From 36419ce8b695f1f9a569e4eec9ef61c689aa1b76 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=94=D0=BC=D0=B8=D1=82=D1=80=D0=BE=20=D0=A0=D1=94=D0=B7?= =?UTF-8?q?=D1=94=D0=BD=D0=BA=D0=BE=D0=B2?= <108422398+RezenkovD@users.noreply.github.com> Date: Fri, 9 Feb 2024 20:34:06 +0200 Subject: [PATCH] feat: change user permissions (#39) * feat: add HiddenUserModel schema * feat: hidden login from user list and only for auth persons * feat: add block updating to inactive group --- src/routers/user.py | 8 ++++++-- src/schemas/__init__.py | 1 + src/schemas/user.py | 7 +++++++ src/services/expense.py | 9 ++++----- tests/test_endpoints/test_user_e.py | 2 -- 5 files changed, 18 insertions(+), 9 deletions(-) diff --git a/src/routers/user.py b/src/routers/user.py index 699e24c..36e6498 100644 --- a/src/routers/user.py +++ b/src/routers/user.py @@ -20,6 +20,7 @@ from schemas import ( UserBalance, UserModel, + HiddenUserModel, UserTotalExpenses, UserTotalReplenishments, UserHistory, @@ -39,8 +40,11 @@ def check_authentication(authenticated: bool = Depends(is_user_authenticated)): return authenticated -@router.get("/", response_model=Page[UserModel]) -def read_users(db: Session = Depends(get_db)) -> Page[UserModel]: +@router.get("/", response_model=Page[HiddenUserModel]) +def read_users( + db: Session = Depends(get_db), + current_user: User = Depends(get_current_user), +) -> Page[HiddenUserModel]: return paginate(db, select(User)) diff --git a/src/schemas/__init__.py b/src/schemas/__init__.py index 83f8ce1..a3851cb 100644 --- a/src/schemas/__init__.py +++ b/src/schemas/__init__.py @@ -1,6 +1,7 @@ from .user import ( BaseUser, UserModel, + HiddenUserModel, UserTotalExpenses, UserTotalReplenishments, UserHistory, diff --git a/src/schemas/user.py b/src/schemas/user.py index cd7360e..631627b 100644 --- a/src/schemas/user.py +++ b/src/schemas/user.py @@ -15,6 +15,13 @@ class UserModel(BaseUser): picture: Optional[str] +class HiddenUserModel(BaseModel): + id: int + first_name: str + last_name: str + picture: Optional[str] + + class UserTotalExpenses(BaseModel): amount: float percentage_increase: float diff --git a/src/services/expense.py b/src/services/expense.py index 716894c..f76fe19 100644 --- a/src/services/expense.py +++ b/src/services/expense.py @@ -68,11 +68,10 @@ def validate_expense_update( detail="You are not a user of the group specified to update expenses!", ) if db_user_group.status == GroupStatusEnum.INACTIVE: - if group_id != expense.group_id: - raise HTTPException( - status_code=status.HTTP_405_METHOD_NOT_ALLOWED, - detail="The user is not active in group specified to update expenses!", - ) + raise HTTPException( + status_code=status.HTTP_405_METHOD_NOT_ALLOWED, + detail="The user is not active in group specified to update expenses!", + ) try: db.query(CategoryGroup).filter_by( category_id=expense.category_id, diff --git a/tests/test_endpoints/test_user_e.py b/tests/test_endpoints/test_user_e.py index 2bb1cee..26ef77c 100644 --- a/tests/test_endpoints/test_user_e.py +++ b/tests/test_endpoints/test_user_e.py @@ -21,14 +21,12 @@ def setUp(self) -> None: self.users_data = [ { "id": self.first_user.id, - "login": self.first_user.login, "first_name": self.first_user.first_name, "last_name": self.first_user.last_name, "picture": self.first_user.picture, }, { "id": self.second_user.id, - "login": self.second_user.login, "first_name": self.second_user.first_name, "last_name": self.second_user.last_name, "picture": self.second_user.picture,