feat: change user permissions (#39)

* feat: add HiddenUserModel schema * feat: hidden login from user list and only for auth persons * feat: add block updating to inactive group
RezenkovD · Feb 9, 2024 · 36419ce · 36419ce
1 parent 395990a
commit 36419ce
Show file tree

Hide file tree

Showing 5 changed files with 18 additions and 9 deletions.
diff --git a/src/routers/user.py b/src/routers/user.py
@@ -20,6 +20,7 @@
 from schemas import (
     UserBalance,
     UserModel,
+    HiddenUserModel,
     UserTotalExpenses,
     UserTotalReplenishments,
     UserHistory,
@@ -39,8 +40,11 @@ def check_authentication(authenticated: bool = Depends(is_user_authenticated)):
     return authenticated
 
 
-@router.get("/", response_model=Page[UserModel])
-def read_users(db: Session = Depends(get_db)) -> Page[UserModel]:
+@router.get("/", response_model=Page[HiddenUserModel])
+def read_users(
+    db: Session = Depends(get_db),
+    current_user: User = Depends(get_current_user),
+) -> Page[HiddenUserModel]:
     return paginate(db, select(User))
 
 

diff --git a/src/schemas/__init__.py b/src/schemas/__init__.py
@@ -1,6 +1,7 @@
 from .user import (
     BaseUser,
     UserModel,
+    HiddenUserModel,
     UserTotalExpenses,
     UserTotalReplenishments,
     UserHistory,

diff --git a/src/schemas/user.py b/src/schemas/user.py
@@ -15,6 +15,13 @@ class UserModel(BaseUser):
     picture: Optional[str]
 
 
+class HiddenUserModel(BaseModel):
+    id: int
+    first_name: str
+    last_name: str
+    picture: Optional[str]
+
+
 class UserTotalExpenses(BaseModel):
     amount: float
     percentage_increase: float

diff --git a/src/services/expense.py b/src/services/expense.py
@@ -68,11 +68,10 @@ def validate_expense_update(
             detail="You are not a user of the group specified to update expenses!",
         )
     if db_user_group.status == GroupStatusEnum.INACTIVE:
-        if group_id != expense.group_id:
-            raise HTTPException(
-                status_code=status.HTTP_405_METHOD_NOT_ALLOWED,
-                detail="The user is not active in group specified to update expenses!",
-            )
+        raise HTTPException(
+            status_code=status.HTTP_405_METHOD_NOT_ALLOWED,
+            detail="The user is not active in group specified to update expenses!",
+        )
     try:
         db.query(CategoryGroup).filter_by(
             category_id=expense.category_id,

diff --git a/tests/test_endpoints/test_user_e.py b/tests/test_endpoints/test_user_e.py
@@ -21,14 +21,12 @@ def setUp(self) -> None:
         self.users_data = [
             {
                 "id": self.first_user.id,
-                "login": self.first_user.login,
                 "first_name": self.first_user.first_name,
                 "last_name": self.first_user.last_name,
                 "picture": self.first_user.picture,
             },
             {
                 "id": self.second_user.id,
-                "login": self.second_user.login,
                 "first_name": self.second_user.first_name,
                 "last_name": self.second_user.last_name,
                 "picture": self.second_user.picture,