Skip to content

fix: make GET /zones?view=map public #25

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Gogobobo11 merged 1 commit into from
May 12, 2026
Merged

fix: make GET /zones?view=map public #25

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 24 additions & 4 deletions src/routers/zones.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,13 @@
from typing import Annotated

from fastapi import APIRouter, Depends, HTTPException, status
from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
from sqlalchemy import text
from sqlalchemy.orm import Session

from ..database import get_db
from ..db_models import Camera, ParkingZone, Partner, User
from ..dependencies import CurrentUser, require
from ..dependencies import CurrentUser, get_current_user, require
from ..schemas.zones import (
CreateZoneRequest,
UpdateZoneRequest,
Expand Down Expand Up @@ -90,7 +91,6 @@ def _get_zone_or_404(db: Session, zone_id: int) -> ParkingZone:

@router.get("", response_model=list[ZoneResponse] | list[ZoneMapItemResponse])
def list_zones(
current_user: Annotated[User, require("zones.view")],
db: Annotated[Session, Depends(get_db)],
camera_id: int | None = None,
partner_id: int | None = None,
Expand All @@ -101,7 +101,28 @@ def list_zones(
view: str = "full",
top: int = 100,
offset: int = 0,
credentials: Annotated[HTTPAuthorizationCredentials | None, Depends(HTTPBearer(auto_error=False))] = None,
):
if view != "map":
if credentials is None:
raise HTTPException(
status.HTTP_401_UNAUTHORIZED,
detail={"error_description": "Missing or invalid access token"},
)
from ..dependencies import decode_access_token, get_effective_permissions
user_id = decode_access_token(credentials.credentials)
current_user = db.query(User).filter(User.user_id == user_id).one_or_none()
if current_user is None or not current_user.is_active:
raise HTTPException(
status.HTTP_401_UNAUTHORIZED,
detail={"error_description": "User not found or inactive"},
)
if "zones.view" not in get_effective_permissions(current_user):
raise HTTPException(
status.HTTP_403_FORBIDDEN,
detail={"error_description": "Missing permissions: zones.view"},
)

query = db.query(ParkingZone)

if camera_id is not None:
Expand All @@ -113,7 +134,6 @@ def list_zones(
if max_pay is not None:
query = query.filter(ParkingZone.pay <= max_pay)
if min_free_count is not None:
# free_count — вычисляемое поле, фильтруем через выражение
query = query.filter(
(ParkingZone.capacity - ParkingZone.occupied) >= min_free_count
)
Expand Down Expand Up @@ -222,4 +242,4 @@ def delete_zone(
zone = _get_zone_or_404(db, zone_id)
db.delete(zone)
db.commit()
return None
return None
Loading