Add profile verification check to api auth

bats_ai/api.py

@@ -31,7 +31,8 @@ def global_auth(request):
             if access_token and access_token.user:
                 if not access_token.user.is_anonymous:
                     request.user = access_token.user
-    return not request.user.is_anonymous
+    user = request.user
+    return (not user.is_anonymous) and (user.profile.verified or user.is_superuser)
 
 
 api = NinjaAPI(auth=global_auth)

bats_ai/core/tests/test_auth.py

@@ -1,6 +1,9 @@
 from django.test import Client
+from ninja.testing import TestClient
 import pytest
 
+from .factories import SuperuserFactory, UserFactory
+
 
 @pytest.mark.parametrize(
     'url_suffix',
@@ -13,3 +16,24 @@ def test_auth_anonymous_deny(url_suffix: str, client: Client):
     resp = client.get(f'/api/v1/{url_suffix}')
 
     assert resp.status_code == 401
+
+
+@pytest.mark.django_db
+def test_auth_verified(api_client: TestClient):
+    user = UserFactory(profile__verified=True)
+    resp = api_client.get('configuration/me', user=user)
+    assert resp.status_code == 200
+
+
+@pytest.mark.django_db
+def test_auth_unverified_deny(api_client: TestClient):
+    user = UserFactory(profile__verified=False)
+    resp = api_client.get('configuration/me', user=user)
+    assert resp.status_code == 401
+
+
+@pytest.mark.django_db
+def test_auth_unverified_superuser(api_client: TestClient):
+    user = SuperuserFactory(profile__verified=False)
+    resp = api_client.get('configuration/me', user=user)
+    assert resp.status_code == 200