fix: use get_viewed_user in all connection action routes

All POST/action routes in connections.py were using get_current_user, which returns the real logged-in admin instead of the impersonated user. Disconnect, test, save and manual token routes now all operate on the viewed user so admin impersonation works correctly. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-24 17:09:56 +03:00
parent 5b82f1bc02
commit 04ca914971
1 changed files with 7 additions and 7 deletions
--- a/web/routes/connections.py
+++ b/web/routes/connections.py
@@ -49,7 +49,7 @@ async def connections_get(request: Request, db: Session = Depends(get_db)):
@router.post("/connections/evotor")
 async def connections_evotor_post(request: Request, db: Session = Depends(get_db)):
    try:
-        user = get_current_user(request, db)
+        _, user = get_viewed_user(request, db)
    except Exception:
        return RedirectResponse("/login", 303)
@@ -93,7 +93,7 @@ async def connections_evotor_post(request: Request, db: Session = Depends(get_db
@router.post("/connections/evotor/disconnect")
 async def connections_evotor_disconnect(request: Request, db: Session = Depends(get_db)):
    try:
-        user = get_current_user(request, db)
+        _, user = get_viewed_user(request, db)
    except Exception:
        return RedirectResponse("/login", 303)
@@ -107,7 +107,7 @@ async def connections_evotor_disconnect(request: Request, db: Session = Depends(
@router.post("/connections/vk")
 async def connections_vk_post(request: Request, db: Session = Depends(get_db)):
    try:
-        user = get_current_user(request, db)
+        _, user = get_viewed_user(request, db)
    except Exception:
        return RedirectResponse("/login", 303)
@@ -239,7 +239,7 @@ async def vk_callback_page(request: Request):
@router.post("/vk-callback/save")
 async def vk_callback_save(request: Request, db: Session = Depends(get_db)):
    try:
-        user = get_current_user(request, db)
+        _, user = get_viewed_user(request, db)
    except Exception:
        return JSONResponse({"ok": False, "message": "Сессия истекла, войдите снова"}, status_code=401)
@@ -289,7 +289,7 @@ async def vk_callback_save(request: Request, db: Session = Depends(get_db)):
@router.post("/connections/vk/disconnect")
 async def connections_vk_disconnect(request: Request, db: Session = Depends(get_db)):
    try:
-        user = get_current_user(request, db)
+        _, user = get_viewed_user(request, db)
    except Exception:
        return RedirectResponse("/login", 303)
@@ -303,7 +303,7 @@ async def connections_vk_disconnect(request: Request, db: Session = Depends(get_
@router.post("/connections/evotor/test")
 async def connections_evotor_test(request: Request, db: Session = Depends(get_db)):
    try:
-        user = get_current_user(request, db)
+        _, user = get_viewed_user(request, db)
    except Exception:
        return JSONResponse({"ok": False, "message": "Не авторизован"}, status_code=401)
@@ -339,7 +339,7 @@ async def connections_evotor_test(request: Request, db: Session = Depends(get_db
@router.post("/connections/vk/test")
 async def connections_vk_test(request: Request, db: Session = Depends(get_db)):
    try:
-        user = get_current_user(request, db)
+        _, user = get_viewed_user(request, db)
    except Exception:
        return JSONResponse({"ok": False, "message": "Не авторизован"}, status_code=401)