Update
This commit is contained in:
@@ -12,9 +12,22 @@ def get_current_user(credentials: HTTPAuthorizationCredentials = Depends(securit
|
||||
with Session(engine) as session:
|
||||
query = select(User).where(User.username == payload["username"]).limit(1)
|
||||
user: User = session.exec(query).first()
|
||||
if user == None:
|
||||
if user is None:
|
||||
raise HTTPException(
|
||||
status_code = status.HTTP_401_UNAUTHORIZED,
|
||||
detail="Credenciales invalidas"
|
||||
)
|
||||
return user
|
||||
if user.password_version != payload["pwd_v"]:
|
||||
raise HTTPException(
|
||||
status_code = status.HTTP_401_UNAUTHORIZED,
|
||||
detail = "Credenciales invalidas"
|
||||
)
|
||||
return user
|
||||
|
||||
def get_staff_user(user: User = Depends(get_current_user)) -> User:
|
||||
if not user.is_staff:
|
||||
raise HTTPException(
|
||||
status_code = status.HTTP_403_FORBIDDEN,
|
||||
detail = "This user needs to be an Staff to access this resource"
|
||||
)
|
||||
return user
|
||||
|
||||
Reference in New Issue
Block a user