rzmk/learnhouse
1
0
Fork 0
mirror of https://github.com/rzmk/learnhouse.git synced 2025-12-19 04:19:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: update rbac_check to allow 'read' action for anonymous users

Browse source
This commit is contained in:
swve 2025-03-31 15:32:45 +02:00
parent 3b5c4f9d92
commit b3ef0eb10b
2 changed files with 5 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

8
apps/api/src/services/users/users.py
View file

@ -416,8 +416,7 @@ async def read_user_by_uuid(
detail="User does not exist",
)
# RBAC check
await rbac_check(request, current_user, "read", user.user_uuid, db_session)
user = UserRead.model_validate(user)
@ -440,8 +439,7 @@ async def read_user_by_username(
detail="User does not exist",
)
# RBAC check
await rbac_check(request, current_user, "read", user.user_uuid, db_session)
user = UserRead.model_validate(user)
@ -587,7 +585,7 @@ async def rbac_check(
user_uuid: str,
db_session: Session,
):
if action == "create":
if action == "create" or action == "read":
if current_user.id == 0: # if user is anonymous
return True
else: