context user fix

2022-12-01 15:45:19 +01:00
parent 8464398aaf
commit 25924ac136
13 changed files with 190 additions and 174 deletions
--- a/resolvers/create/collab.py
+++ b/resolvers/create/collab.py
@@ -1,4 +1,5 @@
 from auth.authenticate import login_required
+from auth.credentials import AuthCredentials
 from base.orm import local_session
 from base.resolvers import query, mutation
 from base.exceptions import ObjectNotExist, BaseHttpException
@@ -10,26 +11,28 @@ from orm.user import User
@query.field("getCollabs")
@login_required
 async def get_collabs(_, info):
-    user = info.context["request"].user
+    auth: AuthCredentials = info.context["request"].auth
+
    with local_session() as session:
-        collabs = session.query(Collab).filter(user.slug in Collab.authors)
+        collabs = session.query(Collab).filter(auth.user_id in Collab.authors)
        return collabs


@mutation.field("inviteCoauthor")
@login_required
 async def invite_coauthor(_, info, author: str, shout: int):
-    user = info.context["request"].user
+    auth: AuthCredentials = info.context["request"].auth
+
    with local_session() as session:
        s = session.query(Shout).where(Shout.id == shout).one()
        if not s:
            raise ObjectNotExist("invalid shout id")
        else:
            c = session.query(Collab).where(Collab.shout == shout).one()
-            if user.slug not in c.authors:
+            if auth.user_id not in c.authors:
                raise BaseHttpException("you are not in authors list")
            else:
-                invited_user = session.query(User).where(User.slug == author).one()
+                invited_user = session.query(User).where(User.id == author).one()
                c.invites.append(invited_user)
                session.add(c)
                session.commit()
@@ -41,16 +44,17 @@ async def invite_coauthor(_, info, author: str, shout: int):
@mutation.field("removeCoauthor")
@login_required
 async def remove_coauthor(_, info, author: str, shout: int):
-    user = info.context["request"].user
+    auth: AuthCredentials = info.context["request"].auth
+
    with local_session() as session:
        s = session.query(Shout).where(Shout.id == shout).one()
        if not s:
            raise ObjectNotExist("invalid shout id")
-        if user.slug != s.createdBy.slug:
-            raise BaseHttpException("only onwer can remove coauthors")
+        if auth.user_id != s.createdBy:
+            raise BaseHttpException("only owner can remove coauthors")
        else:
            c = session.query(Collab).where(Collab.shout == shout).one()
-            ca = session.query(CollabAuthor).where(c.shout == shout, c.author == author).one()
+            ca = session.query(CollabAuthor).join(User).where(c.shout == shout, User.slug == author).one()
            session.remve(ca)
            c.invites = filter(lambda x: x.slug == author, c.invites)
            c.authors = filter(lambda x: x.slug == author, c.authors)
@@ -64,14 +68,15 @@ async def remove_coauthor(_, info, author: str, shout: int):
@mutation.field("acceptCoauthor")
@login_required
 async def accept_coauthor(_, info, shout: int):
-    user = info.context["request"].user
+    auth: AuthCredentials = info.context["request"].auth
+
    with local_session() as session:
        s = session.query(Shout).where(Shout.id == shout).one()
        if not s:
            raise ObjectNotExist("invalid shout id")
        else:
            c = session.query(Collab).where(Collab.shout == shout).one()
-            accepted = filter(lambda x: x.slug == user.slug, c.invites).pop()
+            accepted = filter(lambda x: x.id == auth.user_id, c.invites).pop()
            if accepted:
                c.authors.append(accepted)
                s.authors.append(accepted)