api: restructure exception generation to be more ergonomic in the code

2026-05-14 16:23:52 +02:00 · 2026-05-14 16:23:52 +02:00 · 2f991a6b02
commit 2f991a6b02
parent 60c4770280
5 changed files with 153 additions and 81 deletions
--- a/api/src/dooris_api/models.py
+++ b/api/src/dooris_api/models.py
@ -1,10 +1,8 @@
-from typing import Optional, Self, Literal
+from typing import Optional, Literal, List
 from datetime import datetime
 from pydantic import BaseModel, HttpUrl
 from enum import Enum
 from simple_openid_connect.data import IdToken
-from starlette.datastructures import URL
-from fastapi import status


 class HttpProblemType(Enum):
@ -13,6 +11,7 @@ class HttpProblemType(Enum):
    """

    UNAUTHORIZED = "type:noc@hamburg.ccc.de,2026:UNAUTHORIZED"
+    FORBIDDEN_TO_OPERATE = "type:noc@hamburg.ccc.de,2026,FORBIDDEN_TO_OPERATE"
    LOCK_NOT_FOUND = "type:noc@hamburg.ccc.de,2026:LOCK_NOT_FOUND"


@ -27,31 +26,19 @@ class HttpProblemDetail(BaseModel):
    detail: str
    instance: Optional[HttpUrl]

-    @classmethod
-    def new_unauthorized(cls, request_uri: str | URL) -> Self:
-        return cls(
-            type=HttpProblemType.UNAUTHORIZED,
-            status=status.HTTP_401_UNAUTHORIZED,
-            title="Unauthorized",
-            detail="You tried to access a ressource which requires authentication but you are not authenticated",
-            instance=HttpUrl(str(request_uri)),
-        )
-
-    @classmethod
-    def new_lock_not_found(cls, requested_lock: str, request_uri: str | URL) -> Self:
-        return cls(
-            type=HttpProblemType.LOCK_NOT_FOUND,
-            status=status.HTTP_404_NOT_FOUND,
-            title="Lock not found",
-            detail=f"You tried to interact with lock {requested_lock!r} that is not known to dooris",
-            instance=str(request_uri),
-        )
-

 class CurrentUser(BaseModel):
    id_token: IdToken
    raw_id_token: str

+    @property
+    def ccchh_roles(self) -> List[str]:
+        return []
+
+    @property
+    def may_operate_locks(self) -> bool:
+        return True
+

 class UserStatus(BaseModel):
    is_logged_in: bool