Skip to content

Commit

Permalink
Feature: add permissions on expenses (#35)
Browse files Browse the repository at this point in the history 
* feat: remove block del and upd expenses on inactive group

* feat: remove permissions to check group expenses inactive user

* cd: add pkill -f 'uvicorn main:app'
  • Loading branch information
@RezenkovD
RezenkovD authored Jan 24, 2024
1 parent a56ac66 commit d29a05b
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 6 deletions.
2 changes: 2 additions & 0 deletions .github/workflows/ci-cd.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -166,6 +166,8 @@ jobs:
export GOOGLE_SECRET='${{ secrets.GOOGLE_SECRET }}'
export ALLOWED_HOSTS='${{ secrets.ALLOWED_HOSTS }}'
export DOMAIN_NAME='${{ secrets.DOMAIN_NAME }}'
pkill -f "uvicorn main:app"
git pull
pip3 install -r requirements.txt
Expand Down
16 changes: 10 additions & 6 deletions src/services/expense.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ def validate_input_data(
group_id: int,
expense: ExpenseCreate = None,
expense_id: int = None,
is_create: bool = False,
) -> None:
try:
db_user_group = (
Expand All @@ -29,11 +30,12 @@ def validate_input_data(
status_code=status.HTTP_404_NOT_FOUND,
detail="You are not a user of this group!",
)
if db_user_group.status == GroupStatusEnum.INACTIVE:
raise HTTPException(
status_code=status.HTTP_405_METHOD_NOT_ALLOWED,
detail="The user is not active in this group!",
)
if is_create:
if db_user_group.status == GroupStatusEnum.INACTIVE:
raise HTTPException(
status_code=status.HTTP_405_METHOD_NOT_ALLOWED,
detail="The user is not active in this group!",
)
if expense:
try:
db.query(CategoryGroup).filter_by(
Expand All @@ -58,7 +60,9 @@ def validate_input_data(
def create_expense(
db: Session, user_id: int, group_id: int, expense: ExpenseCreate
) -> ExpenseModel:
validate_input_data(db=db, user_id=user_id, group_id=group_id, expense=expense)
validate_input_data(
db=db, user_id=user_id, group_id=group_id, expense=expense, is_create=True
)
db_expense = Expense(**expense.dict())
db_expense.user_id = user_id
db_expense.group_id = group_id
Expand Down
15 changes: 15 additions & 0 deletions src/services/group.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,21 @@ def group_member_validate_input_data(

def read_group_history(db: Session, user_id: int, group_id: int) -> List[GroupHistory]:
user_validate_input_date(db, user_id, group_id)
try:
(
db.query(UserGroup)
.filter_by(
user_id=user_id,
group_id=group_id,
status=GroupStatusEnum.ACTIVE,
)
.one()
)
except exc.NoResultFound:
raise HTTPException(
status_code=status.HTTP_405_METHOD_NOT_ALLOWED,
detail="The user is not active in this group!",
)
history = (
select(
Expense.id,
Expand Down

0 comments on commit d29a05b

Please sign in to comment.