async def check_evaluation_create_permissions( current_user: UserInDB = Depends(get_current_active_user), cleaning: CleaningInDB = Depends(get_cleaning_by_id_from_path), cleaner: UserInDB = Depends(get_user_by_username_from_path), offer: OfferInDB = Depends(get_offer_for_cleaning_from_user_by_path), evals_repo: EvaluationsRepository = Depends(get_repository(EvaluationsRepository)), ) -> None: # Test that only owners of a cleaning can leave evaluations for that cleaning job # [R1] created utility function if not user_owns_cleaning(user=current_user, cleaning=cleaning): raise HTTPException( status_code=status.HTTP_403_FORBIDDEN, detail="Users are unable to leave evaluations for cleaning jobs they do not own.", ) # Check that evaluations can only be made for jobs that have been accepted # Also serves to ensure that only one evaluation per-cleaner-per-job is allowed if offer.status != "accepted": raise HTTPException( status_code=status.HTTP_400_BAD_REQUEST, detail="Only users with accepted offers can be evaluated.", ) # Check that evaluations can only be made for users whose offer was accepted for that job if offer.user_id != cleaner.id: raise HTTPException( status_code=status.HTTP_400_BAD_REQUEST, detail="You are not authorized to leave an evaluation for this user.", )
def check_offer_list_permissions( current_user: UserInDB = Depends(get_current_active_user), cleaning: CleaningInDB = Depends(get_cleaning_by_id_from_path), ) -> None: if not user_owns_cleaning(user=current_user, cleaning=cleaning): raise HTTPException( status_code=status.HTTP_403_FORBIDDEN, detail="Unable to access offers.", )
def check_offer_acceptance_permissions( current_user: UserInDB = Depends(get_current_active_user), cleaning: CleaningInDB = Depends(get_cleaning_by_id_from_path), offer: OfferInDB = Depends(get_offer_for_cleaning_from_user_by_path), ) -> None: if not user_owns_cleaning(user=current_user, cleaning=cleaning): raise HTTPException( status_code=status.HTTP_403_FORBIDDEN, detail="Only the owner of the cleaning may accept offers." ) if offer.status != "pending": raise HTTPException( status_code=status.HTTP_400_BAD_REQUEST, detail="Can only accept offers that are currently pending." )
async def check_offer_create_permissions( current_user: UserInDB = Depends(get_current_active_user), cleaning: CleaningInDB = Depends(get_cleaning_by_id_from_path), offers_repo: OffersRepository = Depends(get_repository(OffersRepository)), ) -> None: if user_owns_cleaning(user=current_user, cleaning=cleaning): raise HTTPException( status_code=status.HTTP_400_BAD_REQUEST, detail="Users are unable to create offers for cleaning jobs they own.", ) if await offers_repo.get_offer_for_cleaning_from_user(cleaning=cleaning, user=current_user): raise HTTPException( status_code=status.HTTP_400_BAD_REQUEST, detail="Users aren't allowed create more than one offer for a cleaning job.", )
def check_offer_acceptance_permissions( current_user: UserInDB = Depends(get_current_active_user), cleaning: CleaningInDB = Depends(get_cleaning_by_id_from_path), offer: OfferInDB = Depends(get_offer_for_cleaning_from_user_by_path), existing_offers: List[OfferInDB] = Depends( list_offers_for_cleaning_by_id_from_path), ) -> None: if not user_owns_cleaning(user=current_user, cleaning=cleaning): raise HTTPException( status_code=HTTP_403_FORBIDDEN, detail="Only the owner of the cleaning may accept offers.") if offer.status != "pending": raise HTTPException( status_code=HTTP_400_BAD_REQUEST, detail="Can only accept offers that are currently pending.") if "accepted" in [o.status for o in existing_offers]: raise HTTPException( status_code=HTTP_400_BAD_REQUEST, detail="That cleaning job already has an accepted offer.")