feat: Implement user validation and ownership checks for image, reward, and task APIs
All checks were successful
Gitea Actions Demo / build-and-push (push) Successful in 36s
All checks were successful
Gitea Actions Demo / build-and-push (push) Successful in 36s
- Added `get_validated_user_id` utility function to validate user authentication across multiple APIs. - Updated image upload, request, and listing endpoints to ensure user ownership and proper error handling. - Enhanced reward management endpoints to include user validation and ownership checks. - Modified task management endpoints to enforce user authentication and ownership verification. - Updated models to include `user_id` for images, rewards, tasks, and children to track ownership. - Implemented frontend changes to ensure UI reflects the ownership of tasks and rewards. - Added a new feature specification to prevent deletion of system tasks and rewards.
This commit is contained in:
@@ -5,6 +5,7 @@ from models.base import BaseModel
|
||||
class PendingReward(BaseModel):
|
||||
child_id: str
|
||||
reward_id: str
|
||||
user_id: str
|
||||
status: str = "pending" # pending, approved, rejected
|
||||
|
||||
@classmethod
|
||||
@@ -13,6 +14,7 @@ class PendingReward(BaseModel):
|
||||
child_id=d.get('child_id'),
|
||||
reward_id=d.get('reward_id'),
|
||||
status=d.get('status', 'pending'),
|
||||
user_id=d.get('user_id'),
|
||||
id=d.get('id'),
|
||||
created_at=d.get('created_at'),
|
||||
updated_at=d.get('updated_at')
|
||||
@@ -23,6 +25,7 @@ class PendingReward(BaseModel):
|
||||
base.update({
|
||||
'child_id': self.child_id,
|
||||
'reward_id': self.reward_id,
|
||||
'status': self.status
|
||||
'status': self.status,
|
||||
'user_id': self.user_id
|
||||
})
|
||||
return base
|
||||
|
||||
Reference in New Issue
Block a user