-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Добавил проверку на наличие скоупа print.file.send #88
base: main
Are you sure you want to change the base?
The head ref may contain hidden characters: "80-\u0434\u043E\u0431\u0430\u0432\u043B\u0435\u043D\u0438\u0435-\u0430\u0443\u0442\u0445\u0430-\u0432-\u043F\u0440\u0438\u043D\u0442\u0435\u0440-\u043A\u0430\u043A-\u0432\u0442\u043E\u0440\u043E\u0433\u043E-\u043C\u0435\u0442\u043E\u0434\u0430-\u0430\u0432\u0442\u043E\u0440\u0438\u0437\u0430\u0446\u0438\u0438"
Changes from 4 commits
7e393cb
0806500
bddbf23
c176e5b
e10bd4c
bc7a101
76d631d
42764ae
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -4,6 +4,7 @@ | |
|
||
import aiofiles | ||
import aiofiles.os | ||
from auth_lib.fastapi import UnionAuth | ||
from fastapi import APIRouter, File, UploadFile | ||
from fastapi.exceptions import HTTPException | ||
from fastapi.params import Depends | ||
|
@@ -63,7 +64,8 @@ class SendInput(BaseModel): | |
description='Фамилия', | ||
example='Иванов', | ||
) | ||
number: str = Field( | ||
number: str | None = Field( | ||
default=None, | ||
description='Номер профсоюзного или студенческого билетов', | ||
example='1015000', | ||
) | ||
|
@@ -96,6 +98,10 @@ class ReceiveOutput(BaseModel): | |
|
||
|
||
# endregion | ||
def has_send_scope( | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. давай не будем это выносить в отдельную функцию |
||
union_auth: UnionAuth = Depends(UnionAuth(scopes=["print.file.send"], allow_none=True)) | ||
): | ||
return union_auth is not None | ||
|
||
|
||
# region handlers | ||
|
@@ -107,21 +113,33 @@ class ReceiveOutput(BaseModel): | |
}, | ||
response_model=SendOutput, | ||
) | ||
async def send(inp: SendInput, settings: Settings = Depends(get_settings)): | ||
async def send( | ||
inp: SendInput, | ||
Temmmmmo marked this conversation as resolved.
Show resolved
Hide resolved
|
||
has_send_scope: bool = Depends(has_send_scope), | ||
Temmmmmo marked this conversation as resolved.
Show resolved
Hide resolved
|
||
settings: Settings = Depends(get_settings), | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. депендс пропишем прям тут, это норм There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. депендс от юнионаутха я имею в виду There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. назовем его user, тогда в дальнейшем оттуда мы сможем еще получать user_id There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. auth_user |
||
): | ||
"""Получить пин код для загрузки и скачивания файла. | ||
|
||
Полученный пин-код можно использовать в методах POST и GET `/file/{pin}`. | ||
""" | ||
if not has_send_scope and inp.number is None: | ||
raise NotInUnion() | ||
|
||
user = db.session.query(UnionMember) | ||
if not settings.ALLOW_STUDENT_NUMBER: | ||
user = user.filter(UnionMember.union_number != None) | ||
user = user.filter( | ||
or_( | ||
func.upper(UnionMember.student_number) == inp.number.upper(), | ||
func.upper(UnionMember.union_number) == inp.number.upper(), | ||
), | ||
func.upper(UnionMember.surname) == inp.surname.upper(), | ||
).one_or_none() | ||
if inp.number is not None: | ||
BombinBM marked this conversation as resolved.
Show resolved
Hide resolved
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. and inp.surname is not None |
||
user = user.filter( | ||
or_( | ||
func.upper(UnionMember.student_number) == inp.number.upper(), | ||
func.upper(UnionMember.union_number) == inp.number.upper(), | ||
), | ||
func.upper(UnionMember.surname) == inp.surname.upper(), | ||
).one_or_none() | ||
else: | ||
BombinBM marked this conversation as resolved.
Show resolved
Hide resolved
|
||
user = user.filter( | ||
func.upper(UnionMember.surname) == inp.surname.upper(), | ||
) | ||
if not user: | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. вот тут добавим также проверку на наличие скоупа There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. то есть если у чела не прописаны ни номер билета, ни фио, ни студак, но при этом есть скоуп, то все хорошо, ошибку не рейзим There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. if user is None |
||
raise NotInUnion() | ||
try: | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -46,10 +46,11 @@ class UpdateUserList(BaseModel): | |
) | ||
async def check_union_member( | ||
surname: constr(strip_whitespace=True, to_upper=True, min_length=1), | ||
number: constr(strip_whitespace=True, to_upper=True, min_length=1), | ||
number: Optional[str] = constr(strip_whitespace=True, to_upper=True, min_length=1), | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. не уверен, что тут надо делать поле опциональным |
||
v: Optional[str] = __version__, | ||
): | ||
"""Проверяет наличие пользователя в списке.""" | ||
|
||
surname = surname.upper() | ||
user = db.session.query(UnionMember) | ||
if not settings.ALLOW_STUDENT_NUMBER: | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
смотри, surname тоже становится необязательным для пользователей со скоупом, давай учтем это
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
str | None
default = None