diff --git a/main.py b/main.py index 1a20e3f..b5dcd00 100644 --- a/main.py +++ b/main.py @@ -50,9 +50,17 @@ async def lifespan(app: FastAPI): dev_origins = [ "http://localhost", "http://localhost:3000", + "http://127.0.0.1", + "http://127.0.0.1:3000", ] -stage_origins = ["https://stage.frontend.fsektionen.se"] +stage_origins = [ + "https://stage.frontend.fsektionen.se", + "http://localhost", + "http://localhost:3000", + "http://127.0.0.1", + "http://127.0.0.1:3000", +] production_origins = ["https://fsektionen.se"] diff --git a/routes/cafe_shift_router.py b/routes/cafe_shift_router.py index e25965c..c66c6e4 100644 --- a/routes/cafe_shift_router.py +++ b/routes/cafe_shift_router.py @@ -20,7 +20,7 @@ cafe_shift_router = APIRouter() -@cafe_shift_router.get("/view-shifts", dependencies=[Permission.member()], response_model=list[CafeShiftRead]) +@cafe_shift_router.get("/view-shifts", dependencies=[Permission.verified()], response_model=list[CafeShiftRead]) def view_all_shifts(db: DB_dependency): shifts = db.query(CafeShift_DB).all() return shifts @@ -36,7 +36,7 @@ def admin_view_shift(shift_id: int, db: DB_dependency): return shift -@cafe_shift_router.get("/{shift_id}", dependencies=[Permission.member()], response_model=CafeShiftRead) +@cafe_shift_router.get("/{shift_id}", dependencies=[Permission.verified()], response_model=CafeShiftRead) def view_shift(shift_id: int, db: DB_dependency): shift = db.query(CafeShift_DB).filter_by(id=shift_id).one_or_none() if shift is None: @@ -45,7 +45,7 @@ def view_shift(shift_id: int, db: DB_dependency): # Var tvungen att göra en fuling och göra detta till en POST för att kunna skicka med en JSON body. Det var problem med att parsa datetimes om de skickades med som fält. -@cafe_shift_router.post("/view-between-dates", dependencies=[Permission.member()], response_model=list[CafeShiftRead]) +@cafe_shift_router.post("/view-between-dates", dependencies=[Permission.verified()], response_model=list[CafeShiftRead]) def view_shifts_between_dates(data: CafeViewBetweenDates, db: DB_dependency): shifts = ( db.query(CafeShift_DB) @@ -178,7 +178,7 @@ def update_shift(shift_id: int, data: CafeShiftUpdate, db: DB_dependency): @cafe_shift_router.patch("/sign-up/{shift_id}", response_model=CafeShiftRead) -def signup_to_shift(shift_id: int, user: Annotated[User_DB, Permission.member()], db: DB_dependency): +def signup_to_shift(shift_id: int, user: Annotated[User_DB, Permission.verified()], db: DB_dependency): shift = db.query(CafeShift_DB).filter_by(id=shift_id).one_or_none() if shift is None: raise HTTPException(status.HTTP_404_NOT_FOUND) @@ -194,7 +194,7 @@ def signup_to_shift(shift_id: int, user: Annotated[User_DB, Permission.member()] @cafe_shift_router.patch("/sign-off/{shift_id}", response_model=CafeShiftRead) def signoff_from_shift( shift_id: int, - user: Annotated[User_DB, Permission.member()], + user: Annotated[User_DB, Permission.verified()], manage_permission: Annotated[bool, Permission.check("manage", "Cafe")], db: DB_dependency, ): diff --git a/user/permission.py b/user/permission.py index a4e59fa..9d08f44 100644 --- a/user/permission.py +++ b/user/permission.py @@ -32,6 +32,20 @@ def dependency(user: User_DB | None = Depends(current_verified_user)): return Depends(dependency) + @classmethod + def verified(cls): + # Use this dependency for routes that all verified users should access + def dependency(user: User_DB | None = Depends(current_verified_user)): + if user is None: + raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Not authenticated") + + if not user.is_verified: + raise HTTPException(status.HTTP_403_FORBIDDEN) + + return user + + return Depends(dependency) + @classmethod def member(cls): # Use this dependency for routes that only members should access