37 lines
1.2 KiB
Python
37 lines
1.2 KiB
Python
from __future__ import annotations
|
|
|
|
from collections.abc import Callable
|
|
|
|
from fastapi import Depends, HTTPException, status
|
|
|
|
from app.api.dependencies.auth import get_current_user
|
|
from app.schemas.auth import AuthenticatedUser
|
|
|
|
|
|
def require_permission(permission_name: str) -> Callable[..., AuthenticatedUser]:
|
|
"""Create a dependency that enforces a translated permission flag.
|
|
|
|
The flag names intentionally match `PermissionContextRead` fields so
|
|
reviewers can trace permission checks end to end without indirection.
|
|
"""
|
|
|
|
async def dependency(
|
|
current_user: AuthenticatedUser = Depends(get_current_user),
|
|
) -> AuthenticatedUser:
|
|
if not hasattr(current_user.permissions, permission_name):
|
|
raise HTTPException(
|
|
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
|
|
detail=f"Unknown permission flag '{permission_name}'.",
|
|
)
|
|
|
|
if not getattr(current_user.permissions, permission_name):
|
|
raise HTTPException(
|
|
status_code=status.HTTP_403_FORBIDDEN,
|
|
detail=f"Missing permission '{permission_name}'.",
|
|
)
|
|
|
|
return current_user
|
|
|
|
return dependency
|
|
|