Describe the bug
If I define a route level Security dependency in a router, then define a Security dependency in the dependencies when adding the router to an app, then the route level dependency is ignored.
To Reproduce
Excerpted example.
A router defines a dependency with a scope.
data_router = APIRouter()
@router.get(
'/sales',
dependencies=[Security(get_current_user, scopes=['sales'])],
)
def get_sales():
pass
Another router includes that router, defining another dependency
from .data import data_router
api_router = APIRouter()
api_router.include_router(
data_router,
prefix='/data',
dependencies=[Security(get_current_user, scopes=[])],
)
The sales scope does not appear in the SecurityScopes scopes when validating the scopes. Defining Depends(get_current_user) instead has the same problem (my original version; not all routes require the same scope, but I have a fallback requirement for a signed in user at least). Removing the dependency entirely, e.g. below, does get the correct scope in SecurityScopes.
from .data import data_router
api_router = APIRouter()
api_router.include_router(
data_router,
prefix='/data',
)
Expected behavior
The scopes from all Security definitions in the dependency tree should be required (e.g. any defined when including the router, and any on the routes that the router provides).
Screenshots
N/A
Environment:
- OS: Ubuntu 19.04
- FastAPI Version: 0.35.0
- Python version: 3.7.3
Describe the bug
If I define a route level
Securitydependency in a router, then define aSecuritydependency in the dependencies when adding the router to an app, then the route level dependency is ignored.To Reproduce
Excerpted example.
A router defines a dependency with a scope.
Another router includes that router, defining another dependency
The
salesscope does not appear in theSecurityScopesscopes when validating the scopes. DefiningDepends(get_current_user)instead has the same problem (my original version; not all routes require the same scope, but I have a fallback requirement for a signed in user at least). Removing the dependency entirely, e.g. below, does get the correct scope inSecurityScopes.Expected behavior
The scopes from all
Securitydefinitions in the dependency tree should be required (e.g. any defined when including the router, and any on the routes that the router provides).Screenshots
N/A
Environment: