api: restructure exception generation to be more ergonomic in the code

2026-05-14 16:23:52 +02:00 · 2026-05-14 16:23:52 +02:00 · 2f991a6b02
commit 2f991a6b02
parent 60c4770280
5 changed files with 153 additions and 81 deletions
--- a/api/src/dooris_api/app.py
+++ b/api/src/dooris_api/app.py
@ -1,4 +1,4 @@
-from typing import Optional, List, Any
+from typing import Optional, List
 import logging
 import secrets
 import sys
@ -75,7 +75,7 @@ async def get_user_info(
    else:
        return models.UserStatus(
            is_logged_in=True,
-            is_authorized=True,
+            is_authorized=current_user.may_operate_locks,
            guaranteed_session_until=datetime.fromtimestamp(
                current_user.id_token.exp, UTC
            ),
@ -188,9 +188,7 @@ async def logout(
    tags=["locks"],
    responses={status.HTTP_401_UNAUTHORIZED: {"model": models.HttpProblemDetail}},
 )
-async def list_locks(
-    ccujack: deps.CCUJackClient
-) -> List[models.Lock]:
+async def list_locks(ccujack: deps.CCUJackClient) -> List[models.Lock]:
    # assemble result objects
    result = []
    for i_lock, lock_channels in ccujack.locks:
@ -233,7 +231,11 @@ async def list_locks(
                        status_data["is_unreachable"] = value.v

        result.append(
-            models.Lock(id=i_lock.identifier, name=i_lock.title, status=models.LockStatus(**status_data))
+            models.Lock(
+                id=i_lock.identifier,
+                name=i_lock.title,
+                status=models.LockStatus(**status_data),
+            )
        )

    return result
@ -244,10 +246,19 @@ async def list_locks(
    tags=["locks"],
    responses={
        status.HTTP_401_UNAUTHORIZED: {"model": models.HttpProblemDetail},
+        status.HTTP_403_FORBIDDEN: {"models": models.HttpProblemDetail},
        status.HTTP_404_NOT_FOUND: {"model": models.HttpProblemDetail},
    },
 )
-async def operate_lock(req: Request, lock_id: str, requested_op: models.LockOperation, ccujack: deps.CCUJackClient, _current_user: deps.CurrentUser) -> None:
+async def operate_lock(
+    req: Request,
+    lock_id: str,
+    requested_op: models.LockOperation,
+    ccujack: deps.CCUJackClient,
+    current_user: deps.CurrentUser,
+) -> None:
+    if not current_user.may_operate_locks:
+        raise exceptions.HttpProblemException.forbidden_to_operate(req.url)
    # TODO: Validate that the user is authorized
    # find appropriate lock from ccujack
    for i_lock, lock_channels in ccujack.locks:
@ -268,9 +279,6 @@ async def operate_lock(req: Request, lock_id: str, requested_op: models.LockOper
                            # write to ccujack
                            await ccujack.set_param_value(addr, ccujack_value)
                            return
-                    
-                    
+
    else:
-        raise exceptions.HttpProblemException(
-            models.HttpProblemDetail.new_lock_not_found(lock_id, req.url)
-        )
+        raise exceptions.HttpProblemException.new_lock_not_found(lock_id, req.url)