add permission check for form productor and product

2026-03-04 23:36:17 +01:00
parent 6679107b13
commit 5e413b11e0
8 changed files with 164 additions and 59 deletions
--- a/backend/src/products/service.py
+++ b/backend/src/products/service.py
@@ -85,3 +85,32 @@ def delete_one(session: Session, id: int) -> models.ProductPublic:
    session.delete(product)
    session.commit()
    return result
+
+def is_allowed(
+    session: Session, 
+    user: models.User, 
+    _id: int, 
+    product: models.ProductCreate
+) -> bool:
+    if not _id:
+        statement = (
+            select(models.Product)
+            .join(
+                models.Productor,
+                models.Product.productor_id == models.Productor.id
+            )
+            .where(models.Product.id == product.productor_id)
+        )
+        productor = session.exec(statement).first()
+        return productor.type in [r.name for r in user.roles]
+    statement = (
+        select(models.Product)
+        .join(
+            models.Productor,
+            models.Product.productor_id == models.Productor.id
+        )
+        .where(models.Product.id == _id)
+        .where(models.Productor.type.in_([r.name for r in user.roles]))
+        .distinct()
+    )
+    return len(session.exec(statement).all()) > 0