diff --git a/sld-api-backend/src/variables/api/container/get.py b/sld-api-backend/src/variables/api/container/get.py index 3021e413..6f40f360 100644 --- a/sld-api-backend/src/variables/api/container/get.py +++ b/sld-api-backend/src/variables/api/container/get.py @@ -20,12 +20,32 @@ async def get_json( try: if stack.isdigit(): result = crud_stacks.get_stack_by_id(db=db, stack_id=stack) + if result == None: + raise HTTPException( + status_code=404, detail=f"Not found" + ) + if not crud_users.is_master(db, current_user): + if "*" not in result.squad_access: + if not check_squad_user(current_user.squad, result.squad_access): + raise HTTPException( + status_code=403, detail=f"Not enough permissions" + ) return result.var_json.get("variable") else: result = crud_stacks.get_stack_by_name(db=db, stack_name=stack) - return result.var_json.get("variable") + if result == None: + raise HTTPException( + status_code=404, detail=f"Not found" + ) + if not crud_users.is_master(db, current_user): + if "*" not in result.squad_access: + if not check_squad_user(current_user.squad, result.squad_access): + raise HTTPException( + status_code=403, detail=f"Not enough permissions" + ) + return result.var_json.get("variable") except Exception as err: - raise HTTPException(status_code=404, detail=f"{err}") + raise err async def get_list( @@ -39,12 +59,32 @@ async def get_list( try: if stack.isdigit(): result = crud_stacks.get_stack_by_id(db=db, stack_id=stack) + if result == None: + raise HTTPException( + status_code=404, detail=f"Not found" + ) + if not crud_users.is_master(db, current_user): + if "*" not in result.squad_access: + if not check_squad_user(current_user.squad, result.squad_access): + raise HTTPException( + status_code=403, detail=f"Not enough permissions" + ) return result.var_list else: result = crud_stacks.get_stack_by_name(db=db, stack_name=stack) - return result.var_list + if result == None: + raise HTTPException( + status_code=404, detail=f"Not found" + ) + if not crud_users.is_master(db, current_user): + if "*" not in result.squad_access: + if not check_squad_user(current_user.squad, result.squad_access): + raise HTTPException( + status_code=403, detail=f"Not enough permissions" + ) + return result.var_list except Exception as err: - raise HTTPException(status_code=404, detail=f"{err}") + raise err async def get_deploy_by_id( @@ -53,15 +93,17 @@ async def get_deploy_by_id( db: Session = Depends(deps.get_db), ): - result = crud_deploys.get_deploy_by_id(db=db, deploy_id=deploy_id) - if not crud_users.is_master(db, current_user): - if not check_squad_user(current_user.squad, [result.squad]): + try: + result = crud_deploys.get_deploy_by_id(db=db, deploy_id=deploy_id) + if result == None: raise HTTPException( - status_code=403, detail=f"Not enough permissions in {squad}" + status_code=404, detail=f"Not found" ) - try: - if result is None: - raise Exception("Deploy id Not Found") + if not crud_users.is_master(db, current_user): + if not check_squad_user(current_user.squad, [result.squad]): + raise HTTPException( + status_code=403, detail=f"Not enough permissions" + ) return result.variables except Exception as err: - raise HTTPException(status_code=404, detail=f"{err}") + raise err