Skip to content

Commit c769ea7

Browse files
remyluslosiusclaude
andcommitted
fix(audit): Use dictionary access for current_user in audit routes
The get_current_user dependency returns a Dict[str, Any], not a User object. Changed all attribute access (current_user.id) to dictionary access (current_user["id"]) and updated type hints accordingly. This fixes the AttributeError: 'dict' object has no attribute 'id' that was causing 500 errors on audit query endpoints. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
1 parent 08c24c3 commit c769ea7

1 file changed

Lines changed: 28 additions & 28 deletions

File tree

backend/app/routes/compliance/audit.py

Lines changed: 28 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@
2727

2828
import logging
2929
import os
30-
from typing import Optional
30+
from typing import Any, Dict, Optional
3131
from uuid import UUID
3232

3333
from fastapi import APIRouter, Depends, HTTPException, Query
@@ -36,7 +36,7 @@
3636
from sqlalchemy.orm import Session
3737

3838
from ...auth import get_current_user
39-
from ...database import User, get_db
39+
from ...database import get_db
4040
from ...schemas.audit_query_schemas import (
4141
AuditExportCreate,
4242
AuditExportListResponse,
@@ -73,7 +73,7 @@ async def list_queries(
7373
per_page: int = Query(20, ge=1, le=100, description="Items per page"),
7474
include_shared: bool = Query(True, description="Include shared queries"),
7575
db: Session = Depends(get_db),
76-
current_user: User = Depends(get_current_user),
76+
current_user: Dict[str, Any] = Depends(get_current_user),
7777
) -> SavedQueryListResponse:
7878
"""
7979
List saved queries accessible to the current user.
@@ -82,7 +82,7 @@ async def list_queries(
8282
"""
8383
service = AuditQueryService(db)
8484
return service.list_queries(
85-
user_id=int(current_user.id),
85+
user_id=int(current_user["id"]),
8686
page=page,
8787
per_page=per_page,
8888
include_shared=include_shared,
@@ -92,18 +92,18 @@ async def list_queries(
9292
@router.get("/queries/stats", response_model=QueryStatsSummary)
9393
async def get_query_stats(
9494
db: Session = Depends(get_db),
95-
current_user: User = Depends(get_current_user),
95+
current_user: Dict[str, Any] = Depends(get_current_user),
9696
) -> QueryStatsSummary:
9797
"""Get query statistics for the current user."""
9898
service = AuditQueryService(db)
99-
return service.get_stats(int(current_user.id))
99+
return service.get_stats(int(current_user["id"]))
100100

101101

102102
@router.post("/queries", response_model=SavedQueryResponse)
103103
async def create_query(
104104
request: SavedQueryCreate,
105105
db: Session = Depends(get_db),
106-
current_user: User = Depends(get_current_user),
106+
current_user: Dict[str, Any] = Depends(get_current_user),
107107
) -> SavedQueryResponse:
108108
"""
109109
Create a new saved query.
@@ -114,7 +114,7 @@ async def create_query(
114114
query = service.create_query(
115115
name=request.name,
116116
query_definition=request.query_definition.model_dump(exclude_none=True),
117-
owner_id=int(current_user.id),
117+
owner_id=int(current_user["id"]),
118118
description=request.description,
119119
visibility=request.visibility,
120120
)
@@ -132,7 +132,7 @@ async def create_query(
132132
async def get_query(
133133
query_id: UUID,
134134
db: Session = Depends(get_db),
135-
current_user: User = Depends(get_current_user),
135+
current_user: Dict[str, Any] = Depends(get_current_user),
136136
) -> SavedQueryResponse:
137137
"""Get saved query by ID."""
138138
service = AuditQueryService(db)
@@ -145,7 +145,7 @@ async def get_query(
145145
)
146146

147147
# Check access (owner or shared)
148-
if query.owner_id != int(current_user.id) and query.visibility != "shared":
148+
if query.owner_id != int(current_user["id"]) and query.visibility != "shared":
149149
raise HTTPException(
150150
status_code=http_status.HTTP_403_FORBIDDEN,
151151
detail="You do not have access to this query",
@@ -159,7 +159,7 @@ async def update_query(
159159
query_id: UUID,
160160
request: SavedQueryUpdate,
161161
db: Session = Depends(get_db),
162-
current_user: User = Depends(get_current_user),
162+
current_user: Dict[str, Any] = Depends(get_current_user),
163163
) -> SavedQueryResponse:
164164
"""
165165
Update a saved query.
@@ -169,7 +169,7 @@ async def update_query(
169169
service = AuditQueryService(db)
170170
query = service.update_query(
171171
query_id=query_id,
172-
owner_id=int(current_user.id),
172+
owner_id=int(current_user["id"]),
173173
name=request.name,
174174
description=request.description,
175175
query_definition=(request.query_definition.model_dump(exclude_none=True) if request.query_definition else None),
@@ -196,15 +196,15 @@ async def update_query(
196196
async def delete_query(
197197
query_id: UUID,
198198
db: Session = Depends(get_db),
199-
current_user: User = Depends(get_current_user),
199+
current_user: Dict[str, Any] = Depends(get_current_user),
200200
) -> None:
201201
"""
202202
Delete a saved query.
203203
204204
Only the query owner can delete it.
205205
"""
206206
service = AuditQueryService(db)
207-
deleted = service.delete_query(query_id, int(current_user.id))
207+
deleted = service.delete_query(query_id, int(current_user["id"]))
208208

