Spaces:
Runtime error
Runtime error
File size: 1,699 Bytes
71a3948 3358b33 71a3948 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 |
from fastapi import APIRouter, Depends, HTTPException, status
from sqlmodel import Session
from src.database import get_session
from src.auth import get_current_active_user
from src.models import User, Role, ClearanceStatus, ClearanceUpdate, ClearanceStatusRead
from src.crud import clearance as clearance_crud
router = APIRouter(
prefix="/clearance",
tags=["Clearance"],
dependencies=[Depends(get_current_active_user(required_roles=[Role.STAFF, Role.ADMIN]))],
)
@router.put("/update", response_model=ClearanceStatusRead)
def update_student_clearance_status(
clearance_update: ClearanceUpdate,
db: Session = Depends(get_session),
# The current_user object is injected by the dependency
current_user: User = Depends(get_current_active_user(required_roles=[Role.STAFF, Role.ADMIN]))
):
"""
Endpoint for staff to update a student's clearance status.
A staff member can only approve for their own department.
(Future enhancement could enforce this rule more strictly).
"""
# A potential security check: ensure staff's department matches clearance_update.department
# For now, we trust the role.
if current_user.department != clearance_update.department:
raise HTTPException(status_code=403, detail="You can only update clearances for your department.")
updated_status = clearance_crud.update_clearance_status(db, clearance_update)
if not updated_status:
raise HTTPException(
status_code=status.HTTP_404_NOT_FOUND,
detail=f"No clearance record found for student {clearance_update.matric_no} in department {clearance_update.department}"
)
return updated_status
|