rzmk/learnhouse
1
0
Fork 0
mirror of https://github.com/rzmk/learnhouse.git synced 2025-12-19 04:19:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor: update RBAC check logic and improve comments in get_certificate_by_user_certification_uuid function

Browse source
This commit is contained in:
swve 2025-07-20 11:29:37 +02:00
parent f84529e467
commit 0138174f6a
1 changed files with 2 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

7
apps/api/src/services/courses/certifications.py
View file

@ -425,7 +425,7 @@ async def get_certificate_by_user_certification_uuid(
detail="Certification not found", detail="Certification not found",
) )
# Get course for RBAC check # Get course information
statement = select(Course).where(Course.id == certification.course_id) statement = select(Course).where(Course.id == certification.course_id)
course = db_session.exec(statement).first() course = db_session.exec(statement).first()
@ -435,10 +435,7 @@ async def get_certificate_by_user_certification_uuid(
detail="Course not found", detail="Course not found",
) )
# RBAC check - allow read access to the certificate owner or course owners/admins # No RBAC check - allow anyone to access certificates by UUID
if current_user.id != certificate_user.user_id:
# If not the certificate owner, check course access
await rbac_check(request, course.course_uuid, current_user, "read", db_session)
return { return {
"certificate_user": CertificateUserRead(**certificate_user.model_dump()), "certificate_user": CertificateUserRead(**certificate_user.model_dump()),