Updated with few changes in auth

2025-07-30 22:54:43 +00:00 · 2024-02-22 12:07:01 +05:45 · 2024-02-22 12:07:01 +05:45 · f3ba7a6dcb
commit f3ba7a6dcb
parent e1d3208740
4 changed files with 14 additions and 6 deletions
--- a/private_gpt/users/api/v1/routers/auth.py
+++ b/private_gpt/users/api/v1/routers/auth.py
@ -92,7 +92,6 @@ def ad_user_register(
    email: str,
    fullname: str,
    password: str,
-
 ) -> models.User:
    """
    Register a new user in the database. Company id is directly given here.
--- a/private_gpt/users/api/v1/routers/departments.py
+++ b/private_gpt/users/api/v1/routers/departments.py
@ -20,7 +20,6 @@ def list_deparments(
    limit: int = 100,
    current_user: models.User = Security(
        deps.get_current_user,
-        scopes=[Role.SUPER_ADMIN["name"]],
    ),
 ) -> List[schemas.Department]:
    """
--- a/private_gpt/users/api/v1/routers/documents.py
+++ b/private_gpt/users/api/v1/routers/documents.py
@ -24,7 +24,7 @@ def list_files(
    limit: int = 100,
    current_user: models.User = Security(
        deps.get_current_user,
-        scopes=[Role.SUPER_ADMIN["name"]],
+        scopes=[Role.SUPER_ADMIN["name"], Role.ADMIN["name"]],
    )
 ):
    def get_department_name(db, id):
@ -35,7 +35,13 @@ def list_files(
        user = crud.user.get_by_id(db=db, id=id) 
        return user.fullname
    try:
-        docs = crud.documents.get_multi(db, skip=skip, limit=limit)
+        role = current_user.user_role.role.name if current_user.user_role else None
+        if role == "SUPER_ADMIN":
+            docs = crud.documents.get_multi(db, skip=skip, limit=limit)
+        else:
+            docs = crud.documents.get_multi_documents(
+                db, department_id=current_user.department_id, skip=skip, limit=limit)
+            
        docs = [
            schemas.Document(
                id=doc.id,
--- a/private_gpt/users/api/v1/routers/users.py
+++ b/private_gpt/users/api/v1/routers/users.py
@ -16,9 +16,9 @@ router = APIRouter(prefix="/users", tags=["users"])

@router.get("", response_model=List[schemas.User])
 def read_users(
-    db: Session = Depends(deps.get_db),
    skip: int = 0,
    limit: int = 100,
+    db: Session = Depends(deps.get_db),
    current_user: models.User = Security(
        deps.get_current_user,
        scopes=[Role.ADMIN["name"], Role.SUPER_ADMIN["name"]],
@ -27,7 +27,11 @@ def read_users(
    """                                 
    Retrieve all users.
    """
-    users = crud.user.get_multi(db, skip=skip, limit=limit)
+    role = current_user.user_role.role.name if current_user.user_role else None
+    if role == "ADMIN":
+        users = crud.user.get_by_department_id(db=db, department_id=current_user.department_id, skip=skip, limit=limit)
+    else:
+        users = crud.user.get_multi(db, skip=skip, limit=limit)
    return users