curo1305
6e5e5c08bf
- Add can_delete column to document_shares (migration 0005) - Inject x-user-is-admin header from backend proxy to doc-service - Add get_user_is_admin() dep in doc-service - Delete endpoint now allows: owner, admin, or group member with can_delete=true - Watch documents (user_id='watch') deletable by admins only - DocumentOut gains viewer_can_delete (computed per-request) - Share UI: 'Allow group members to delete' checkbox + trash badge on shares - RowActionsMenu dropdown portaled to document.body — fixes overflow-hidden clipping - Delete mutation onError handler — no more silent failures Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
32 lines
1.1 KiB
Python
32 lines
1.1 KiB
Python
from fastapi import Header, HTTPException
|
|
|
|
|
|
async def get_user_id(x_user_id: str = Header(...)) -> str:
|
|
"""
|
|
Extract the user identity injected by the main backend proxy.
|
|
The main backend validates the JWT and forwards the user ID via this header.
|
|
Doc-service trusts it because it is only reachable from backend on backend-net.
|
|
"""
|
|
if not x_user_id:
|
|
raise HTTPException(status_code=400, detail="Missing X-User-Id header")
|
|
return x_user_id
|
|
|
|
|
|
async def get_user_groups(x_user_groups: str = Header(default="")) -> list[str]:
|
|
"""
|
|
Extract the group IDs injected by the main backend proxy.
|
|
Comma-separated list of group UUIDs the current user belongs to.
|
|
Returns an empty list if the header is absent or empty.
|
|
"""
|
|
if not x_user_groups:
|
|
return []
|
|
return [g.strip() for g in x_user_groups.split(",") if g.strip()]
|
|
|
|
|
|
async def get_user_is_admin(x_user_is_admin: str = Header(default="false")) -> bool:
|
|
"""
|
|
Extract the admin flag injected by the main backend proxy.
|
|
Returns True only if the header value is exactly "true" (lowercase).
|
|
"""
|
|
return x_user_is_admin.lower() == "true"
|