Feature: add permissions on expenses (#35)

RezenkovD · web-flow · commit d29a05bde884 · 2024-01-24T21:32:33.000+02:00
* feat: remove block del and upd expenses on inactive group

* feat: remove permissions to check group expenses inactive user

* cd: add pkill -f 'uvicorn main:app'
diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
@@ -166,6 +166,8 @@ jobs:
                 export GOOGLE_SECRET='${{ secrets.GOOGLE_SECRET }}'
                 export ALLOWED_HOSTS='${{ secrets.ALLOWED_HOSTS }}'
                 export DOMAIN_NAME='${{ secrets.DOMAIN_NAME }}'
+              
+                pkill -f "uvicorn main:app"
             
                 git pull
                 pip3 install -r requirements.txt
diff --git a/src/services/expense.py b/src/services/expense.py
@@ -19,6 +19,7 @@ def validate_input_data(
     group_id: int,
     expense: ExpenseCreate = None,
     expense_id: int = None,
+    is_create: bool = False,
 ) -> None:
     try:
         db_user_group = (
@@ -29,11 +30,12 @@ def validate_input_data(
             status_code=status.HTTP_404_NOT_FOUND,
             detail="You are not a user of this group!",
         )
-    if db_user_group.status == GroupStatusEnum.INACTIVE:
-        raise HTTPException(
-            status_code=status.HTTP_405_METHOD_NOT_ALLOWED,
-            detail="The user is not active in this group!",
-        )
+    if is_create:
+        if db_user_group.status == GroupStatusEnum.INACTIVE:
+            raise HTTPException(
+                status_code=status.HTTP_405_METHOD_NOT_ALLOWED,
+                detail="The user is not active in this group!",
+            )
     if expense:
         try:
             db.query(CategoryGroup).filter_by(
@@ -58,7 +60,9 @@ def validate_input_data(
 def create_expense(
     db: Session, user_id: int, group_id: int, expense: ExpenseCreate
 ) -> ExpenseModel:
-    validate_input_data(db=db, user_id=user_id, group_id=group_id, expense=expense)
+    validate_input_data(
+        db=db, user_id=user_id, group_id=group_id, expense=expense, is_create=True
+    )
     db_expense = Expense(**expense.dict())
     db_expense.user_id = user_id
     db_expense.group_id = group_id
diff --git a/src/services/group.py b/src/services/group.py
@@ -92,6 +92,21 @@ def group_member_validate_input_data(
 
 def read_group_history(db: Session, user_id: int, group_id: int) -> List[GroupHistory]:
     user_validate_input_date(db, user_id, group_id)
+    try:
+        (
+            db.query(UserGroup)
+            .filter_by(
+                user_id=user_id,
+                group_id=group_id,
+                status=GroupStatusEnum.ACTIVE,
+            )
+            .one()
+        )
+    except exc.NoResultFound:
+        raise HTTPException(
+            status_code=status.HTTP_405_METHOD_NOT_ALLOWED,
+            detail="The user is not active in this group!",
+        )
     history = (
         select(
             Expense.id,
