_length=1),
+    number: Optional[str] = constr(strip_whitespace=True, to_upper=True, min_length=1),
     v: Optional[str] = __version__,
 ):
     """Проверяет наличие пользователя в списке."""
+
     surname = surname.upper()
     user = db.session.query(UnionMember)
     if not settings.ALLOW_STUDENT_NUMBER: