diff --git a/app/apis/v1/route_user.py b/app/apis/v1/route_user.py index f7de83b..0505b56 100644 --- a/app/apis/v1/route_user.py +++ b/app/apis/v1/route_user.py @@ -91,7 +91,7 @@ def update_user( db: Session = Depends(get_db), current_user: User = Depends(get_current_user), ): - if current_user.Role != "Admin": + if current_user.Role != "Admin" or current_user.id != user_id: raise HTTPException( status_code=403, detail="You are not authorized to perform this action" ) diff --git a/app/db/repository/user.py b/app/db/repository/user.py index 3682e02..f394841 100644 --- a/app/db/repository/user.py +++ b/app/db/repository/user.py @@ -33,6 +33,7 @@ def create_new_driver(driver: DriverCreate, db: Session): print("Creating new driver" + str(driver)) if get_user_by_email(driver.Email, db): return "userExists" + driver_object = User( Email=driver.Email, Name=driver.Name, @@ -124,7 +125,10 @@ def replace_user_data(user_id: int, user_data: UserCreate, db: Session): user.Address = user_data.Address user.ContactNumber = user_data.ContactNumber user.Role = user_data.Role - user.HashedPassword = Hasher.get_password_hash(user_data.Password) + if user_data.Password == "": + print("Password not changed") + else: + user.HashedPassword = Hasher.get_password_hash(user_data.Password) db.commit() db.refresh(user) return user