rzmk/learnhouse
1
0
Fork 0
mirror of https://github.com/rzmk/learnhouse.git synced 2025-12-19 04:19:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: public courses & collections bug

Browse source
This commit is contained in:
swve 2023-12-23 12:20:54 +01:00
parent d3853c69ce
commit d939dc16eb
7 changed files with 87 additions and 46 deletions
Download patch file Download diff file Expand all files Collapse all files

20
apps/api/src/security/rbac/rbac.py
View file

@ -21,36 +21,28 @@ async def authorization_verify_if_element_is_public(
# Verifies if the element is public
if element_nature == ("courses" or "collections") and action == "read":
if element_nature == "courses":
print("looking for course")
statement = select(Course).where(
Course.public is True, Course.course_uuid == element_uuid
Course.public == True, Course.course_uuid == element_uuid
)
course = db_session.exec(statement).first()
if course:
return True
else:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="User rights (public content) : You don't have the right to perform this action",
)
return False
if element_nature == "collections":
statement = select(Collection).where(
Collection.public is True, Collection.collection_uuid == element_uuid
Collection.public == True, Collection.collection_uuid == element_uuid
)
collection = db_session.exec(statement).first()
if collection:
return True
else:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="User rights (public content) : You don't have the right to perform this action",
)
return False
else:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="User rights (public content) : You don't have the right to perform this action",
)
return False
# Tested and working