fastapi-svelte-template/backend/todo/routes/users.py

101 lines
3.1 KiB
Python
Raw Normal View History

"""This module contains endpoints for operations related to users."""
from typing import Annotated
2023-06-17 18:30:47 +01:00
from fastapi import APIRouter, Depends, HTTPException, Request
from sqlalchemy.orm import Session
from todo.database.engine import get_db
from todo.schemas import users as userschema
from todo.crud import users as usercrud
from todo.utils.exceptions import NotFoundException, InvalidFilterParameterException
from todo.utils.exceptions import create_exception_dict as fmt
from todo.dependencies.users import UserSortablePaginationParams
2023-05-31 16:37:56 +01:00
import todo.auth.auth as auth
2023-06-17 18:30:47 +01:00
import logging
logger = logging.getLogger()
router = APIRouter(
prefix="/users",
tags=["users"]
)
tag_metadata = {
"name": "users",
"description": "Operations related to users."
}
2023-05-31 16:37:56 +01:00
auth_handler = auth.AuthHandler()
@router.post("/", response_model=userschema.User)
2023-05-31 16:37:56 +01:00
def create_user(
user: userschema.UserCreate,
db: Session = Depends(get_db),
):
# Check if user already exists
try:
usercrud.read_user_by_email(db, email=user.email)
raise HTTPException(400, "A user with this email address is already registered.")
except NotFoundException:
2023-05-31 16:37:56 +01:00
pass
2023-05-31 16:37:56 +01:00
if user.is_admin:
raise HTTPException(403, "You are not authorized to perform this action.")
2023-05-31 16:37:56 +01:00
return usercrud.create_user(db=db, user=user)
2023-05-31 16:37:56 +01:00
@router.get("/{user_id}", response_model=userschema.User)
def read_user(
user_id: int,
2023-06-17 18:30:47 +01:00
request: Request,
2023-05-31 16:37:56 +01:00
db: Session = Depends(get_db),
current_user: userschema.User = Depends(auth_handler.get_current_user),
):
2023-06-17 18:30:47 +01:00
logger.error(request)
try:
2023-05-31 16:37:56 +01:00
user = usercrud.read_user(db=db, id=user_id)
except NotFoundException as e:
raise HTTPException(404, fmt(str(e)))
2023-05-31 16:37:56 +01:00
if current_user.is_admin or current_user.id == user_id:
return user
raise HTTPException(403, "You are not authorized to view this content.")
@router.patch("/{id}", response_model=userschema.User)
2023-05-31 16:37:56 +01:00
def update_user(
user_id: int,
user: userschema.UserUpdate,
db: Session = Depends(get_db),
current_user: userschema.User = Depends(auth_handler.get_current_user),
):
if not (current_user.is_admin or current_user.id == user_id):
raise HTTPException(403, "You are not authorized to perform this action.")
if user.is_admin and not current_user.is_admin:
raise HTTPException(403, "You are not authorized to perform this action.")
try:
2023-05-31 16:37:56 +01:00
return usercrud.update_user(db=db, user=user, id=user_id)
except NotFoundException as e:
raise HTTPException(404, fmt(str(e)))
@router.delete("/{id}", response_model=userschema.User)
2023-05-31 16:37:56 +01:00
def delete_user(
user_id: int,
db: Session = Depends(get_db),
current_user: userschema.User = Depends(auth_handler.get_current_user),
):
if not (current_user.is_admin or current_user.id == user_id):
raise HTTPException(403, "You are not authorized to perform this action.")
try:
2023-05-31 16:37:56 +01:00
return usercrud.delete_user(db=db, id=user_id)
except NotFoundException as e:
raise HTTPException(404, fmt(str(e)))