Coverage for src/cstlcore/memberships/access.py: 84%

19 statements  

« prev     ^ index     » next       coverage.py v7.9.1, created at 2026-02-19 12:46 +0000

1import uuid 

2 

3from fastapi import HTTPException, status 

4from sqlmodel import Session 

5 

6from cstlcore.constellations.models import Constellation 

7from cstlcore.memberships.models import AccessEnum, ConstellationMembership 

8from cstlcore.users.models import User 

9 

10 

11def has_access( 

12 primary_identifier: dict[str, uuid.UUID], 

13 membership_model: type, 

14 session: Session, 

15) -> AccessEnum | None: 

16 membership = session.get(membership_model, primary_identifier) 

17 if membership: 

18 return membership.access 

19 return None 

20 

21 

22def require_constellation_access( 

23 user: User, 

24 constellation: Constellation, 

25 required_level: AccessEnum, 

26 session: Session, 

27): 

28 # Check if user is an admin - admins have access to all constellations 

29 from cstlcore.auth.dependencies import is_user_admin 

30 

31 if is_user_admin(user): 

32 return constellation 

33 

34 access = has_access( 

35 {"user_id": user.id, "constellation_id": constellation.id}, 

36 ConstellationMembership, 

37 session, 

38 ) 

39 if not access or access < required_level: 

40 raise HTTPException( 

41 status_code=status.HTTP_403_FORBIDDEN, 

42 detail="Insufficient permissions for this constellation.", 

43 ) 

44 return constellation