fix: add _inject_user to rbac module for OPC routers
This commit is contained in:
@@ -4,7 +4,7 @@ import threading
|
|||||||
import tempfile
|
import tempfile
|
||||||
from typing import Optional
|
from typing import Optional
|
||||||
from pydantic import BaseModel
|
from pydantic import BaseModel
|
||||||
from fastapi import HTTPException, Request, status
|
from fastapi import HTTPException, Request, status, Depends
|
||||||
|
|
||||||
import config
|
import config
|
||||||
|
|
||||||
@@ -136,3 +136,16 @@ def require_write():
|
|||||||
if user.role == "viewer" and request.method != "GET":
|
if user.role == "viewer" and request.method != "GET":
|
||||||
raise HTTPException(status_code=403, detail="Read-only access")
|
raise HTTPException(status_code=403, detail="Read-only access")
|
||||||
return checker
|
return checker
|
||||||
|
|
||||||
|
|
||||||
|
async def _inject_user(request: Request, user = Depends(lambda: None)):
|
||||||
|
"""Dependency to store user in request.state for rbac dependencies.
|
||||||
|
|
||||||
|
Note: This expects auth to be handled by a parent dependency.
|
||||||
|
Import auth module at runtime to avoid circular imports.
|
||||||
|
"""
|
||||||
|
if user is None:
|
||||||
|
import auth as auth_module
|
||||||
|
user = await auth_module.get_current_user(request)
|
||||||
|
request.state.user = user
|
||||||
|
return user
|
||||||
|
|||||||
Reference in New Issue
Block a user