Use proper HTTP status codes
This commit is contained in:
Sebastiaan
@@ -1,6 +1,6 @@
|
||||
from typing import Any
|
||||
|
||||
from fastapi import APIRouter, HTTPException
|
||||
from fastapi import APIRouter, HTTPException, status
|
||||
from sqlmodel import func, select
|
||||
|
||||
from app.api.deps import CurrentUser, SessionDep
|
||||
@@ -83,14 +83,14 @@ def read_event(session: SessionDep, current_user: CurrentUser, id: RowId) -> Any
|
||||
"""
|
||||
event = session.get(Event, id)
|
||||
if not event:
|
||||
raise HTTPException(status_code=404, detail="Event not found")
|
||||
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Event not found")
|
||||
|
||||
if not current_user.has_permissions(
|
||||
module=PermissionModule.EVENT,
|
||||
part=PermissionPart.ADMIN,
|
||||
rights=PermissionRight.READ,
|
||||
) and not (event.user_has_rights(user=current_user, rights=PermissionRight.READ)):
|
||||
raise HTTPException(status_code=403, detail="Not enough permissions")
|
||||
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Not enough permissions")
|
||||
|
||||
return event
|
||||
|
||||
@@ -107,7 +107,7 @@ def create_event(
|
||||
part=PermissionPart.ADMIN,
|
||||
rights=PermissionRight.CREATE,
|
||||
):
|
||||
raise HTTPException(status_code=403, detail="Not enough permissions")
|
||||
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Not enough permissions")
|
||||
|
||||
event = Event.create(create_obj=event_in, session=session)
|
||||
event.add_user(user=current_user, rights=PermissionRight.ADMIN, session=session)
|
||||
@@ -127,14 +127,14 @@ def update_event(
|
||||
"""
|
||||
event = session.get(Event, id)
|
||||
if not event:
|
||||
raise HTTPException(status_code=404, detail="Event not found")
|
||||
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Event not found")
|
||||
|
||||
if not current_user.has_permissions(
|
||||
module=PermissionModule.EVENT,
|
||||
part=PermissionPart.ADMIN,
|
||||
rights=PermissionRight.UPDATE,
|
||||
) and not (event.user_has_rights(user=current_user, rights=PermissionRight.UPDATE)):
|
||||
raise HTTPException(status_code=403, detail="Not enough permissions")
|
||||
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Not enough permissions")
|
||||
|
||||
return Event.update(db_obj=event, in_obj=event_in, session=session)
|
||||
|
||||
@@ -150,14 +150,14 @@ def delete_event(
|
||||
"""
|
||||
event = session.get(Event, id)
|
||||
if not event:
|
||||
raise HTTPException(status_code=404, detail="Event not found")
|
||||
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Event not found")
|
||||
|
||||
if not current_user.has_permissions(
|
||||
module=PermissionModule.EVENT,
|
||||
part=PermissionPart.ADMIN,
|
||||
rights=PermissionRight.DELETE,
|
||||
) and not (event.user_has_rights(user=current_user, rights=PermissionRight.DELETE)):
|
||||
raise HTTPException(status_code=403, detail="Not enough permissions")
|
||||
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Not enough permissions")
|
||||
|
||||
session.delete(event)
|
||||
session.commit()
|
||||
@@ -180,14 +180,14 @@ def read_event_users(
|
||||
|
||||
event = session.get(Event, event_id)
|
||||
if not event:
|
||||
raise HTTPException(status_code=404, detail="Event not found")
|
||||
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Event not found")
|
||||
|
||||
if not current_user.has_permissions(
|
||||
module=PermissionModule.EVENT,
|
||||
part=PermissionPart.ADMIN,
|
||||
rights=PermissionRight.MANAGE_USERS,
|
||||
) and not (event.user_has_rights(user=current_user, rights=PermissionRight.MANAGE_USERS)):
|
||||
raise HTTPException(status_code=403, detail="Not enough permissions")
|
||||
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Not enough permissions")
|
||||
|
||||
count_statement = (select(func.count())
|
||||
.select_from(EventUserLink)
|
||||
@@ -217,26 +217,26 @@ def create_event_user(
|
||||
|
||||
if user_in.rights & ~PermissionRight.ADMIN:
|
||||
# FIXME: find a proper richts checker
|
||||
raise HTTPException(status_code=400, detail="Invalid permission rights")
|
||||
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Invalid permission rights")
|
||||
|
||||
event = session.get(Event, event_id)
|
||||
if not event:
|
||||
raise HTTPException(status_code=404, detail="Event not found")
|
||||
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Event not found")
|
||||
|
||||
if not current_user.has_permissions(
|
||||
module=PermissionModule.EVENT,
|
||||
part=PermissionPart.ADMIN,
|
||||
