pikram/user-microservice
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Corrected error handling during access validation

Browse Source
This commit is contained in:
Marcin-Ramotowski 2025-03-15 19:08:59 +00:00
parent 0171c62650
commit 822ca69ccb
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
api/user_views.py
View File

@ -8,14 +8,20 @@ user_bp = Blueprint('user_bp', __name__)
def admin_required(user_id): def admin_required(user_id):
user = User.query.get(user_id) user = User.query.get(user_id)
if user is None or user.role != "Administrator": if user is None or user.role != "Administrator":
return jsonify({'error': f'Access denied.'}), 403 abort(403, {'error': f'Access denied.'})
def validate_access(owner_id): def validate_access(owner_id):
# Check if user try to access or edit resource that does not belong to them # Check if user try to access or edit resource that does not belong to them
logged_user_id = int(get_jwt_identity()) logged_user_id = int(get_jwt_identity())
logged_user_role = User.query.get(logged_user_id).role logged_user_role = User.query.get(logged_user_id).role
if logged_user_role != "Administrator" and logged_user_id != owner_id: if logged_user_role != "Administrator" and logged_user_id != owner_id:
return jsonify({'error': f'Access denied.'}), 403 abort(403, {'error': f'Access denied.'})
@user_bp.errorhandler(403)
def forbidden_error(error):
response = jsonify(error.description)
response.status_code = 403
return response
@user_bp.route('/users', methods=['GET']) @user_bp.route('/users', methods=['GET'])
@jwt_required() @jwt_required()