mish/evo-sync
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 5 Wiki Activity

fix: use get_viewed_user in all connection action routes

Browse Source 
All POST/action routes in connections.py were using get_current_user,
which returns the real logged-in admin instead of the impersonated user.
Disconnect, test, save and manual token routes now all operate on the
viewed user so admin impersonation works correctly.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
mguschin
2026-05-24 17:09:56 +03:00
parent 5b82f1bc02
commit 04ca914971
1 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
web/routes/connections.py
View File

@@ -49,7 +49,7 @@ async def connections_get(request: Request, db: Session = Depends(get_db)):
@router.post("/connections/evotor")
async def connections_evotor_post(request: Request, db: Session = Depends(get_db)):
try:
user = get_current_user(request, db)
_, user = get_viewed_user(request, db)
except Exception:
return RedirectResponse("/login", 303)
@@ -93,7 +93,7 @@ async def connections_evotor_post(request: Request, db: Session = Depends(get_db
@router.post("/connections/evotor/disconnect")
async def connections_evotor_disconnect(request: Request, db: Session = Depends(get_db)):
try:
user = get_current_user(request, db)
_, user = get_viewed_user(request, db)
except Exception:
return RedirectResponse("/login", 303)
@@ -107,7 +107,7 @@ async def connections_evotor_disconnect(request: Request, db: Session = Depends(
@router.post("/connections/vk")
async def connections_vk_post(request: Request, db: Session = Depends(get_db)):
try:
user = get_current_user(request, db)
_, user = get_viewed_user(request, db)
except Exception:
return RedirectResponse("/login", 303)
@@ -239,7 +239,7 @@ async def vk_callback_page(request: Request):
@router.post("/vk-callback/save")
async def vk_callback_save(request: Request, db: Session = Depends(get_db)):
try:
user = get_current_user(request, db)
_, user = get_viewed_user(request, db)
except Exception:
return JSONResponse({"ok": False, "message": "Сессия истекла, войдите снова"}, status_code=401)
@@ -289,7 +289,7 @@ async def vk_callback_save(request: Request, db: Session = Depends(get_db)):
@router.post("/connections/vk/disconnect")
async def connections_vk_disconnect(request: Request, db: Session = Depends(get_db)):
try:
user = get_current_user(request, db)
_, user = get_viewed_user(request, db)
except Exception:
return RedirectResponse("/login", 303)
@@ -303,7 +303,7 @@ async def connections_vk_disconnect(request: Request, db: Session = Depends(get_
@router.post("/connections/evotor/test")
async def connections_evotor_test(request: Request, db: Session = Depends(get_db)):
try:
user = get_current_user(request, db)
_, user = get_viewed_user(request, db)
except Exception:
return JSONResponse({"ok": False, "message": "Не авторизован"}, status_code=401)
@@ -339,7 +339,7 @@ async def connections_evotor_test(request: Request, db: Session = Depends(get_db
@router.post("/connections/vk/test")
async def connections_vk_test(request: Request, db: Session = Depends(get_db)):
try:
user = get_current_user(request, db)
_, user = get_viewed_user(request, db)
except Exception:
return JSONResponse({"ok": False, "message": "Не авторизован"}, status_code=401)