30 lines
760 B
Python
30 lines
760 B
Python
"""Permission validation middleware for boards."""
|
|
|
|
from uuid import UUID
|
|
|
|
from fastapi import HTTPException, status
|
|
from sqlalchemy.orm import Session
|
|
|
|
from app.boards.repository import BoardRepository
|
|
|
|
|
|
def validate_board_ownership(board_id: UUID, user_id: UUID, db: Session) -> None:
|
|
"""
|
|
Validate that the user owns the board.
|
|
|
|
Args:
|
|
board_id: Board UUID
|
|
user_id: User UUID
|
|
db: Database session
|
|
|
|
Raises:
|
|
HTTPException: 404 if board not found or not owned by user
|
|
"""
|
|
repo = BoardRepository(db)
|
|
|
|
if not repo.board_exists(board_id, user_id):
|
|
raise HTTPException(
|
|
status_code=status.HTTP_404_NOT_FOUND,
|
|
detail=f"Board {board_id} not found or access denied",
|
|
)
|