rights=PermissionRight.MANAGE_USERS,
|
||||
) and not (event.user_has_rights(user=current_user, rights=(PermissionRight.MANAGE_USERS | user_in.rights))):
|
||||
raise HTTPException(status_code=403, detail="Not enough permissions")
|
||||
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Not enough permissions")
|
||||
|
||||
user = session.get(User, user_in.user_id)
|
||||
if not user:
|
||||
raise HTTPException(status_code=404, detail="User not found")
|
||||
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="User not found")
|
||||
|
||||
user_link = event.get_user_link(user)
|
||||
if user_link:
|
||||
raise HTTPException(status_code=400, detail="User already part of this event")
|
||||
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="User already part of this event")
|
||||
|
||||
return event.add_user(user=user, rights=user_in.rights, session=session)
|
||||
|
||||
@@ -255,27 +255,27 @@ def update_user_in_event(
|
||||
|
||||
event = session.get(Event, event_id)
|
||||
if not event:
|
||||
raise HTTPException(status_code=404, detail="Event not found")
|
||||
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Event not found")
|
||||
|
||||
user = session.get(User, user_id)
|
||||
if not user:
|
||||
raise HTTPException(status_code=404, detail="User not found")
|
||||
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="User not found")
|
||||
|
||||
valid_flags = sum(flag.value for flag in PermissionRight)
|
||||
if user_in.rights & ~valid_flags:
|
||||
# FIXME: find a proper richts checker
|
||||
raise HTTPException(status_code=400, detail="Invalid permission rights")
|
||||
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Invalid permission rights")
|
||||
|
||||
if not current_user.has_permissions(
|
||||
module=PermissionModule.EVENT,
|
||||
part=PermissionPart.ADMIN,
|
||||
rights=PermissionRight.MANAGE_USERS,
|
||||
) and not (event.user_has_rights(user=current_user, rights=(PermissionRight.MANAGE_USERS | user_in.rights))):
|
||||
raise HTTPException(status_code=403, detail="Not enough permissions")
|
||||
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Not enough permissions")
|
||||
|
||||
user_link = event.get_user_link(user)
|
||||
if not user_link:
|
||||
raise HTTPException(status_code=404, detail="User is not part of this event")
|
||||
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="User is not part of this event")
|
||||
|
||||
return event.update_user(user=user, rights=user_in.rights, session=session)
|
||||
|
||||
@@ -289,11 +289,11 @@ def remove_user_from_event(
|
||||
"""
|
||||
event = session.get(Event, event_id)
|
||||
if not event:
|
||||
raise HTTPException(status_code=404, detail="Event not found")
|
||||
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Event not found")
|
||||
|
||||
user = session.get(User, user_id)
|
||||
if not user:
|
||||
raise HTTPException(status_code=404, detail="User not found")
|
||||
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="User not found")
|
||||
|
||||
if not current_user.has_permissions(
|
||||
module=PermissionModule.EVENT,
|
||||
@@ -301,14 +301,14 @@ def remove_user_from_event(
|
||||
rights=PermissionRight.MANAGE_USERS,
|
||||
):
|
||||
if current_user.id == user.id:
|
||||
raise HTTPException(status_code=403, detail="Users are not allowed to delete themselves when they are not an super admin")
|
||||
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Users are not allowed to delete themselves when they are not an super admin")
|
||||
|
||||
if not event.user_has_rights(user=current_user, rights=PermissionRight.MANAGE_USERS):
|
||||
raise HTTPException(status_code=403, detail="Not enough permissions")
|
||||
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Not enough permissions")
|
||||
|
||||
user_link = event.get_user_link(user)
|
||||
if not user_link:
|
||||
raise HTTPException(status_code=404, detail="User is not part of this event")
|
||||
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="User is not part of this event")
|
||||
|
||||
event.remove_user(user=user, session=session)
|
||||
return Message(
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
from datetime import timedelta
|
||||
from typing import Annotated, Any
|
||||
|
||||
from fastapi import APIRouter, Depends, HTTPException
|
||||
from fastapi import APIRouter, Depends, HTTPException, status
|
||||
from fastapi.responses import HTMLResponse
|
||||
from fastapi.security import OAuth2PasswordRequestForm
|
||||
|
||||
@@ -33,9 +33,9 @@ def login_access_token(
