From 18f70130c34e9dd7b638528c464e9d4c065fca23 Mon Sep 17 00:00:00 2001 From: Roman Dyakov Date: Sat, 6 Apr 2024 03:12:50 +0300 Subject: [PATCH 1/4] Lecturer Photo Security --- calendar_backend/routes/lecturer/photo.py | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/calendar_backend/routes/lecturer/photo.py b/calendar_backend/routes/lecturer/photo.py index 87e329ff..b75d4434 100644 --- a/calendar_backend/routes/lecturer/photo.py +++ b/calendar_backend/routes/lecturer/photo.py @@ -1,5 +1,6 @@ -from fastapi import APIRouter, File, UploadFile +from fastapi import APIRouter, Depends, File, UploadFile from fastapi_sqlalchemy import db +from auth_lib.fastapi import UnionAuth from calendar_backend.exceptions import ObjectNotFound from calendar_backend.methods.image import get_photo_webpath, upload_lecturer_photo @@ -14,7 +15,11 @@ @router.post("/photo", response_model=Photo) -async def upload_photo(lecturer_id: int, photo: UploadFile = File(...)) -> Photo: +async def upload_photo( + lecturer_id: int, + photo: UploadFile = File(...), + _=Depends(UnionAuth(scopes=["timetable.lecturer.photo.create"])), +) -> Photo: """Загрузить фотографию преподавателя из локального файла Пример загрузки файла на питоне @@ -50,7 +55,11 @@ async def get_lecturer_photos(lecturer_id: int, limit: int = 10, offset: int = 0 @router.delete("/photo/{id}", response_model=None) -async def delete_photo(id: int, lecturer_id: int) -> None: +async def delete_photo( + id: int, + lecturer_id: int, + _=Depends(UnionAuth(scopes=["timetable.lecturer.photo.delete"])), +) -> None: photo = DbPhoto.get(id, only_approved=False, session=db.session) if photo.lecturer_id != lecturer_id: raise ObjectNotFound(DbPhoto, id) From 56d237b645a64ae3785f51797c2ed1f7586cd7fe Mon Sep 17 00:00:00 2001 From: Roman Dyakov Date: Sat, 6 Apr 2024 03:12:57 +0300 Subject: [PATCH 2/4] Makefile --- Makefile | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/Makefile b/Makefile index 2ef49c1a..d42b352d 100644 --- a/Makefile +++ b/Makefile @@ -11,6 +11,12 @@ format: source ./venv/bin/activate && autoflake -r --in-place --remove-all-unused-imports ./calendar_backend source ./venv/bin/activate && isort ./calendar_backend source ./venv/bin/activate && black ./calendar_backend + source ./venv/bin/activate && autoflake -r --in-place --remove-all-unused-imports ./tests + source ./venv/bin/activate && isort ./tests + source ./venv/bin/activate && black ./tests + source ./venv/bin/activate && autoflake -r --in-place --remove-all-unused-imports ./migrations + source ./venv/bin/activate && isort ./migrations + source ./venv/bin/activate && black ./migrations db: docker run -d -p 5432:5432 -e POSTGRES_HOST_AUTH_METHOD=trust --name db-timetable_api postgres:15 From 2af0ad5f7469b5b12cf65626b6cf8ee1e09809af Mon Sep 17 00:00:00 2001 From: Roman Dyakov Date: Sat, 6 Apr 2024 03:13:08 +0300 Subject: [PATCH 3/4] Comment deprication --- calendar_backend/routes/lecturer/comment.py | 2 +- calendar_backend/routes/lecturer/comment_review.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/calendar_backend/routes/lecturer/comment.py b/calendar_backend/routes/lecturer/comment.py index e4c200d9..a9cd9e9f 100644 --- a/calendar_backend/routes/lecturer/comment.py +++ b/calendar_backend/routes/lecturer/comment.py @@ -10,7 +10,7 @@ settings = get_settings() -router = APIRouter(prefix="/lecturer/{lecturer_id}", tags=["Lecturer: Comment"]) +router = APIRouter(prefix="/lecturer/{lecturer_id}", tags=["Lecturer: Comment"], deprecated=True) @router.post("/comment/", response_model=CommentLecturer) diff --git a/calendar_backend/routes/lecturer/comment_review.py b/calendar_backend/routes/lecturer/comment_review.py index ddb296e2..e9381548 100644 --- a/calendar_backend/routes/lecturer/comment_review.py +++ b/calendar_backend/routes/lecturer/comment_review.py @@ -11,7 +11,7 @@ from calendar_backend.routes.models import CommentLecturer -router = APIRouter(prefix="/lecturer/{lecturer_id}/comment", tags=["Lecturer: Comment Review"]) +router = APIRouter(prefix="/lecturer/{lecturer_id}/comment", tags=["Lecturer: Comment Review"], deprecated=True) @router.get("/review/", response_model=list[CommentLecturer]) From f70092bbdeca487d7ae2ef8c4163d1e65ede1416 Mon Sep 17 00:00:00 2001 From: Roman Dyakov Date: Sat, 6 Apr 2024 03:13:34 +0300 Subject: [PATCH 4/4] Style --- calendar_backend/routes/lecturer/photo.py | 2 +- calendar_backend/settings.py | 2 +- migrations/versions/63263ee9e08e_fix_photo_paths.py | 1 - 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/calendar_backend/routes/lecturer/photo.py b/calendar_backend/routes/lecturer/photo.py index b75d4434..aebb0392 100644 --- a/calendar_backend/routes/lecturer/photo.py +++ b/calendar_backend/routes/lecturer/photo.py @@ -1,6 +1,6 @@ +from auth_lib.fastapi import UnionAuth from fastapi import APIRouter, Depends, File, UploadFile from fastapi_sqlalchemy import db -from auth_lib.fastapi import UnionAuth from calendar_backend.exceptions import ObjectNotFound from calendar_backend.methods.image import get_photo_webpath, upload_lecturer_photo diff --git a/calendar_backend/settings.py b/calendar_backend/settings.py index 573000ce..7658af36 100644 --- a/calendar_backend/settings.py +++ b/calendar_backend/settings.py @@ -2,7 +2,7 @@ from functools import lru_cache from auth_lib.fastapi import UnionAuthSettings -from pydantic import AnyHttpUrl, ConfigDict, DirectoryPath, Json, PostgresDsn +from pydantic import AnyHttpUrl, ConfigDict, DirectoryPath, PostgresDsn from pydantic_settings import BaseSettings diff --git a/migrations/versions/63263ee9e08e_fix_photo_paths.py b/migrations/versions/63263ee9e08e_fix_photo_paths.py index 4841162d..cb31fea1 100644 --- a/migrations/versions/63263ee9e08e_fix_photo_paths.py +++ b/migrations/versions/63263ee9e08e_fix_photo_paths.py @@ -6,7 +6,6 @@ """ -import sqlalchemy as sa from alembic import op