From a134b769b3b1007cb39d952211de063d20df14db Mon Sep 17 00:00:00 2001
From: Andrii Blacksmith <coderpy4@proton.me>
Date: Mon, 8 Jul 2024 12:58:34 +0300
Subject: [PATCH] make better validation of role in moderation_log

---
 app/errors.py                  |  3 +++
 app/moderation/dependencies.py | 12 ++++++++++++
 app/moderation/router.py       | 33 +++++----------------------------
 3 files changed, 20 insertions(+), 28 deletions(-)

diff --git a/app/errors.py b/app/errors.py
index 9c8c27ba..c9a6862c 100644
--- a/app/errors.py
+++ b/app/errors.py
@@ -184,6 +184,9 @@ class ErrorResponse(CustomModel):
     "system": {
         "bad-backup-token": ["Bad backup token", 401],
     },
+    "moderation-log": {
+        "no-access": ["You do not have permission to access", 400]
+    },
 }
 
 
diff --git a/app/moderation/dependencies.py b/app/moderation/dependencies.py
index b00e099e..b758f7e6 100644
--- a/app/moderation/dependencies.py
+++ b/app/moderation/dependencies.py
@@ -1,8 +1,11 @@
 from sqlalchemy.ext.asyncio import AsyncSession
 from app.database import get_session
+from app.dependencies import auth_required
 from app.errors import Abort
 from fastapi import Depends
 
+from app.models.user.user import User
+
 from .schemas import ModerationSearchArgs
 
 from app.service import (
@@ -19,3 +22,12 @@ async def validate_moderation_search_args(
             raise Abort("edit", "author-not-found")
 
     return args
+
+
+async def validate_moderation_role(
+    author: User = Depends(auth_required(optional=False)),
+):
+    if author.role not in ["admin", "moderator"]:
+        raise Abort("moderation-log", "no-access")
+
+    return author
diff --git a/app/moderation/router.py b/app/moderation/router.py
index 56ee9d3e..3cd4e9fc 100644
--- a/app/moderation/router.py
+++ b/app/moderation/router.py
@@ -11,7 +11,10 @@
     ModerationSearchArgs,
 )
 
-from .dependencies import validate_moderation_search_args
+from .dependencies import (
+    validate_moderation_search_args,
+    validate_moderation_role,
+)
 
 from app.utils import (
     pagination_dict,
@@ -37,10 +40,7 @@
 async def moderation_log(
     args: ModerationSearchArgs = Depends(validate_moderation_search_args),
     session: AsyncSession = Depends(get_session),
-    # TODO: replace with role check
-    user: User = Depends(
-        auth_required(permissions=[constants.PERMISSION_EDIT_AUTO])
-    ),
+    user: User = Depends(validate_moderation_role),
     page: int = Depends(get_page),
     size: int = Depends(get_size),
 ):
@@ -52,26 +52,3 @@ async def moderation_log(
         "pagination": pagination_dict(total, page, limit),
         "list": moderation.all(),
     }
-
-
-@router.get(
-    "/{username}/log",
-    response_model=ModerationPaginationResponse,
-    summary="User moderation log",
-)
-async def moderation_user_log(
-    session: AsyncSession = Depends(get_session),
-    user: User = Depends(get_user),
-    page: int = Depends(get_page),
-    size: int = Depends(get_size),
-):
-    limit, offset = pagination(page, size)
-    total = await service.get_user_moderation_count(session, user.id)
-    moderation = await service.get_user_moderation(
-        session, user.id, limit, offset
-    )
-
-    return {
-        "pagination": pagination_dict(total, page, limit),
-        "list": moderation.all(),
-    }