member/member-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0bc667847de64673cd980afe1c128355b0b6f37d
member-backend/app/security/admin_guard.py

23 lines
867 B
Python
Raw Blame History

from fastapi import Depends, HTTPException, status
from app.core.config import get_settings
from app.schemas.auth import KeycloakPrincipal
from app.security.idp_jwt import require_authenticated_principal
def require_admin_principal(
principal: KeycloakPrincipal = Depends(require_authenticated_principal),
) -> KeycloakPrincipal:
settings = get_settings()
required_groups = {group.lower() for group in settings.admin_required_groups}
if not required_groups:
raise HTTPException(status_code=status.HTTP_503_SERVICE_UNAVAILABLE, detail="admin_policy_not_configured")
principal_groups = {group.lower() for group in principal.groups}
group_ok = bool(required_groups.intersection(principal_groups))
if not group_ok:
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="admin_forbidden")
return principal
Reference in New Issue View Git Blame Copy Permalink