diff --git a/calendar_backend/routes/lecturer/comment.py b/calendar_backend/routes/lecturer/comment.py index e4c200d9..a9cd9e9f 100644 --- a/calendar_backend/routes/lecturer/comment.py +++ b/calendar_backend/routes/lecturer/comment.py @@ -10,7 +10,7 @@ settings = get_settings() -router = APIRouter(prefix="/lecturer/{lecturer_id}", tags=["Lecturer: Comment"]) +router = APIRouter(prefix="/lecturer/{lecturer_id}", tags=["Lecturer: Comment"], deprecated=True) @router.post("/comment/", response_model=CommentLecturer) diff --git a/calendar_backend/routes/lecturer/comment_review.py b/calendar_backend/routes/lecturer/comment_review.py index ddb296e2..e9381548 100644 --- a/calendar_backend/routes/lecturer/comment_review.py +++ b/calendar_backend/routes/lecturer/comment_review.py @@ -11,7 +11,7 @@ from calendar_backend.routes.models import CommentLecturer -router = APIRouter(prefix="/lecturer/{lecturer_id}/comment", tags=["Lecturer: Comment Review"]) +router = APIRouter(prefix="/lecturer/{lecturer_id}/comment", tags=["Lecturer: Comment Review"], deprecated=True) @router.get("/review/", response_model=list[CommentLecturer]) diff --git a/calendar_backend/routes/lecturer/photo.py b/calendar_backend/routes/lecturer/photo.py index 87e329ff..aebb0392 100644 --- a/calendar_backend/routes/lecturer/photo.py +++ b/calendar_backend/routes/lecturer/photo.py @@ -1,4 +1,5 @@ -from fastapi import APIRouter, File, UploadFile +from auth_lib.fastapi import UnionAuth +from fastapi import APIRouter, Depends, File, UploadFile from fastapi_sqlalchemy import db from calendar_backend.exceptions import ObjectNotFound @@ -14,7 +15,11 @@ @router.post("/photo", response_model=Photo) -async def upload_photo(lecturer_id: int, photo: UploadFile = File(...)) -> Photo: +async def upload_photo( + lecturer_id: int, + photo: UploadFile = File(...), + _=Depends(UnionAuth(scopes=["timetable.lecturer.photo.create"])), +) -> Photo: """Загрузить фотографию преподавателя из локального файла Пример загрузки файла на питоне @@ -50,7 +55,11 @@ async def get_lecturer_photos(lecturer_id: int, limit: int = 10, offset: int = 0 @router.delete("/photo/{id}", response_model=None) -async def delete_photo(id: int, lecturer_id: int) -> None: +async def delete_photo( + id: int, + lecturer_id: int, + _=Depends(UnionAuth(scopes=["timetable.lecturer.photo.delete"])), +) -> None: photo = DbPhoto.get(id, only_approved=False, session=db.session) if photo.lecturer_id != lecturer_id: raise ObjectNotFound(DbPhoto, id)