Spaces:
Sleeping
Sleeping
Commit ·
3895783
1
Parent(s): 29a77af
role id fix
Browse files
app/dashboard/controllers/router.py
CHANGED
|
@@ -151,7 +151,7 @@ async def bulk_refresh_dashboards(
|
|
| 151 |
"""
|
| 152 |
try:
|
| 153 |
# TODO: Add admin role check
|
| 154 |
-
# if current_user.
|
| 155 |
# raise HTTPException(status_code=403, detail="Admin access required")
|
| 156 |
|
| 157 |
results = await dashboard_mongo.bulk_refresh(partner_ids, limit)
|
|
|
|
| 151 |
"""
|
| 152 |
try:
|
| 153 |
# TODO: Add admin role check
|
| 154 |
+
# if current_user.role_id != "admin":
|
| 155 |
# raise HTTPException(status_code=403, detail="Admin access required")
|
| 156 |
|
| 157 |
results = await dashboard_mongo.bulk_refresh(partner_ids, limit)
|
app/dependencies/auth.py
CHANGED
|
@@ -19,7 +19,7 @@ class TokenUser(BaseModel):
|
|
| 19 |
"""Lightweight user model from JWT token payload."""
|
| 20 |
user_id: str
|
| 21 |
username: str
|
| 22 |
-
|
| 23 |
merchant_id: Optional[str] = None
|
| 24 |
merchant_type: Optional[str] = None
|
| 25 |
partner_id: Optional[str] = None
|
|
@@ -76,7 +76,7 @@ async def get_current_user(
|
|
| 76 |
# Support both 'sub' and 'user_id' for user identification
|
| 77 |
user_id: str = payload.get("sub") or payload.get("user_id")
|
| 78 |
username: str = payload.get("username") or payload.get("email") or payload.get("phone")
|
| 79 |
-
role: str = payload.get("
|
| 80 |
merchant_id: str = payload.get("merchant_id")
|
| 81 |
merchant_type: str = payload.get("merchant_type")
|
| 82 |
partner_id: str = payload.get("partner_id") or user_id
|
|
@@ -89,7 +89,7 @@ async def get_current_user(
|
|
| 89 |
return TokenUser(
|
| 90 |
user_id=user_id,
|
| 91 |
username=username,
|
| 92 |
-
|
| 93 |
merchant_id=merchant_id,
|
| 94 |
merchant_type=merchant_type,
|
| 95 |
partner_id=partner_id,
|
|
@@ -118,7 +118,7 @@ async def require_admin_role(
|
|
| 118 |
current_user: TokenUser = Depends(get_current_user)
|
| 119 |
) -> TokenUser:
|
| 120 |
"""Require admin or super_admin role."""
|
| 121 |
-
if current_user.
|
| 122 |
raise HTTPException(
|
| 123 |
status_code=status.HTTP_403_FORBIDDEN,
|
| 124 |
detail="Admin privileges required"
|
|
@@ -130,7 +130,7 @@ async def require_super_admin_role(
|
|
| 130 |
current_user: TokenUser = Depends(get_current_user)
|
| 131 |
) -> TokenUser:
|
| 132 |
"""Require super_admin role."""
|
| 133 |
-
if current_user.
|
| 134 |
raise HTTPException(
|
| 135 |
status_code=status.HTTP_403_FORBIDDEN,
|
| 136 |
detail="Super admin privileges required"
|
|
@@ -143,7 +143,7 @@ def require_permission(permission: str):
|
|
| 143 |
async def permission_checker(
|
| 144 |
current_user: TokenUser = Depends(get_current_user)
|
| 145 |
) -> TokenUser:
|
| 146 |
-
if permission not in current_user.permissions and current_user.
|
| 147 |
raise HTTPException(
|
| 148 |
status_code=status.HTTP_403_FORBIDDEN,
|
| 149 |
detail=f"Permission '{permission}' required"
|
|
@@ -170,7 +170,7 @@ async def get_optional_user(
|
|
| 170 |
# Support both 'sub' and 'user_id' for user identification
|
| 171 |
user_id: str = payload.get("sub") or payload.get("user_id")
|
| 172 |
username: str = payload.get("username") or payload.get("email") or payload.get("phone")
|
| 173 |
-
role: str = payload.get("
|
| 174 |
merchant_id: str = payload.get("merchant_id")
|
| 175 |
merchant_type: str = payload.get("merchant_type")
|
| 176 |
partner_id: str = payload.get("partner_id") or user_id
|
|
@@ -181,7 +181,7 @@ async def get_optional_user(
|
|
| 181 |
return TokenUser(
|
| 182 |
user_id=user_id,
|
| 183 |
username=username,
|
| 184 |
-
|
| 185 |
merchant_id=merchant_id,
|
| 186 |
merchant_type=merchant_type,
|
| 187 |
partner_id=partner_id,
|
|
@@ -224,7 +224,7 @@ async def get_current_service_partners(
|
|
| 224 |
"user_id": current_user.user_id,
|
| 225 |
"username": current_user.username,
|
| 226 |
"partner_id": current_user.partner_id,
|
| 227 |
-
"
|
| 228 |
"email": current_user.email,
|
| 229 |
"phone": current_user.phone,
|
| 230 |
"user_type": current_user.user_type,
|
|
|
|
| 19 |
"""Lightweight user model from JWT token payload."""
