While I am using fastapi-crudrouter am trying to have a resource be accessed only by its owner.
Somehow I am getting the error
{
"detail": [
{
"loc": [
"query",
"id"
],
"msg": "field required",
"type": "value_error.missing"
}
]
}
The code is pasted below. I think the error is complaining about the missing id
parameter. The endpoint url goes like .../support/issue/1
. How can I make that 1 assigned to the id
parameter of the user_is_owner
dependency?
from fastapi import Depends, HTTPException, status
from sqlalchemy.orm import Session
from fastapi_crudrouter import SQLAlchemyCRUDRouter
from app.support.models import Issue as IssueModel
from app.support.schemas import Issue as IssueSchema
from app.database import get_db
from app.oauth2 import get_current_user
def user_is_owner(
id: int,
db: Session = Depends(get_db),
current_user: int = Depends(get_current_user),
):
issue = db.query(IssueModel).filter(IssueModel.id == id).first()
if not issue:
raise HTTPException(
status_code=status.HTTP_404_NOT_FOUND,
detail=f'Issue with id: {id} was not found.',
)
if issue.created_by != current_user.id:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail='Not authorized to perform requested action',
)
return True
router = SQLAlchemyCRUDRouter(
schema=IssueSchema,
# create_schema=PotatoCreate,
# update_schema=PotatoUpdate,
db_model=IssueModel,
db=get_db,
prefix='/issue',
dependencies=[Depends(get_current_user)],
#
# individual route config
#
get_all_route=True, # [Depends(is_admin)],
get_one_route=[Depends(user_is_owner)],
delete_all_route=False,
delete_one_route=False,
# create_route=False,
update_route=False,
)