From 6e9620e6d966c4e078c2df554885a09aeaf36799 Mon Sep 17 00:00:00 2001 From: Kaustubh Maske Patil <37668193+nikochiko@users.noreply.github.com> Date: Fri, 30 Aug 2024 13:30:03 +0530 Subject: [PATCH] make org page only accessible to admins --- routers/account.py | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/routers/account.py b/routers/account.py index 98ce20aab..093052314 100644 --- a/routers/account.py +++ b/routers/account.py @@ -256,9 +256,30 @@ def api_keys_tab(request: Request): def orgs_tab(request: Request): + """only accessible to admins""" + from daras_ai_v2.base import BasePage + + if not BasePage.is_user_admin(request.user): + raise RedirectException(get_route_path(account_route)) + orgs_page(request.user) +def get_tabs(request: Request) -> list[AccountTabs]: + from daras_ai_v2.base import BasePage + + tab_list = [ + AccountTabs.billing, + AccountTabs.profile, + AccountTabs.saved, + AccountTabs.api_keys, + ] + if BasePage.is_user_admin(request.user): + tab_list.append(AccountTabs.orgs) + + return tab_list + + @contextmanager def account_page_wrapper(request: Request, current_tab: TabData): if not request.user or request.user.is_anonymous: @@ -269,7 +290,7 @@ def account_page_wrapper(request: Request, current_tab: TabData): with page_wrapper(request): gui.div(className="mt-5") with gui.nav_tabs(): - for tab in AccountTabs: + for tab in get_tabs(request): with gui.nav_item(tab.url_path, active=tab == current_tab): gui.html(tab.title)