From 04ca914971c57c8c8719a2122e32f0ddd15104a8 Mon Sep 17 00:00:00 2001 From: mguschin Date: Sun, 24 May 2026 17:09:56 +0300 Subject: [PATCH] fix: use get_viewed_user in all connection action routes All POST/action routes in connections.py were using get_current_user, which returns the real logged-in admin instead of the impersonated user. Disconnect, test, save and manual token routes now all operate on the viewed user so admin impersonation works correctly. Co-Authored-By: Claude Sonnet 4.6 --- web/routes/connections.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/web/routes/connections.py b/web/routes/connections.py index 114c542..60e6fa2 100644 --- a/web/routes/connections.py +++ b/web/routes/connections.py @@ -49,7 +49,7 @@ async def connections_get(request: Request, db: Session = Depends(get_db)): @router.post("/connections/evotor") async def connections_evotor_post(request: Request, db: Session = Depends(get_db)): try: - user = get_current_user(request, db) + _, user = get_viewed_user(request, db) except Exception: return RedirectResponse("/login", 303) @@ -93,7 +93,7 @@ async def connections_evotor_post(request: Request, db: Session = Depends(get_db @router.post("/connections/evotor/disconnect") async def connections_evotor_disconnect(request: Request, db: Session = Depends(get_db)): try: - user = get_current_user(request, db) + _, user = get_viewed_user(request, db) except Exception: return RedirectResponse("/login", 303) @@ -107,7 +107,7 @@ async def connections_evotor_disconnect(request: Request, db: Session = Depends( @router.post("/connections/vk") async def connections_vk_post(request: Request, db: Session = Depends(get_db)): try: - user = get_current_user(request, db) + _, user = get_viewed_user(request, db) except Exception: return RedirectResponse("/login", 303) @@ -239,7 +239,7 @@ async def vk_callback_page(request: Request): @router.post("/vk-callback/save") async def vk_callback_save(request: Request, db: Session = Depends(get_db)): try: - user = get_current_user(request, db) + _, user = get_viewed_user(request, db) except Exception: return JSONResponse({"ok": False, "message": "Сессия истекла, войдите снова"}, status_code=401) @@ -289,7 +289,7 @@ async def vk_callback_save(request: Request, db: Session = Depends(get_db)): @router.post("/connections/vk/disconnect") async def connections_vk_disconnect(request: Request, db: Session = Depends(get_db)): try: - user = get_current_user(request, db) + _, user = get_viewed_user(request, db) except Exception: return RedirectResponse("/login", 303) @@ -303,7 +303,7 @@ async def connections_vk_disconnect(request: Request, db: Session = Depends(get_ @router.post("/connections/evotor/test") async def connections_evotor_test(request: Request, db: Session = Depends(get_db)): try: - user = get_current_user(request, db) + _, user = get_viewed_user(request, db) except Exception: return JSONResponse({"ok": False, "message": "Не авторизован"}, status_code=401) @@ -339,7 +339,7 @@ async def connections_evotor_test(request: Request, db: Session = Depends(get_db @router.post("/connections/vk/test") async def connections_vk_test(request: Request, db: Session = Depends(get_db)): try: - user = get_current_user(request, db) + _, user = get_viewed_user(request, db) except Exception: return JSONResponse({"ok": False, "message": "Не авторизован"}, status_code=401)