zhi/HarborForge.Backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add project creation permission (admin only), add milestones API with RBAC

Browse Source
This commit is contained in:
Zhi
2026-03-12 11:04:04 +00:00
parent 1eb90cd61c
commit 2f659e1430
3 changed files with 73 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app/api/routers/projects.py
View File

@@ -138,7 +138,10 @@ def _generate_project_code(db, name: str) -> str:
raise HTTPException(status_code=400, detail='Project code collision')
@router.post("", response_model=schemas.ProjectResponse, status_code=status.HTTP_201_CREATED)
def create_project(project: schemas.ProjectCreate, db: Session = Depends(get_db)):
def create_project(project: schemas.ProjectCreate, db: Session = Depends(get_db), current_user: models.User = Depends(get_current_user_or_apikey)):
# Check if user is admin
if not current_user.is_admin:
raise HTTPException(status_code=403, detail="Only admins can create projects")
# Auto-fill owner_name from owner_id
user = db.query(models.User).filter(models.User.id == project.owner_id).first()
if not user: