Prevent permissions on inactive accounts
- Added validation in create_account_permission() to check account status - Raises ValueError if account is inactive or doesn't exist - Provides clear error message identifying the inactive account by name This ensures users cannot be granted permissions on accounts that have been marked as inactive (soft deleted).
This commit is contained in:
parent
657e3d54da
commit
15ef3d0df4
1 changed files with 15 additions and 1 deletions
16
crud.py
16
crud.py
|
|
@ -920,9 +920,23 @@ async def get_all_equity_eligible_users() -> list["UserEquityStatus"]:
|
||||||
async def create_account_permission(
|
async def create_account_permission(
|
||||||
data: "CreateAccountPermission", granted_by: str
|
data: "CreateAccountPermission", granted_by: str
|
||||||
) -> "AccountPermission":
|
) -> "AccountPermission":
|
||||||
"""Create a new account permission"""
|
"""
|
||||||
|
Create a new account permission.
|
||||||
|
|
||||||
|
Raises:
|
||||||
|
ValueError: If account is inactive or doesn't exist
|
||||||
|
"""
|
||||||
from .models import AccountPermission
|
from .models import AccountPermission
|
||||||
|
|
||||||
|
# Validate account exists and is active
|
||||||
|
account = await get_account(data.account_id)
|
||||||
|
if not account:
|
||||||
|
raise ValueError(f"Account {data.account_id} not found")
|
||||||
|
if not account.is_active:
|
||||||
|
raise ValueError(
|
||||||
|
f"Cannot grant permission on inactive account: {account.name}"
|
||||||
|
)
|
||||||
|
|
||||||
permission_id = urlsafe_short_hash()
|
permission_id = urlsafe_short_hash()
|
||||||
permission = AccountPermission(
|
permission = AccountPermission(
|
||||||
id=permission_id,
|
id=permission_id,
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue