Api v1.15.0 (#1606)

* fix(chalice): fixed project's authorizer
2023-11-03 19:06:49 +01:00 · 2023-11-03 19:06:49 +01:00 · f1e5562fee
commit f1e5562fee
parent 22acfdf9a5
2 changed files with 8 additions and 8 deletions
--- a/api/auth/auth_project.py
+++ b/api/auth/auth_project.py
@ -22,7 +22,7 @@ class ProjectAuthorizer:
        value = request.path_params[self.project_identifier]
        current_project = None
        if self.project_identifier == "projectId" \
-                and isinstance(value, int) or isinstance(value, str) and value.isnumeric():
+                and (isinstance(value, int) or isinstance(value, str) and value.isnumeric()):
            current_project = projects.get_project(project_id=value, tenant_id=current_user.tenant_id)
        elif self.project_identifier == "projectKey":
            current_project = projects.get_by_project_key(project_key=value)
--- a/ee/api/auth/auth_project.py
+++ b/ee/api/auth/auth_project.py
@ -22,18 +22,18 @@ class ProjectAuthorizer:
        value = request.path_params[self.project_identifier]
        user_id = current_user.user_id if request.state.authorizer_identity == "jwt" else None
        current_project = None
-        if (self.project_identifier == "projectId" \
-                and isinstance(value, int) or (isinstance(value, str) and value.isnumeric()) \
+        if self.project_identifier == "projectId" \
+                and (isinstance(value, int) or (isinstance(value, str) and value.isnumeric())) \
                and projects.is_authorized(project_id=value, tenant_id=current_user.tenant_id,
-                                           user_id=user_id)):
+                                           user_id=user_id):
            current_project = projects.get_project(tenant_id=current_user.tenant_id, project_id=value)
        elif self.project_identifier == "projectKey":
-            current_project = projects.get_by_project_key(value)
+            current_project = projects.get_by_project_key(project_key=value)
            if current_project is not None \
                    and request.state.authorizer_identity == "jwt" \
-                    and projects.is_authorized(project_id=current_project["projectId"],
-                                               tenant_id=current_user.tenant_id,
-                                               user_id=user_id):
+                    and not projects.is_authorized(project_id=current_project["projectId"],
+                                                   tenant_id=current_user.tenant_id,
+                                                   user_id=user_id):
                current_project = None

        if current_project is None: