selfhostyourtech/reflector
2
0
Fork 0
mirror of https://github.com/Monadical-SAS/reflector.git synced 2026-04-12 08:26:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(auth): consolidate PUBLIC_MODE and mutation guards into reusable helpers (#909)

Browse Source 
* refactor(auth): consolidate PUBLIC_MODE and mutation guards into reusable helpers

* fix: fix websocket test override
This commit is contained in:
Juan Diego García
2026-03-12 10:51:26 -05:00
committed by GitHub
parent cf6e867cf1
commit 4ae56b730a
15 changed files with 96 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
server/reflector/db/transcripts.py
View File

@@ -697,6 +697,18 @@ class TranscriptController:
return False
return user_id and transcript.user_id == user_id
@staticmethod
def check_can_mutate(transcript: Transcript, user_id: str | None) -> None:
"""
Raises HTTP 403 if the user cannot mutate the transcript.
Policy:
- Anonymous transcripts (user_id is None) are editable by anyone
- Owned transcripts can only be mutated by their owner
"""
if transcript.user_id is not None and transcript.user_id != user_id:
raise HTTPException(status_code=403, detail="Not authorized")
@asynccontextmanager
async def transaction(self):
"""