diff --git a/src/.env.local b/src/.env.local index 69a344b..af5dd0e 100644 --- a/src/.env.local +++ b/src/.env.local @@ -15,4 +15,5 @@ INST_DB_HOST=localhost:5432 INST_DB_SCHEMA=public JWT_OPTS_VERIFY_AT_HASH="false" JWT_OPTS_VERIFY_AUD="false" -JWT_OPTS_VERIFY_ISS="false" \ No newline at end of file +JWT_OPTS_VERIFY_ISS="false" +ADMIN_SCOPES=["query-groups","manage-users"] \ No newline at end of file diff --git a/src/config.py b/src/config.py index 6b8cae6..817ac53 100644 --- a/src/config.py +++ b/src/config.py @@ -1,6 +1,6 @@ import os from urllib import parse -from typing import Any +from typing import Any, Set from pydantic import field_validator, ValidationInfo from pydantic.networks import PostgresDsn @@ -24,6 +24,7 @@ class Settings(BaseSettings): inst_db_host: str inst_db_scheme: str = "postgresql+asyncpg" inst_conn: PostgresDsn | None = None + admin_scopes: Set[str] = set(["query-groups", "manage-users"]) def __init__(self, **data): super().__init__(**data) diff --git a/src/dependencies.py b/src/dependencies.py index 55ef0e0..3516557 100644 --- a/src/dependencies.py +++ b/src/dependencies.py @@ -7,6 +7,7 @@ from sqlalchemy.ext.asyncio import AsyncSession from typing import List, Optional from itertools import chain +from config import settings from entities.engine import get_session from entities.repos import institutions_repo as repo @@ -46,11 +47,8 @@ def get_email_domain(email: str) -> str: return None -admin_scopes = set(["query-groups", "manage-users"]) - - def is_admin(auth: AuthCredentials): - return admin_scopes.issubset(auth.scopes) + return settings.admin_scopes.issubset(auth.scopes) def lei_association_check(func: DecoratedCallable) -> DecoratedCallable: