From 3f2d9d2b9f61176f7783fc9a149bbc9c043a3e6a Mon Sep 17 00:00:00 2001 From: swve Date: Mon, 24 Apr 2023 20:42:25 +0200 Subject: [PATCH] feat: deny anonymous user from getting orgs --- src/services/orgs.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/services/orgs.py b/src/services/orgs.py index a0de2f47..7934ff86 100644 --- a/src/services/orgs.py +++ b/src/services/orgs.py @@ -149,6 +149,12 @@ async def get_orgs_by_user(request: Request, user_id: str, page: int = 1, limit: orgs = request.app.db["organizations"] user = request.app.db["users"] + if user_id is "anonymous": + + # raise error + raise HTTPException( + status_code=status.HTTP_409_CONFLICT, detail="User not logged in") + # get user orgs user_orgs = await user.find_one({"user_id": user_id})