f1c2b73ade
- Set up FastAPI project structure with SQLite and SQLAlchemy - Create models for users, books, authors, categories, and orders - Implement JWT authentication and authorization - Add CRUD endpoints for all resources - Set up Alembic for database migrations - Add health check endpoint - Add proper error handling and validation - Create comprehensive documentation
41 lines
1.0 KiB
Python
41 lines
1.0 KiB
Python
from fastapi import HTTPException, status
|
|
from sqlalchemy.orm import Session
|
|
|
|
from app.models.user import User
|
|
from app.models.order import Order
|
|
|
|
|
|
def verify_order_owner_or_admin(
|
|
order_id: int,
|
|
current_user: User,
|
|
db: Session,
|
|
) -> Order:
|
|
"""
|
|
Verify that the user owns the order or is an admin
|
|
|
|
Args:
|
|
order_id: The ID of the order to check
|
|
current_user: The current user
|
|
db: The database session
|
|
|
|
Returns:
|
|
The order if the user is authorized
|
|
|
|
Raises:
|
|
HTTPException: If the user is not authorized or the order doesn't exist
|
|
"""
|
|
order = db.query(Order).filter(Order.id == order_id).first()
|
|
if order is None:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_404_NOT_FOUND,
|
|
detail="Order not found",
|
|
)
|
|
|
|
if order.user_id != current_user.id and not current_user.is_admin:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_403_FORBIDDEN,
|
|
detail="Not enough permissions to access this order",
|
|
)
|
|
|
|
return order
|