|
||||
session=session, email=form_data.username, password=form_data.password
|
||||
)
|
||||
if not user:
|
||||
raise HTTPException(status_code=400, detail="Incorrect email or password")
|
||||
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Incorrect email or password")
|
||||
elif not user.is_active:
|
||||
raise HTTPException(status_code=400, detail="Inactive user")
|
||||
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Inactive user")
|
||||
access_token_expires = timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
|
||||
return Token(
|
||||
access_token=security.create_access_token(
|
||||
@@ -54,9 +54,9 @@ def login_apikey(
|
||||
"""
|
||||
user = ApiKey.authenticate(session=session, api_key=api_key)
|
||||
if not user:
|
||||
raise HTTPException(status_code=400, detail="Incorrect apikey")
|
||||
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Incorrect apikey")
|
||||
elif not user.is_active:
|
||||
raise HTTPException(status_code=400, detail="Inactive user")
|
||||
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Inactive user")
|
||||
access_token_expires = timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
|
||||
return Token(
|
||||
access_token=security.create_access_token(
|
||||
@@ -82,7 +82,7 @@ def recover_password(email: str, session: SessionDep) -> Message:
|
||||
|
||||
if not user:
|
||||
raise HTTPException(
|
||||
status_code=404,
|
||||
status_code=status.HTTP_404_NOT_FOUND,
|
||||
detail="The user with this email does not exist in the system.",
|
||||
)
|
||||
password_reset_token = generate_password_reset_token(email=email)
|
||||
@@ -104,15 +104,15 @@ def reset_password(session: SessionDep, body: NewPassword) -> Message:
|
||||
"""
|
||||
email = verify_password_reset_token(token=body.token)
|
||||
if not email:
|
||||
raise HTTPException(status_code=400, detail="Invalid token")
|
||||
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Invalid token")
|
||||
user = User.get_by_email(session=session, email=email)
|
||||
if not user:
|
||||
raise HTTPException(
|
||||
status_code=404,
|
||||
status_code=status.HTTP_404_NOT_FOUND,
|
||||
detail="The user with this email does not exist in the system.",
|
||||
)
|
||||
elif not user.is_active:
|
||||
raise HTTPException(status_code=400, detail="Inactive user")
|
||||
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Inactive user")
|
||||
hashed_password = get_password_hash(password=body.new_password)
|
||||
user.hashed_password = hashed_password
|
||||
session.add(user)
|
||||
@@ -133,7 +133,7 @@ def recover_password_html_content(email: str, session: SessionDep) -> Any:
|
||||
|
||||
if not user:
|
||||
raise HTTPException(
|
||||
status_code=404,
|
||||
status_code=status.HTTP_404_NOT_FOUND,
|
||||
detail="The user with this username does not exist in the system.",
|
||||
)
|
||||
password_reset_token = generate_password_reset_token(email=email)
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
from typing import Any
|
||||
|
||||
from fastapi import APIRouter, HTTPException
|
||||
from fastapi import APIRouter, HTTPException, status
|
||||
from sqlmodel import func, select
|
||||
|
||||
from app.api.deps import CurrentUser, SessionDep
|
||||
@@ -86,18 +86,18 @@ def read_team(session: SessionDep, current_user: CurrentUser, id: RowId) -> Any:
|
||||
"""
|
||||
team = session.get(Team, id)
|
||||
if not team:
|
||||
raise HTTPException(status_code=404, detail="Team not found")
|
||||
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Team not found")
|
||||
|
||||
event = session.get(Event, team.event_id)
|
||||
if not event:
|
||||
raise HTTPException(status_code=404, detail="Event not found")
|
||||
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Event not found")
|
||||
|
||||
if not current_user.has_permissions(
|
||||
module=PermissionModule.TEAM,
|
||||
part=PermissionPart.ADMIN,
|
||||
rights=PermissionRight.READ,
|
||||
) and not (event.user_has_rights(user=current_user, rights=PermissionRight.MANAGE_TEAMS)):
|
||||
raise HTTPException(status_code=403, detail="Not enough permissions")
|
||||
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Not enough permissions")
|
||||
|
||||
return team
|
||||
|
||||
@@ -112,14 +112,14 @@ def create_team(
|
||||
|
||||
event = session.get(Event, team_in.event_id)
|
||||
if not event:
|
||||
raise HTTPException(status_code=404, detail="Event not found")
|
||||
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Event not found")
|
||||
|
||||
if not current_user.has_permissions(
