Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Добавил проверку на наличие скоупа print.file.send #88

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
36 changes: 27 additions & 9 deletions print_service/routes/file.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@

import aiofiles
import aiofiles.os
from auth_lib.fastapi import UnionAuth
from fastapi import APIRouter, File, UploadFile
from fastapi.exceptions import HTTPException
from fastapi.params import Depends
Expand Down Expand Up @@ -63,7 +64,8 @@ class SendInput(BaseModel):
description='Фамилия',
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

смотри, surname тоже становится необязательным для пользователей со скоупом, давай учтем это

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

str | None
default = None

example='Иванов',
)
number: str = Field(
number: str | None = Field(
default=None,
description='Номер профсоюзного или студенческого билетов',
example='1015000',
)
Expand Down Expand Up @@ -96,6 +98,10 @@ class ReceiveOutput(BaseModel):


# endregion
def has_send_scope(
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

давай не будем это выносить в отдельную функцию

union_auth: UnionAuth = Depends(UnionAuth(scopes=["print.file.send"], allow_none=True))
):
return union_auth is not None


# region handlers
Expand All @@ -107,21 +113,33 @@ class ReceiveOutput(BaseModel):
},
response_model=SendOutput,
)
async def send(inp: SendInput, settings: Settings = Depends(get_settings)):
async def send(
inp: SendInput,
Temmmmmo marked this conversation as resolved.
Show resolved Hide resolved
has_send_scope: bool = Depends(has_send_scope),
Temmmmmo marked this conversation as resolved.
Show resolved Hide resolved
settings: Settings = Depends(get_settings),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

депендс пропишем прям тут, это норм

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

депендс от юнионаутха я имею в виду

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

назовем его user, тогда в дальнейшем оттуда мы сможем еще получать user_id

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

auth_user

):
"""Получить пин код для загрузки и скачивания файла.

Полученный пин-код можно использовать в методах POST и GET `/file/{pin}`.
"""
if not has_send_scope and inp.number is None:
raise NotInUnion()

user = db.session.query(UnionMember)
if not settings.ALLOW_STUDENT_NUMBER:
user = user.filter(UnionMember.union_number != None)
user = user.filter(
or_(
func.upper(UnionMember.student_number) == inp.number.upper(),
func.upper(UnionMember.union_number) == inp.number.upper(),
),
func.upper(UnionMember.surname) == inp.surname.upper(),
).one_or_none()
if inp.number is not None:
BombinBM marked this conversation as resolved.
Show resolved Hide resolved
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

and inp.surname is not None

user = user.filter(
or_(
func.upper(UnionMember.student_number) == inp.number.upper(),
func.upper(UnionMember.union_number) == inp.number.upper(),
),
func.upper(UnionMember.surname) == inp.surname.upper(),
).one_or_none()
else:
BombinBM marked this conversation as resolved.
Show resolved Hide resolved
user = user.filter(
func.upper(UnionMember.surname) == inp.surname.upper(),
)
if not user:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

вот тут добавим также проверку на наличие скоупа

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

то есть если у чела не прописаны ни номер билета, ни фио, ни студак, но при этом есть скоуп, то все хорошо, ошибку не рейзим

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if user is None

raise NotInUnion()
try:
Expand Down
3 changes: 2 additions & 1 deletion print_service/routes/user.py
Original file line number Diff line number Diff line change
Expand Up @@ -46,10 +46,11 @@ class UpdateUserList(BaseModel):
)
async def check_union_member(
surname: constr(strip_whitespace=True, to_upper=True, min_length=1),
number: constr(strip_whitespace=True, to_upper=True, min_length=1),
number: Optional[str] = constr(strip_whitespace=True, to_upper=True, min_length=1),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

не уверен, что тут надо делать поле опциональным
т.к. для пользователей со скоупом в принципе не планируется прокидывание проверки на присутствие в профсоюзе

v: Optional[str] = __version__,
):
"""Проверяет наличие пользователя в списке."""

surname = surname.upper()
user = db.session.query(UnionMember)
if not settings.ALLOW_STUDENT_NUMBER:
Expand Down
Loading