From a5571d7f879afce1c4ddf93fef49648ae0e47ce4 Mon Sep 17 00:00:00 2001
From: Max Chis <maxachis@gmail.com>
Date: Mon, 2 Dec 2024 09:54:52 -0500
Subject: [PATCH] Add logic to automatically indicate when an endpoint requires
 Admin permissions.

---
 middleware/access_logic.py |  5 +++++
 middleware/decorators.py   | 37 +++++++++----------------------------
 2 files changed, 14 insertions(+), 28 deletions(-)

diff --git a/middleware/access_logic.py b/middleware/access_logic.py
index 19a76470..85d5420c 100644
--- a/middleware/access_logic.py
+++ b/middleware/access_logic.py
@@ -32,6 +32,11 @@ class AuthenticationInfo(BaseModel):
     no_auth: bool = False
     restrict_to_permissions: Optional[list[PermissionsEnum]] = None
 
+    def requires_admin_permissions(self) -> bool:
+        if self.restrict_to_permissions is None:
+            return False
+        return len(self.restrict_to_permissions) > 0
+
 
 WRITE_ONLY_AUTH_INFO = AuthenticationInfo(
     allowed_access_methods=[AccessTypeEnum.JWT],
diff --git a/middleware/decorators.py b/middleware/decorators.py
index 86918b5b..cbf3287f 100644
--- a/middleware/decorators.py
+++ b/middleware/decorators.py
@@ -95,13 +95,21 @@ def endpoint_info(
     auth_info: AuthenticationInfo,
     schema_config: SchemaConfigs,
     response_info: ResponseInfo,
-    **doc_kwargs,
+    description: str = "",
+    **additional_doc_kwargs,
 ):
     """
     A more sophisticated form of `endpoint_info`, with more robust
     schema and response definition.
     Designed to eventually replace all instances of endpoint_info
     """
+
+    doc_kwargs = {"description": description, **additional_doc_kwargs}
+    if auth_info.requires_admin_permissions():
+        doc_kwargs["description"] = (
+            "**Requires admin permissions.**\n" + doc_kwargs["description"]
+        )
+
     if schema_config.value.input_schema is not None:
         input_doc_info = get_restx_param_documentation(
             namespace=namespace,
@@ -224,30 +232,3 @@ def _add_auth_info_to_parser(auth_info: AuthenticationInfo, parser: RequestParse
         header_arg_function(parser)
         return
     raise Exception("Must have at least one access method")
-
-
-def _get_input_doc_info(
-    namespace, input_schema, input_model=None, input_model_name: Optional[str] = None
-) -> FlaskRestxDocInfo:
-    check_for_mutually_exclusive_arguments(input_schema, input_model)
-    if input_model is not None:
-        return FlaskRestxDocInfo(
-            model=input_model,
-            parser=namespace.parser(),
-        )
-    if input_schema is None:
-        return FlaskRestxDocInfo(
-            model=None,
-            parser=namespace.parser(),
-        )
-
-    # Assume input schema is defined
-    return get_restx_param_documentation(
-        namespace=namespace,
-        schema=input_schema,
-        model_name=(
-            input_schema.__class__.__name__
-            if input_model_name is None
-            else input_model_name
-        ),
-    )