111 lines
3.0 KiB
Python
111 lines
3.0 KiB
Python
from fastapi import APIRouter, Depends, HTTPException, status
|
|
from sqlalchemy.orm import Session
|
|
|
|
from api.crud.user import (
|
|
create_user,
|
|
delete_user,
|
|
get_user,
|
|
get_user_by_email,
|
|
get_user_by_username,
|
|
get_users,
|
|
update_user,
|
|
)
|
|
from api.schemas.user import UserCreate, UserResponse, UserUpdate
|
|
from api.utils.auth import get_current_active_user, get_current_superuser
|
|
from db.database import get_db
|
|
from db.models import User
|
|
|
|
router = APIRouter()
|
|
|
|
|
|
@router.get("/", response_model=list[UserResponse])
|
|
def read_users(
|
|
skip: int = 0,
|
|
limit: int = 100,
|
|
db: Session = Depends(get_db),
|
|
current_user: User = Depends(get_current_superuser),
|
|
) -> list[User]:
|
|
"""
|
|
Get all users with pagination (superuser only)
|
|
"""
|
|
users = get_users(db, skip=skip, limit=limit)
|
|
return users
|
|
|
|
|
|
@router.get("/me", response_model=UserResponse)
|
|
def read_user_me(current_user: User = Depends(get_current_active_user)) -> User:
|
|
"""
|
|
Get current user
|
|
"""
|
|
return current_user
|
|
|
|
|
|
@router.put("/me", response_model=UserResponse)
|
|
def update_user_me(
|
|
user: UserUpdate,
|
|
db: Session = Depends(get_db),
|
|
current_user: User = Depends(get_current_active_user),
|
|
) -> User:
|
|
"""
|
|
Update current user
|
|
"""
|
|
# Prevent user from changing themselves to superuser
|
|
if user.is_superuser is not None:
|
|
user.is_superuser = current_user.is_superuser
|
|
|
|
return update_user(db, current_user.id, user)
|
|
|
|
|
|
@router.get("/{user_id}", response_model=UserResponse)
|
|
def read_user(
|
|
user_id: int,
|
|
db: Session = Depends(get_db),
|
|
current_user: User = Depends(get_current_active_user),
|
|
) -> User:
|
|
"""
|
|
Get a specific user by ID (superuser or same user)
|
|
"""
|
|
db_user = get_user(db, user_id=user_id)
|
|
if db_user is None:
|
|
raise HTTPException(status_code=404, detail="User not found")
|
|
if current_user.id != user_id and not current_user.is_superuser:
|
|
raise HTTPException(status_code=403, detail="Not enough permissions")
|
|
return db_user
|
|
|
|
|
|
@router.post("/", response_model=UserResponse, status_code=status.HTTP_201_CREATED)
|
|
def register_user(user: UserCreate, db: Session = Depends(get_db)) -> User:
|
|
"""
|
|
Register a new user
|
|
"""
|
|
db_user_by_email = get_user_by_email(db, email=user.email)
|
|
if db_user_by_email:
|
|
raise HTTPException(
|
|
status_code=400,
|
|
detail="Email already registered",
|
|
)
|
|
|
|
db_user_by_username = get_user_by_username(db, username=user.username)
|
|
if db_user_by_username:
|
|
raise HTTPException(
|
|
status_code=400,
|
|
detail="Username already taken",
|
|
)
|
|
|
|
return create_user(db=db, user=user)
|
|
|
|
|
|
@router.delete("/{user_id}", status_code=status.HTTP_204_NO_CONTENT)
|
|
def delete_user_by_id(
|
|
user_id: int,
|
|
db: Session = Depends(get_db),
|
|
current_user: User = Depends(get_current_superuser),
|
|
) -> None:
|
|
"""
|
|
Delete a user (superuser only)
|
|
"""
|
|
success = delete_user(db=db, user_id=user_id)
|
|
if not success:
|
|
raise HTTPException(status_code=404, detail="User not found")
|
|
return None
|