diff --git a/main.py b/main.py index 1a20e3fd..b5dcd00e 100644 --- a/main.py +++ b/main.py @@ -50,9 +50,17 @@ async def lifespan(app: FastAPI): dev_origins = [ "http://localhost", "http://localhost:3000", + "http://127.0.0.1", + "http://127.0.0.1:3000", ] -stage_origins = ["https://stage.frontend.fsektionen.se"] +stage_origins = [ + "https://stage.frontend.fsektionen.se", + "http://localhost", + "http://localhost:3000", + "http://127.0.0.1", + "http://127.0.0.1:3000", +] production_origins = ["https://fsektionen.se"] diff --git a/routes/cafe_shift_router.py b/routes/cafe_shift_router.py index e25965c4..c66c6e49 100644 --- a/routes/cafe_shift_router.py +++ b/routes/cafe_shift_router.py @@ -20,7 +20,7 @@ cafe_shift_router = APIRouter() -@cafe_shift_router.get("/view-shifts", dependencies=[Permission.member()], response_model=list[CafeShiftRead]) +@cafe_shift_router.get("/view-shifts", dependencies=[Permission.verified()], response_model=list[CafeShiftRead]) def view_all_shifts(db: DB_dependency): shifts = db.query(CafeShift_DB).all() return shifts @@ -36,7 +36,7 @@ def admin_view_shift(shift_id: int, db: DB_dependency): return shift -@cafe_shift_router.get("/{shift_id}", dependencies=[Permission.member()], response_model=CafeShiftRead) +@cafe_shift_router.get("/{shift_id}", dependencies=[Permission.verified()], response_model=CafeShiftRead) def view_shift(shift_id: int, db: DB_dependency): shift = db.query(CafeShift_DB).filter_by(id=shift_id).one_or_none() if shift is None: @@ -45,7 +45,7 @@ def view_shift(shift_id: int, db: DB_dependency): # Var tvungen att göra en fuling och göra detta till en POST för att kunna skicka med en JSON body. Det var problem med att parsa datetimes om de skickades med som fält. -@cafe_shift_router.post("/view-between-dates", dependencies=[Permission.member()], response_model=list[CafeShiftRead]) +@cafe_shift_router.post("/view-between-dates", dependencies=[Permission.verified()], response_model=list[CafeShiftRead]) def view_shifts_between_dates(data: CafeViewBetweenDates, db: DB_dependency): shifts = ( db.query(CafeShift_DB) @@ -178,7 +178,7 @@ def update_shift(shift_id: int, data: CafeShiftUpdate, db: DB_dependency): @cafe_shift_router.patch("/sign-up/{shift_id}", response_model=CafeShiftRead) -def signup_to_shift(shift_id: int, user: Annotated[User_DB, Permission.member()], db: DB_dependency): +def signup_to_shift(shift_id: int, user: Annotated[User_DB, Permission.verified()], db: DB_dependency): shift = db.query(CafeShift_DB).filter_by(id=shift_id).one_or_none() if shift is None: raise HTTPException(status.HTTP_404_NOT_FOUND) @@ -194,7 +194,7 @@ def signup_to_shift(shift_id: int, user: Annotated[User_DB, Permission.member()] @cafe_shift_router.patch("/sign-off/{shift_id}", response_model=CafeShiftRead) def signoff_from_shift( shift_id: int, - user: Annotated[User_DB, Permission.member()], + user: Annotated[User_DB, Permission.verified()], manage_permission: Annotated[bool, Permission.check("manage", "Cafe")], db: DB_dependency, ): diff --git a/user/permission.py b/user/permission.py index a4e59fae..9d08f44e 100644 --- a/user/permission.py +++ b/user/permission.py @@ -32,6 +32,20 @@ def dependency(user: User_DB | None = Depends(current_verified_user)): return Depends(dependency) + @classmethod + def verified(cls): + # Use this dependency for routes that all verified users should access + def dependency(user: User_DB | None = Depends(current_verified_user)): + if user is None: + raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Not authenticated") + + if not user.is_verified: + raise HTTPException(status.HTTP_403_FORBIDDEN) + + return user + + return Depends(dependency) + @classmethod def member(cls): # Use this dependency for routes that only members should access