feat: various improvements

wip: frontend feat: enable cascade on foreign keys wip1 wip2 fix chapters issues wip4
2025-12-19 04:19:25 +00:00 · 2023-11-29 22:29:48 +01:00 · 2023-11-29 22:29:48 +01:00 · 187f75e583
commit 187f75e583
parent 2bf80030d7
71 changed files with 879 additions and 568 deletions
--- a/apps/api/src/services/users/users.py
+++ b/apps/api/src/services/users/users.py
@ -279,6 +279,37 @@ async def read_user_by_uuid(
    return user


+async def authorize_user_action(
+    request: Request,
+    db_session: Session,
+    current_user: PublicUser | AnonymousUser,
+    ressource_uuid: str,
+    action: Literal["create", "read", "update", "delete"],
+):
+    # Get user
+    statement = select(User).where(User.user_uuid == current_user.user_uuid)
+    user = db_session.exec(statement).first()
+
+    if not user:
+        raise HTTPException(
+            status_code=400,
+            detail="User does not exist",
+        )
+
+    # RBAC check
+    authorized = await authorization_verify_based_on_roles_and_authorship(
+        request, current_user.id, action, ressource_uuid, db_session
+    )
+
+    if authorized:
+        return True
+    else:
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail="You are not authorized to perform this action",
+        )
+
+
 async def delete_user_by_id(
    request: Request,
    db_session: Session,
@ -350,7 +381,7 @@ async def rbac_check(
            return True

        await authorization_verify_based_on_roles_and_authorship(
-            request, current_user.id, "read", action, db_session
+            request, current_user.id, action, user_uuid, db_session
        )