Mop/amap
1
0
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

add permission check for form productor and product

Browse Source
This commit is contained in:
Julien Aldon
2026-03-04 23:36:17 +01:00
parent 6679107b13
commit 5e413b11e0
8 changed files with 164 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
backend/src/forms/service.py
View File

@@ -108,12 +108,25 @@ def delete_one(session: Session, _id: int) -> models.FormPublic:
return result
def is_allowed(session: Session, user: models.User, _id: int) -> bool:
def is_allowed(
session: Session,
user: models.User,
_id: int = None,
form: models.FormCreate = None
) -> bool:
if not _id:
statement = (
select(models.Productor)
.where(models.Productor.id == form.productor_id)
)
productor = session.exec(statement).first()
return productor.type in [r.name for r in user.roles]
statement = (
select(models.Form)
.join(
models.Productor,
models.Form.productor_id == models.Productor.id)
models.Form.productor_id == models.Productor.id
)
.where(models.Form.id == _id)
.where(
models.Productor.type.in_(