app/verify_access.py

from fastapi import Depends, HTTPException
from app.get_current_users import get_current_user

async def verify_access(chatbot_id: str, current_user: dict = Depends(get_current_user)):
    allowed_ids = [c["chatbot_id"] for c in current_user.get("chatbots", [])]
    if chatbot_id not in allowed_ids:
        raise HTTPException(status_code=403, detail="Not authorized to access this chatbot")
    return True