From 36ad945637cbfa737fc03c53015970de7f7fdb05 Mon Sep 17 00:00:00 2001 From: Petitoto <27863028+Petitoto@users.noreply.github.com> Date: Wed, 13 Nov 2024 23:55:01 +0100 Subject: [PATCH] fix(advert): prevent non-admin users from creating advertisers (#616) ### Description - prevent non-admin users from creating advertisers - updated comment for `read_advertisers()` ### Checklist - [ ] Created tests which fail without the change (if possible) - [x] All tests passing - [ ] Extended the documentation, if necessary Co-authored-by: Petitoto --- app/modules/advert/endpoints_advert.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/app/modules/advert/endpoints_advert.py b/app/modules/advert/endpoints_advert.py index 0328effc5..6366e30a1 100644 --- a/app/modules/advert/endpoints_advert.py +++ b/app/modules/advert/endpoints_advert.py @@ -48,6 +48,8 @@ async def read_advertisers( ): """ Get existing advertisers. + + **The user must be authenticated to use this endpoint** """ return await cruds_advert.get_advertisers(db=db) @@ -61,14 +63,14 @@ async def read_advertisers( async def create_advertiser( advertiser: schemas_advert.AdvertiserBase, db: AsyncSession = Depends(get_db), - user: models_core.CoreUser = Depends(is_user_an_ecl_member), + user: models_core.CoreUser = Depends(is_user_a_member_of(GroupType.admin)), ): """ Create a new advertiser. Each advertiser is associated with a `manager_group`. Users belonging to this group are able to manage the adverts related to the advertiser. - **The user must be authenticated to use this endpoint** + **This endpoint is only usable by administrators** """ # We need to check that advertiser.group_manager_id is a valid group