From e8f1373b41d2bff47506bf382a77db0e71987b08 Mon Sep 17 00:00:00 2001 From: "Gan, Jimmy" Date: Tue, 31 Mar 2026 16:40:40 +0800 Subject: [PATCH] fix: add _inject_user to rbac module for OPC routers --- dashboard/backend/rbac.py | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/dashboard/backend/rbac.py b/dashboard/backend/rbac.py index 37ce289..1a88b5e 100644 --- a/dashboard/backend/rbac.py +++ b/dashboard/backend/rbac.py @@ -4,7 +4,7 @@ import threading import tempfile from typing import Optional from pydantic import BaseModel -from fastapi import HTTPException, Request, status +from fastapi import HTTPException, Request, status, Depends import config @@ -136,3 +136,16 @@ def require_write(): if user.role == "viewer" and request.method != "GET": raise HTTPException(status_code=403, detail="Read-only access") return checker + + +async def _inject_user(request: Request, user = Depends(lambda: None)): + """Dependency to store user in request.state for rbac dependencies. + + Note: This expects auth to be handled by a parent dependency. + Import auth module at runtime to avoid circular imports. + """ + if user is None: + import auth as auth_module + user = await auth_module.get_current_user(request) + request.state.user = user + return user