mish/evo-sync
1
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects 1 Releases 5 Wiki Activity
Files
52825f70dea112ecc552dab81b8d12d6832351a6
evo-sync/web/auth/session.py
mguschin 5e7be16755 feat: remove register, add evo webhooks, admin view-as user 
- Remove /register route and nav links (users created via Evotor webhook)
- Fix evotor_webhooks.py: use phone=None instead of phone="" to avoid unique constraint
- Add admin "view as user" feature: POST /admin/users/{id}/view-as sets viewed_user_id
  in session; POST /admin/view-as/stop clears it
- catalog, vk_catalog, sync, connections GET routes use get_viewed_user() so admins
  see another user's data while browsing
- Orange banner shown at top when admin is viewing as another user

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-13 20:44:25 +03:00

43 lines
1.5 KiB
Python
Raw Blame History

from fastapi import HTTPException
from fastapi.responses import RedirectResponse
from sqlalchemy.orm import Session
from starlette.requests import Request
from web.models.user import User, UserRoleEnum, UserStatusEnum
def get_session_user_id(request: Request) -> int | None:
return request.session.get("user_id")
def get_current_user(request: Request, db: Session) -> User:
user_id = get_session_user_id(request)
if not user_id:
raise HTTPException(status_code=307, headers={"Location": "/login"})
user = db.get(User, user_id)
if not user or user.status == UserStatusEnum.suspended:
request.session.clear()
raise HTTPException(status_code=307, headers={"Location": "/login"})
return user
def get_viewed_user(request: Request, db: Session) -> tuple[User, User]:
"""Return (real_user, viewed_user).
Admins/system users can view another user's data by having
`viewed_user_id` set in the session (via /admin/users/{id}/view-as).
For regular users, both values are the same.
"""
real_user = get_current_user(request, db)
is_admin = real_user.role in (UserRoleEnum.admin, UserRoleEnum.system)
viewed_id = request.session.get("viewed_user_id") if is_admin else None
if viewed_id:
viewed = db.get(User, viewed_id)
if viewed:
return real_user, viewed
return real_user, real_user
def login_redirect() -> RedirectResponse:
return RedirectResponse("/login", status_code=303)
Reference in New Issue View Git Blame Copy Permalink