fastapi-svelte-template/backend/todo/routes/users.py

96 lines
3.0 KiB
Python
Raw Normal View History

"""This module contains endpoints for operations related to users."""
from typing import Annotated
from fastapi import APIRouter, Depends, HTTPException
from sqlalchemy.orm import Session
from todo.database.engine import get_db
from todo.schemas import users as userschema
from todo.crud import users as usercrud
from todo.utils.exceptions import NotFoundException, InvalidFilterParameterException
from todo.utils.exceptions import create_exception_dict as fmt
from todo.dependencies.users import UserSortablePaginationParams
2023-05-31 16:37:56 +01:00
import todo.auth.auth as auth
router = APIRouter(
prefix="/users",
tags=["users"]
)
tag_metadata = {
"name": "users",
"description": "Operations related to users."
}
2023-05-31 16:37:56 +01:00
auth_handler = auth.AuthHandler()
@router.post("/", response_model=userschema.User)
2023-05-31 16:37:56 +01:00
def create_user(
user: userschema.UserCreate,
db: Session = Depends(get_db),
):
# Check if user already exists
try:
usercrud.read_user_by_email(db, email=user.email)
raise HTTPException(400, "A user with this email address is already registered.")
except NotFoundException:
2023-05-31 16:37:56 +01:00
pass
2023-05-31 16:37:56 +01:00
if user.is_admin:
raise HTTPException(403, "You are not authorized to perform this action.")
2023-05-31 16:37:56 +01:00
return usercrud.create_user(db=db, user=user)
2023-05-31 16:37:56 +01:00
@router.get("/{user_id}", response_model=userschema.User)
def read_user(
user_id: int,
db: Session = Depends(get_db),
current_user: userschema.User = Depends(auth_handler.get_current_user),
):
try:
2023-05-31 16:37:56 +01:00
user = usercrud.read_user(db=db, id=user_id)
except NotFoundException as e:
raise HTTPException(404, fmt(str(e)))
2023-05-31 16:37:56 +01:00
if current_user.is_admin or current_user.id == user_id:
return user
raise HTTPException(403, "You are not authorized to view this content.")
@router.patch("/{id}", response_model=userschema.User)
2023-05-31 16:37:56 +01:00
def update_user(
user_id: int,
user: userschema.UserUpdate,
db: Session = Depends(get_db),
current_user: userschema.User = Depends(auth_handler.get_current_user),
):
if not (current_user.is_admin or current_user.id == user_id):
raise HTTPException(403, "You are not authorized to perform this action.")
if user.is_admin and not current_user.is_admin:
raise HTTPException(403, "You are not authorized to perform this action.")
try:
2023-05-31 16:37:56 +01:00
return usercrud.update_user(db=db, user=user, id=user_id)
except NotFoundException as e:
raise HTTPException(404, fmt(str(e)))
@router.delete("/{id}", response_model=userschema.User)
2023-05-31 16:37:56 +01:00
def delete_user(
user_id: int,
db: Session = Depends(get_db),
current_user: userschema.User = Depends(auth_handler.get_current_user),
):
if not (current_user.is_admin or current_user.id == user_id):
raise HTTPException(403, "You are not authorized to perform this action.")
try:
2023-05-31 16:37:56 +01:00
return usercrud.delete_user(db=db, id=user_id)
except NotFoundException as e:
raise HTTPException(404, fmt(str(e)))