feat: remove global Nextcloud config, enforce member-specific storage providers
- Remove global Nextcloud settings from config - Make NextcloudClient require explicit credentials - Update for_member() to return None when no credentials - Modify services to accept optional storage client - Update routers to pass member storage to services - Add 403 responses when no storage provider configured - Update internal endpoints to use member storage credentials This change enforces that each member must configure their own Nextcloud storage provider. If no provider is configured, file operations will return 403 FORBIDDEN instead of falling back to global placeholders.
This commit is contained in:
Mistral Vibe
@@ -48,7 +48,8 @@ async def list_songs(
|
||||
await band_svc.assert_membership(band_id, current_member.id)
|
||||
except PermissionError:
|
||||
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Not a member")
|
||||
song_svc = SongService(session)
|
||||
storage = NextcloudClient.for_member(current_member)
|
||||
song_svc = SongService(session, storage=storage)
|
||||
return await song_svc.list_songs(band_id)
|
||||
|
||||
|
||||
@@ -131,7 +132,8 @@ async def create_song(
|
||||
if band is None:
|
||||
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Band not found")
|
||||
|
||||
song_svc = SongService(session)
|
||||
storage = NextcloudClient.for_member(current_member)
|
||||
song_svc = SongService(session, storage=storage)
|
||||
song = await song_svc.create_song(band_id, data, current_member.id, band.slug, creator=current_member)
|
||||
read = SongRead.model_validate(song)
|
||||
read.version_count = 0
|
||||
|
||||
Reference in New Issue
Block a user