|
||||
module=PermissionModule.TEAM,
|
||||
part=PermissionPart.ADMIN,
|
||||
rights=PermissionRight.UPDATE,
|
||||
) and not (event.user_has_rights(user=current_user, rights=PermissionRight.MANAGE_TEAMS)):
|
||||
raise HTTPException(status_code=403, detail="Not enough permissions")
|
||||
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Not enough permissions")
|
||||
|
||||
team = Team.create(create_obj=team_in, session=session)
|
||||
return team
|
||||
@@ -134,32 +134,32 @@ def update_team(
|
||||
"""
|
||||
team = session.get(Team, id)
|
||||
if not team:
|
||||
raise HTTPException(status_code=404, detail="Team not found")
|
||||
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Team not found")
|
||||
|
||||
# Check user's permissions for the existing event
|
||||
event = session.get(Event, team.event_id)
|
||||
if not event:
|
||||
raise HTTPException(status_code=404, detail="Event not found")
|
||||
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Event not found")
|
||||
|
||||
if not current_user.has_permissions(
|
||||
module=PermissionModule.TEAM,
|
||||
part=PermissionPart.ADMIN,
|
||||
rights=PermissionRight.UPDATE,
|
||||
) and not (event.user_has_rights(user=current_user, rights=PermissionRight.MANAGE_TEAMS)):
|
||||
raise HTTPException(status_code=403, detail="Not enough permissions")
|
||||
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Not enough permissions")
|
||||
|
||||
# Check rights for the new event data
|
||||
if team_in.event_id:
|
||||
event = session.get(Event, team_in.event_id)
|
||||
if not event:
|
||||
raise HTTPException(status_code=404, detail="New event not found")
|
||||
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="New event not found")
|
||||
|
||||
if not current_user.has_permissions(
|
||||
module=PermissionModule.TEAM,
|
||||
part=PermissionPart.ADMIN,
|
||||
rights=PermissionRight.UPDATE,
|
||||
) and not (event.user_has_rights(user=current_user, rights=PermissionRight.MANAGE_TEAMS)):
|
||||
raise HTTPException(status_code=403, detail="Not enough permissions")
|
||||
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Not enough permissions")
|
||||
|
||||
# Update the team
|
||||
team = Team.update(db_obj=team, in_obj=team_in, session=session)
|
||||
@@ -173,18 +173,18 @@ def delete_team(session: SessionDep,current_user: CurrentUser, id: RowId) -> Mes
|
||||
"""
|
||||
team = session.get(Team, id)
|
||||
if not team:
|
||||
raise HTTPException(status_code=404, detail="Team not found")
|
||||
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Team not found")
|
||||
|
||||
event = session.get(Event, team.event_id)
|
||||
if not event:
|
||||
raise HTTPException(status_code=404, detail="Event not found")
|
||||
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Event not found")
|
||||
|
||||
if not current_user.has_permissions(
|
||||
module=PermissionModule.TEAM,
|
||||
part=PermissionPart.ADMIN,
|
||||
rights=PermissionRight.DELETE,
|
||||
) and not (event.user_has_rights(user=current_user, rights=PermissionRight.MANAGE_TEAMS)):
|
||||
raise HTTPException(status_code=403, detail="Not enough permissions")
|
||||
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Not enough permissions")
|
||||
|
||||
session.delete(team)
|
||||
session.commit()
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
import uuid
|
||||
from typing import Any
|
||||
|
||||
from fastapi import APIRouter, Depends, HTTPException
|
||||
from fastapi import APIRouter, Depends, HTTPException, status
|
||||
from sqlmodel import func, select
|
||||
|
||||
from app.api.deps import (
|
||||
@@ -66,7 +66,7 @@ def create_user(*, session: SessionDep, user_in: UserCreate) -> Any:
|
||||
user = User.get_by_email(session=session, email=user_in.email)
|
||||
if user:
|
||||
raise HTTPException(
|
||||
status_code=400,
|
||||
status_code=status.HTTP_400_BAD_REQUEST,
|
||||
detail="The user with this email already exists in the system.",
|
||||
)
|
||||
|
||||
@@ -95,7 +95,7 @@ def update_user_me(
|
||||
existing_user = User.get_by_email(session=session, email=user_in.email)
|
||||
if existing_user and existing_user.id != current_user.id:
|
||||
raise HTTPException(
|
||||
status_code=409, detail="User with this email already exists"
|
||||
status_code=status.HTTP_409_CONFLICT, detail="User with this email already exists"
|
||||
)
|
||||
user_data = user_in.model_dump(exclude_unset=True)
|
||||
current_user.sqlmodel_update(user_data)
|
||||
@@ -113,10 +113,10 @@ def update_password_me(
|
||||
Update own password.
