rzmk/learnhouse
1
0
Fork 0
mirror of https://github.com/rzmk/learnhouse.git synced 2025-12-19 04:19:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: verify org_id for courses & lectures

Browse source
This commit is contained in:
swve 2023-03-22 22:28:24 +01:00
parent 48cf26790a
commit 98b470f2ab
5 changed files with 55 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

9
src/services/courses/courses.py
View file

@ -141,12 +141,9 @@ async def create_course(request: Request, course_object: Course, org_id: str, cu
# TODO(fix) : the implementation here is clearly not the best one (this entire function)
course_object.org_id = org_id
hasRoleRights = await verify_user_rights_with_roles(request, "create", current_user.user_id, course_id)
if not hasRoleRights:
raise HTTPException(
status_code=status.HTTP_409_CONFLICT, detail="Roles : Insufficient rights to perform this action")
await verify_user_rights_with_roles(request, "create", current_user.user_id, course_id,org_id)
if thumbnail_file:
name_in_disk = f"{course_id}_thumbnail_{uuid4()}.{thumbnail_file.filename.split('.')[-1]}"
await upload_thumbnail(thumbnail_file, name_in_disk)
@ -290,7 +287,7 @@ async def verify_rights(request: Request, course_id: str, current_user: PublicUs
raise HTTPException(
status_code=status.HTTP_409_CONFLICT, detail=f"Course/CourseChapter does not exist")
hasRoleRights = await verify_user_rights_with_roles(request, action, current_user.user_id, course_id)
hasRoleRights = await verify_user_rights_with_roles(request, action, current_user.user_id, course_id, course["org_id"])
isAuthor = current_user.user_id in course["authors"]
if not hasRoleRights and not isAuthor: