From 60655c405eeeef3767b7b053c088d17130d85dd8 Mon Sep 17 00:00:00 2001
From: Madiwka3 <madi.turgunov.03@gmail.com>
Date: Mon, 27 Nov 2023 20:42:28 +0600
Subject: [PATCH] passsword mod

---
 app/apis/v1/route_user.py | 2 +-
 app/db/repository/user.py | 6 +++++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/app/apis/v1/route_user.py b/app/apis/v1/route_user.py
index f7de83b..0505b56 100644
--- a/app/apis/v1/route_user.py
+++ b/app/apis/v1/route_user.py
@@ -91,7 +91,7 @@ def update_user(
     db: Session = Depends(get_db),
     current_user: User = Depends(get_current_user),
 ):
-    if current_user.Role != "Admin":
+    if current_user.Role != "Admin" or current_user.id != user_id:
         raise HTTPException(
             status_code=403, detail="You are not authorized to perform this action"
         )
diff --git a/app/db/repository/user.py b/app/db/repository/user.py
index 3682e02..f394841 100644
--- a/app/db/repository/user.py
+++ b/app/db/repository/user.py
@@ -33,6 +33,7 @@ def create_new_driver(driver: DriverCreate, db: Session):
     print("Creating new driver" + str(driver))
     if get_user_by_email(driver.Email, db):
         return "userExists"
+
     driver_object = User(
         Email=driver.Email,
         Name=driver.Name,
@@ -124,7 +125,10 @@ def replace_user_data(user_id: int, user_data: UserCreate, db: Session):
     user.Address = user_data.Address
     user.ContactNumber = user_data.ContactNumber
     user.Role = user_data.Role
-    user.HashedPassword = Hasher.get_password_hash(user_data.Password)
+    if user_data.Password == "":
+        print("Password not changed")
+    else:
+        user.HashedPassword = Hasher.get_password_hash(user_data.Password)
     db.commit()
     db.refresh(user)
     return user