fix: public courses & collections bug

2025-12-19 04:19:25 +00:00 · 2023-12-23 12:20:54 +01:00 · 2023-12-23 12:20:54 +01:00 · d939dc16eb
commit d939dc16eb
parent d3853c69ce
7 changed files with 87 additions and 46 deletions
--- a/apps/api/src/services/courses/chapters.py
+++ b/apps/api/src/services/courses/chapters.py
@ -5,6 +5,7 @@ from sqlmodel import Session, select
 from src.db.users import AnonymousUser
 from src.security.rbac.rbac import (
    authorization_verify_based_on_roles_and_authorship,
+    authorization_verify_if_element_is_public,
    authorization_verify_if_user_is_anon,
 )
 from src.db.course_chapters import CourseChapter
@ -541,15 +542,28 @@ async def rbac_check(
    action: Literal["create", "read", "update", "delete"],
    db_session: Session,
 ):
-    await authorization_verify_if_user_is_anon(current_user.id)
+    if action == "read":
+        if current_user.id == 0:  # Anonymous user
+            res = await authorization_verify_if_element_is_public(
+                request, course_uuid, action, db_session
+            )
+            print('res',res)
+            return res
+        else:
+            res = await authorization_verify_based_on_roles_and_authorship(
+                request, current_user.id, action, course_uuid, db_session
+            )
+            return res
+    else:
+        await authorization_verify_if_user_is_anon(current_user.id)

-    await authorization_verify_based_on_roles_and_authorship(
-        request,
-        current_user.id,
-        action,
-        course_uuid,
-        db_session,
-    )
+        await authorization_verify_based_on_roles_and_authorship(
+            request,
+            current_user.id,
+            action,
+            course_uuid,
+            db_session,
+        )


 ## 🔒 RBAC Utils ##