Fix user limiting filter condition

2025-03-14 00:03:12 +00:00 · 2025-03-14 00:03:12 +00:00 · 46b5040099
commit 46b5040099
parent e5c5e94989
2 changed files with 4 additions and 4 deletions
--- a/backend/app/routers/id_token_v1.py
+++ b/backend/app/routers/id_token_v1.py
@ -42,7 +42,7 @@ async def get_id_token(
    id_token = result.scalars().first()
    if id_token == None:
        raise HTTPException(status_code=404, detail="IdToken not found")
-    if token.role != Role.ADMINISTRATOR & id_token.owner_id != token.subject:
+    if token.role != Role.ADMINISTRATOR and id_token.owner_id != token.subject:
        raise HTTPException(status_code=404, detail="IdToken not found")
    return id_token

--- a/backend/app/routers/transaction_v1.py
+++ b/backend/app/routers/transaction_v1.py
@ -44,7 +44,7 @@ async def get_transaction(
    transaction = result.scalars().first()
    if transaction == None:
        raise HTTPException(404, "Transaction not found")
-    if token.role != Role.ADMINISTRATOR & transaction.user_id != token.subject:
+    if token.role != Role.ADMINISTRATOR and transaction.user_id != token.subject:
        raise HTTPException(404, "Transaction not found")
    return transaction

@ -59,7 +59,7 @@ async def get_transaction_meter_values(
    transaction = result.scalars().first()
    if transaction == None:
        raise HTTPException(404, "Transaction not found")
-    if token.role != Role.ADMINISTRATOR & transaction.user_id != token.subject:
+    if token.role != Role.ADMINISTRATOR and transaction.user_id != token.subject:
        raise HTTPException(404, "Transaction not found")
    stmt = select(DbMeterValue).where(DbMeterValue.transaction_id == transaction_id).order_by(DbMeterValue.timestamp)
    result = db.execute(stmt)
@ -76,7 +76,7 @@ async def remote_stop_transaction(
    transaction = result.scalars().first()
    if transaction == None:
        raise HTTPException(404, "Transaction not found")
-    if token.role != Role.ADMINISTRATOR & transaction.user_id != token.subject:
+    if token.role != Role.ADMINISTRATOR and transaction.user_id != token.subject:
        raise HTTPException(404, "Transaction not found")
    if transaction.status != TransactionStatus.ONGOING:
        raise HTTPException(status_code=422, detail=[{