|
| 20 |
user_id: str
|
| 21 |
username: str
|
| 22 |
+
role_id: str
|
| 23 |
merchant_id: Optional[str] = None
|
| 24 |
merchant_type: Optional[str] = None
|
| 25 |
partner_id: Optional[str] = None
|
|
|
|
| 76 |
# Support both 'sub' and 'user_id' for user identification
|
| 77 |
user_id: str = payload.get("sub") or payload.get("user_id")
|
| 78 |
username: str = payload.get("username") or payload.get("email") or payload.get("phone")
|
| 79 |
+
role: str = payload.get("role_id", "user")
|
| 80 |
merchant_id: str = payload.get("merchant_id")
|
| 81 |
merchant_type: str = payload.get("merchant_type")
|
| 82 |
partner_id: str = payload.get("partner_id") or user_id
|
|
|
|
| 89 |
return TokenUser(
|
| 90 |
user_id=user_id,
|
| 91 |
username=username,
|
| 92 |
+
role_id=role,
|
| 93 |
merchant_id=merchant_id,
|
| 94 |
merchant_type=merchant_type,
|
| 95 |
partner_id=partner_id,
|
|
|
|
| 118 |
current_user: TokenUser = Depends(get_current_user)
|
| 119 |
) -> TokenUser:
|
| 120 |
"""Require admin or super_admin role."""
|
| 121 |
+
if current_user.role_id not in ["admin", "super_admin"]:
|
| 122 |
raise HTTPException(
|
| 123 |
status_code=status.HTTP_403_FORBIDDEN,
|
| 124 |
detail="Admin privileges required"
|
|
|
|
| 130 |
current_user: TokenUser = Depends(get_current_user)
|
| 131 |
) -> TokenUser:
|
| 132 |
"""Require super_admin role."""
|
| 133 |
+
if current_user.role_id != "super_admin":
|
| 134 |
raise HTTPException(
|
| 135 |
status_code=status.HTTP_403_FORBIDDEN,
|
| 136 |
detail="Super admin privileges required"
|
|
|
|
| 143 |
async def permission_checker(
|
| 144 |
current_user: TokenUser = Depends(get_current_user)
|
| 145 |
) -> TokenUser:
|
| 146 |
+
if permission not in current_user.permissions and current_user.role_id not in ["admin", "super_admin"]:
|
| 147 |
raise HTTPException(
|
| 148 |
status_code=status.HTTP_403_FORBIDDEN,
|
| 149 |
detail=f"Permission '{permission}' required"
|
|
|
|
| 170 |
# Support both 'sub' and 'user_id' for user identification
|
| 171 |
user_id: str = payload.get("sub") or payload.get("user_id")
|
| 172 |
username: str = payload.get("username") or payload.get("email") or payload.get("phone")
|
| 173 |
+
role: str = payload.get("role_id", "user")
|
| 174 |
merchant_id: str = payload.get("merchant_id")
|
| 175 |
merchant_type: str = payload.get("merchant_type")
|
| 176 |
partner_id: str = payload.get("partner_id") or user_id
|
|
|
|
| 181 |
return TokenUser(
|
| 182 |
user_id=user_id,
|
| 183 |
username=username,
|
| 184 |
+
role_id=role,
|
| 185 |
merchant_id=merchant_id,
|
| 186 |
merchant_type=merchant_type,
|
| 187 |
partner_id=partner_id,
|
|
|
|
| 224 |
"user_id": current_user.user_id,
|
| 225 |
"username": current_user.username,
|
| 226 |
"partner_id": current_user.partner_id,
|
| 227 |
+
"role_id": current_user.role_id,
|
| 228 |
"email": current_user.email,
|
| 229 |
"phone": current_user.phone,
|
| 230 |
"user_type": current_user.user_type,
|