209209
if not deleted:
210210
# Check if it exists
@@ -229,7 +229,7 @@ async def delete_query(
229229
async def preview_query(
230230
request: QueryPreviewRequest,
231231
db: Session = Depends(get_db),
232-
current_user: User = Depends(get_current_user),
232+
current_user: Dict[str, Any] = Depends(get_current_user),
233233
) -> QueryPreviewResponse:
234234
"""
235235
Preview query results (sample + count).
@@ -258,7 +258,7 @@ async def execute_saved_query(
258258
query_id: UUID,
259259
request: QueryExecuteRequest,
260260
db: Session = Depends(get_db),
261-
current_user: User = Depends(get_current_user),
261+
current_user: Dict[str, Any] = Depends(get_current_user),
262262
) -> QueryExecuteResponse:
263263
"""
264264
Execute a saved query with pagination.
@@ -285,7 +285,7 @@ async def execute_saved_query(
285285

286286
result = service.execute_query(
287287
query_id=query_id,
288-
user_id=int(current_user.id),
288+
user_id=int(current_user["id"]),
289289
page=request.page,
290290
per_page=request.per_page,
291291
)
@@ -305,7 +305,7 @@ async def execute_adhoc_query(
305305
page: int = Query(1, ge=1),
306306
per_page: int = Query(50, ge=1, le=500),
307307
db: Session = Depends(get_db),
308-
current_user: User = Depends(get_current_user),
308+
current_user: Dict[str, Any] = Depends(get_current_user),
309309
) -> QueryExecuteResponse:
310310
"""
311311
Execute an ad-hoc query with pagination.
@@ -340,12 +340,12 @@ async def list_exports(
340340
per_page: int = Query(20, ge=1, le=100, description="Items per page"),
341341
status: Optional[str] = Query(None, description="Filter by status"),
342342
db: Session = Depends(get_db),
343-
current_user: User = Depends(get_current_user),
343+
current_user: Dict[str, Any] = Depends(get_current_user),
344344
) -> AuditExportListResponse:
345345
"""List exports for the current user."""
346346
service = AuditExportService(db)
347347
return service.list_exports(
348-
user_id=int(current_user.id),
348+
user_id=int(current_user["id"]),
349349
page=page,
350350
per_page=per_page,
351351
status=status,
@@ -355,18 +355,18 @@ async def list_exports(
355355
@router.get("/exports/stats", response_model=ExportStatsSummary)
356356
async def get_export_stats(
357357
db: Session = Depends(get_db),
358-
current_user: User = Depends(get_current_user),
358+
current_user: Dict[str, Any] = Depends(get_current_user),
359359
) -> ExportStatsSummary:
360360
"""Get export statistics for the current user."""
361361
service = AuditExportService(db)
362-
return service.get_stats(int(current_user.id))
362+
return service.get_stats(int(current_user["id"]))
363363

364364

365365
@router.post("/exports", response_model=AuditExportResponse)
366366
async def create_export(
367367
request: AuditExportCreate,
368368
db: Session = Depends(get_db),
369-
current_user: User = Depends(get_current_user),
369+
current_user: Dict[str, Any] = Depends(get_current_user),
370370
) -> AuditExportResponse:
371371
"""
372372
Create a new export request.
@@ -404,7 +404,7 @@ async def create_export(
404404

405405
service = AuditExportService(db)
406406
export = service.create_export(
407-
requested_by=int(current_user.id),
407+
requested_by=int(current_user["id"]),
408408
export_format=request.format,
409409
query_id=request.query_id,
410410
query_definition=(request.query_definition.model_dump(exclude_none=True) if request.query_definition else None),
@@ -426,7 +426,7 @@ async def create_export(
426426
async def get_export(
427427
export_id: UUID,
428428
db: Session = Depends(get_db),
429-
current_user: User = Depends(get_current_user),
429+
current_user: Dict[str, Any] = Depends(get_current_user),
430430
) -> AuditExportResponse:
431431
"""Get export by ID."""
432432
service = AuditExportService(db)
@@ -439,7 +439,7 @@ async def get_export(
439439
)
440440

441441
# Check access
442-
if export.requested_by != int(current_user.id):
442+
if export.requested_by != int(current_user["id"]):
443443
raise HTTPException(
444444
status_code=http_status.HTTP_403_FORBIDDEN,
445445
detail="You can only access your own exports",
@@ -452,7 +452,7 @@ async def get_export(
452452
async def download_export(
453453
export_id: UUID,
454454
db: Session = Depends(get_db),
455-
current_user: User = Depends(get_current_user),
455+
current_user: Dict[str, Any] = Depends(get_current_user),
456456
) -> FileResponse:
457457
"""
458458
Download export file.
@@ -469,7 +469,7 @@ async def download_export(
469469
)
470470

471471
# Check access
472-
if export.requested_by != int(current_user.id):
472+
if export.requested_by != int(current_user["id"]):
473473
raise HTTPException(
474474
status_code=http_status.HTTP_403_FORBIDDEN,
475475
detail="You can only download your own exports",

0 commit comments

Comments
 (0)