anti
0ee23b8700
- Add @require_role() decorators to all GET/POST/PUT endpoints - Centralize role-based access control per memory: RBAC null-role bug required server-side gating - Admin (manage_admins), Editor (write ops), Viewer (read ops), Public endpoints - Removes client-side role checks as per memory: server-side UI gating is mandatory
29 lines
925 B
Python
29 lines
925 B
Python
from typing import Any, Optional
|
|
|
|
from fastapi import APIRouter, Depends, Query
|
|
|
|
from decnet.web.dependencies import require_viewer, repo
|
|
|
|
router = APIRouter()
|
|
|
|
|
|
@router.get("/logs/histogram", tags=["Logs"],
|
|
responses={401: {"description": "Could not validate credentials"}, 422: {"description": "Validation error"}},)
|
|
async def get_logs_histogram(
|
|
search: Optional[str] = None,
|
|
start_time: Optional[str] = Query(None),
|
|
end_time: Optional[str] = Query(None),
|
|
interval_minutes: int = Query(15, ge=1),
|
|
user: dict = Depends(require_viewer)
|
|
) -> list[dict[str, Any]]:
|
|
def _norm(v: Optional[str]) -> Optional[str]:
|
|
if v in (None, "null", "NULL", "undefined", ""):
|
|
return None
|
|
return v
|
|
|
|
s = _norm(search)
|
|
st = _norm(start_time)
|
|
et = _norm(end_time)
|
|
|
|
return await repo.get_log_histogram(search=s, start_time=st, end_time=et, interval_minutes=interval_minutes)
|