fixes

2026-02-18 17:06:17 +03:00
parent 7488665d04
commit 4af5134726
1 changed files with 29 additions and 20 deletions
--- a/api/endpoints/generation_router.py
+++ b/api/endpoints/generation_router.py
@@ -1,26 +1,31 @@
+import logging
+import os
+import json
 from typing import List, Optional

 from fastapi import APIRouter, UploadFile, File, Form, Header, HTTPException
 from fastapi.params import Depends
+from starlette import status
 from starlette.requests import Request

-from api import service
 from api.dependency import get_generation_service, get_project_id, get_dao
-from repos.dao import DAO
-
-from api.models import GenerationResponse, GenerationRequest, GenerationsResponse, PromptResponse, PromptRequest, GenerationGroupResponse
-from api.models import FinancialReport
+from api.endpoints.auth import get_current_user
+from api.models import (
+    GenerationResponse, 
+    GenerationRequest, 
+    GenerationsResponse, 
+    PromptResponse, 
+    PromptRequest, 
+    GenerationGroupResponse,
+    FinancialReport,
+    ExternalGenerationRequest
+)
 from api.service.generation_service import GenerationService
-from models.Generation import Generation
-
-from starlette import status
-
-import logging
+from repos.dao import DAO
+from utils.external_auth import verify_signature

 logger = logging.getLogger(__name__)

-from api.endpoints.auth import get_current_user
-
 router = APIRouter(prefix='/api/generations', tags=["Generation"])


@@ -162,6 +167,14 @@ async def get_generation(generation_id: str,
    logger.debug(f"get_generation called for ID: {generation_id}")
    gen = await generation_service.get_generation(generation_id)
    if gen and gen.created_by != str(current_user["_id"]):
+        # Check project membership
+        is_member = False
+        if gen.project_id:
+            project = await generation_service.dao.projects.get_project(gen.project_id)
+            if project and str(current_user["_id"]) in project.members:
+                is_member = True
+        
+        if not is_member:
            raise HTTPException(status_code=403, detail="Access denied")
    return gen

@@ -178,9 +191,6 @@ async def import_external_generation(
    Import a generation from an external source.
    Requires server-to-server authentication via HMAC signature.
    """
-        import os
-        from utils.external_auth import verify_signature
-        from api.models import ExternalGenerationRequest

    logger.info("import_external_generation called")
    # Get raw request body for signature verification
@@ -197,7 +207,6 @@ async def import_external_generation(
        raise HTTPException(status_code=401, detail="Invalid signature")
    
    # Parse request body
-    import json
    try:
        data = json.loads(body.decode('utf-8'))
        external_gen = ExternalGenerationRequest(**data)