|
|
@@ -309,6 +309,17 @@ async def update_tools_valves_by_id(
|
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
|
detail=ERROR_MESSAGES.NOT_FOUND,
|
|
|
)
|
|
|
+
|
|
|
+ if (
|
|
|
+ tools.user_id != user.id
|
|
|
+ and not has_access(user.id, "write", tools.access_control)
|
|
|
+ and user.role != "admin"
|
|
|
+ ):
|
|
|
+ raise HTTPException(
|
|
|
+ status_code=status.HTTP_400_BAD_REQUEST,
|
|
|
+ detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
|
|
|
+ )
|
|
|
+
|
|
|
if id in request.app.state.TOOLS:
|
|
|
tools_module = request.app.state.TOOLS[id]
|
|
|
else:
|
Timothy Jaeryang Baek