counterweight/arbret
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: add FETCH_PRICE permission for manual price fetch endpoint

Browse source 
The POST /api/audit/price-history/fetch endpoint now requires
FETCH_PRICE permission instead of VIEW_AUDIT, which is more
semantically correct since it's a write operation.
This commit is contained in:
counterweight 2025-12-22 16:22:54 +01:00
parent 54709888e1
commit 3806361fac
Signed by: counterweight
GPG key ID: 883EDBAA726BD96C
4 changed files with 5 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
backend/routes/audit.py
View file

@ -190,7 +190,7 @@ async def get_price_history(
@router.post("/price-history/fetch", response_model=PriceHistoryResponse)
async def fetch_price_now(
db: AsyncSession = Depends(get_db),
_current_user: User = Depends(require_permission(Permission.VIEW_AUDIT)),
_current_user: User = Depends(require_permission(Permission.FETCH_PRICE)),
) -> PriceHistoryResponse:
"""Manually trigger a price fetch from Bitfinex."""
price, timestamp = await fetch_btc_eur_price()