rzmk/learnhouse
1
0
Fork 0
mirror of https://github.com/rzmk/learnhouse.git synced 2025-12-19 04:19:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: update rbac_check to allow 'read' action for anonymous users

Browse source
This commit is contained in:
swve 2025-03-31 15:32:45 +02:00
parent 3b5c4f9d92
commit b3ef0eb10b
2 changed files with 5 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

8
apps/api/src/services/users/users.py
View file

@ -416,8 +416,7 @@ async def read_user_by_uuid(
detail="User does not exist",
)
# RBAC check
await rbac_check(request, current_user, "read", user.user_uuid, db_session)
user = UserRead.model_validate(user)
@ -440,8 +439,7 @@ async def read_user_by_username(
detail="User does not exist",
)
# RBAC check
await rbac_check(request, current_user, "read", user.user_uuid, db_session)
user = UserRead.model_validate(user)
@ -587,7 +585,7 @@ async def rbac_check(
user_uuid: str,
db_session: Session,
):
if action == "create":
if action == "create" or action == "read":
if current_user.id == 0: # if user is anonymous
return True
else:

4
apps/web/services/users/users.ts
View file

@ -10,7 +10,7 @@ import {
export async function getUser(user_id: string, access_token: string) {
const result = await fetch(
`${getAPIUrl()}users/id/${user_id}`,
RequestBodyWithAuthHeader('GET', null, null, access_token)
RequestBody('GET', null, null)
)
const res = await errorHandling(result)
return res
@ -19,7 +19,7 @@ export async function getUser(user_id: string, access_token: string) {
export async function getUserByUsername(username: string, access_token: string) {
const result = await fetch(
`${getAPIUrl()}users/username/${username}`,
RequestBodyWithAuthHeader('GET', null, null, access_token)
RequestBody('GET', null, null)
)
const res = await errorHandling(result)
return res