add permission check for form productor and product

2026-03-04 23:36:17 +01:00
parent 6679107b13
commit 5e413b11e0
8 changed files with 164 additions and 59 deletions
--- a/backend/src/users/users.py
+++ b/backend/src/users/users.py
@@ -32,16 +32,18 @@ def get_roles(
    return service.get_roles(session)


-@router.get('/{id}', response_model=models.UserPublic)
-def get_users(
-    id: int,
+@router.get('/{_id}', response_model=models.UserPublic)
+def get_user(
+    _id: int,
    user: models.User = Depends(get_current_user),
    session: Session = Depends(get_session)
 ):
-    result = service.get_one(session, id)
+    result = service.get_one(session, _id)
    if result is None:
-        raise HTTPException(status_code=404,
-                            detail=messages.Messages.not_found('user'))
+        raise HTTPException(
+            status_code=404,
+            detail=messages.Messages.not_found('user')
+        )
    return result


@@ -54,22 +56,27 @@ def create_user(
    try:
        user = service.create_one(session, user)
    except exceptions.UserCreateError as error:
-        raise HTTPException(status_code=400, detail=str(error))
+        raise HTTPException(
+            status_code=400, 
+            detail=str(error)
+        ) from error
    return user


-@router.put('/{id}', response_model=models.UserPublic)
+@router.put('/{_id}', response_model=models.UserPublic)
 def update_user(
-    id: int,
+    _id: int,
    user: models.UserUpdate,
    logged_user: models.User = Depends(get_current_user),
    session: Session = Depends(get_session)
 ):
    try:
-        result = service.update_one(session, id, user)
+        result = service.update_one(session, _id, user)
    except exceptions.UserNotFoundError as error:
-        raise HTTPException(status_code=404,
-                            detail=messages.Messages.not_found('user'))
+        raise HTTPException(
+            status_code=404,
+            detail=messages.Messages.not_found('user')
+        ) from error
    return result


@@ -82,6 +89,8 @@ def delete_user(
    try:
        result = service.delete_one(session, id)
    except exceptions.UserNotFoundError as error:
-        raise HTTPException(status_code=404,
-                            detail=messages.Messages.not_found('user'))
+        raise HTTPException(
+            status_code=404,
+            detail=messages.Messages.not_found('user')
+        ) from error
    return result