ap7pd/event-management-backend
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Allow getting events you're attending/invited to

Browse source
This commit is contained in:
Peter Vacho 2024-12-29 14:57:45 +01:00
parent 8665efe415
commit 63c2bc3b70
Signed by: school
GPG key ID: 8CFC3837052871B4
1 changed files with 18 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
src/api/events.py
View file

@ -1,5 +1,5 @@
from datetime import date, datetime, time
from typing import Annotated, final
from typing import Annotated, cast, final
from beanie import DeleteRules, Link, PydanticObjectId
from fastapi import APIRouter, Body, HTTPException, Query, status
@ -10,6 +10,7 @@ from pydantic_extra_types.color import Color
from src.api.auth.dependencies import LoggedInDep
from src.db.models.category import Category
from src.db.models.event import Event
from src.db.models.invitation import Invitation
from src.db.models.user import User
from src.utils.db import MissingIdError, UnfetchedLinkError, expr, from_id_list, get_id_list, update_document
from src.utils.logging import get_logger
@ -239,15 +240,25 @@ async def get_user_invited_events(
@events_router.get("{event_id}")
async def get_event(event_id: PydanticObjectId, user: CurrentUserDep) -> EventData:
"""Get an event by ID."""
event = await Event.get(event_id)
"""Get an event by ID.
You can only access your own events, or the events you're attending, or the events
that you have a pending invite for.
"""
event = await Event.get(event_id, fetch_links=True)
if event is None:
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Event with given id doesn't exist")
if event.owner != user:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="You can only access your own events",
if cast(User, event.user).id != user.id and user.id not in get_id_list(event.attendees):
# Also check for a pending invite, only do this now, to avoid unnecessary db queries
invite = await Invitation.find_one(
expr(Invitation.invitee).id == user.id, expr(Invitation.event).id == event.id
)
if invite is None or invite.status != "pending":
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="You can only access your own events, or events you're attending",
)
return EventData.from_event(event)