|
||||
"""
|
||||
if not verify_password(body.current_password, current_user.hashed_password):
|
||||
raise HTTPException(status_code=400, detail="Incorrect password")
|
||||
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Incorrect password")
|
||||
if body.current_password == body.new_password:
|
||||
raise HTTPException(
|
||||
status_code=400, detail="New password cannot be the same as the current one"
|
||||
status_code=status.HTTP_400_BAD_REQUEST, detail="New password cannot be the same as the current one"
|
||||
)
|
||||
hashed_password = get_password_hash(body.new_password)
|
||||
current_user.hashed_password = hashed_password
|
||||
@@ -184,7 +184,7 @@ def delete_apikey_me(
|
||||
session.commit()
|
||||
return Message(message="Api key deleted successfully")
|
||||
|
||||
raise HTTPException(status_code=404, detail="API key not found")
|
||||
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="API key not found")
|
||||
|
||||
|
||||
@router.get("/me", response_model=UserPublic)
|
||||
@@ -206,7 +206,7 @@ def delete_user_me(session: SessionDep, current_user: CurrentUser) -> Any:
|
||||
rights=PermissionRight.DELETE,
|
||||
):
|
||||
raise HTTPException(
|
||||
status_code=403, detail="Super users are not allowed to delete themselves"
|
||||
status_code=status.HTTP_403_FORBIDDEN, detail="Super users are not allowed to delete themselves"
|
||||
)
|
||||
session.delete(current_user)
|
||||
session.commit()
|
||||
@@ -221,7 +221,7 @@ def register_user(session: SessionDep, user_in: UserRegister) -> Any:
|
||||
user = User.get_by_email(session=session, email=user_in.email)
|
||||
if user:
|
||||
raise HTTPException(
|
||||
status_code=400,
|
||||
status_code=status.HTTP_400_BAD_REQUEST,
|
||||
detail="The user with this email already exists in the system",
|
||||
)
|
||||
user_create = UserCreate.model_validate(user_in)
|
||||
@@ -245,7 +245,7 @@ def read_user_by_id(
|
||||
rights=PermissionRight.READ,
|
||||
):
|
||||
raise HTTPException(
|
||||
status_code=403,
|
||||
status_code=status.HTTP_403_FORBIDDEN,
|
||||
detail="The user doesn't have enough privileges",
|
||||
)
|
||||
return user
|
||||
@@ -269,14 +269,14 @@ def update_user(
|
||||
db_user = session.get(User, user_id)
|
||||
if not db_user:
|
||||
raise HTTPException(
|
||||
status_code=404,
|
||||
status_code=status.HTTP_404_NOT_FOUND,
|
||||
detail="The user with this id does not exist in the system",
|
||||
)
|
||||
if user_in.email:
|
||||
existing_user = User.get_by_email(session=session, email=user_in.email)
|
||||
if existing_user and existing_user.id != user_id:
|
||||
raise HTTPException(
|
||||
status_code=409, detail="User with this email already exists"
|
||||
status_code=status.HTTP_409_CONFLICT, detail="User with this email already exists"
|
||||
)
|
||||
|
||||
db_user = User.update(session=session, db_obj=db_user, in_obj=user_in)
|
||||
@@ -292,10 +292,10 @@ def delete_user(
|
||||
"""
|
||||
user = session.get(User, user_id)
|
||||
if not user:
|
||||
raise HTTPException(status_code=404, detail="User not found")
|
||||
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="User not found")
|
||||
if user == current_user:
|
||||
raise HTTPException(
|
||||
status_code=403, detail="Super users are not allowed to delete themselves"
|
||||
status_code=status.HTTP_403_FORBIDDEN, detail="Super users are not allowed to delete themselves"
|
||||
)
|
||||
# statement = delete(Item).where(col(Item.owner_id) == user_id)
|
||||
# session.exec(statement) # type: ignore
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
from fastapi import APIRouter, Depends
|
||||
from fastapi import APIRouter, Depends, status
|
||||
from pydantic.networks import EmailStr
|
||||
|
||||
from app.api.deps import get_current_system_admin
|
||||
@@ -11,7 +11,7 @@ router = APIRouter(prefix="/utils", tags=[ApiTags.UTILS])
|
||||
@router.post(
|
||||
"/test-email/",
|
||||
dependencies=[Depends(get_current_system_admin)],
|
||||
status_code=201,
|
||||
status_code=status.HTTP_201_CREATED,
|
||||
)
|
||||
def test_email(email_to: EmailStr) -> Message:
|
||||
"""
|
||||
|
||||
Reference in New Issue
Block a user