Added Roles and Permissions. Some minor UI fixes
This commit is contained in:
82
backend/staff/router.py
Normal file
82
backend/staff/router.py
Normal file
@@ -0,0 +1,82 @@
|
||||
from fastapi import APIRouter, Depends, Query
|
||||
from auth.dependencies import get_current_user, require_staff_management
|
||||
from auth.models import TokenPayload
|
||||
from staff import service
|
||||
from staff.models import (
|
||||
StaffCreate, StaffUpdate, StaffPasswordUpdate,
|
||||
StaffResponse, StaffListResponse,
|
||||
)
|
||||
|
||||
router = APIRouter(prefix="/api/staff", tags=["staff"])
|
||||
|
||||
|
||||
@router.get("/me", response_model=StaffResponse)
|
||||
async def get_current_staff(current_user: TokenPayload = Depends(get_current_user)):
|
||||
return await service.get_staff_me(current_user.sub)
|
||||
|
||||
|
||||
@router.get("", response_model=StaffListResponse)
|
||||
async def list_staff(
|
||||
search: str = Query(None),
|
||||
role: str = Query(None),
|
||||
current_user: TokenPayload = Depends(require_staff_management),
|
||||
):
|
||||
return await service.list_staff(search=search, role_filter=role)
|
||||
|
||||
|
||||
@router.get("/{staff_id}", response_model=StaffResponse)
|
||||
async def get_staff(
|
||||
staff_id: str,
|
||||
current_user: TokenPayload = Depends(require_staff_management),
|
||||
):
|
||||
return await service.get_staff(staff_id)
|
||||
|
||||
|
||||
@router.post("", response_model=StaffResponse)
|
||||
async def create_staff(
|
||||
body: StaffCreate,
|
||||
current_user: TokenPayload = Depends(require_staff_management),
|
||||
):
|
||||
return await service.create_staff(
|
||||
data=body.model_dump(),
|
||||
current_user_role=current_user.role,
|
||||
)
|
||||
|
||||
|
||||
@router.put("/{staff_id}", response_model=StaffResponse)
|
||||
async def update_staff(
|
||||
staff_id: str,
|
||||
body: StaffUpdate,
|
||||
current_user: TokenPayload = Depends(require_staff_management),
|
||||
):
|
||||
return await service.update_staff(
|
||||
staff_id=staff_id,
|
||||
data=body.model_dump(exclude_unset=True),
|
||||
current_user_role=current_user.role,
|
||||
current_user_id=current_user.sub,
|
||||
)
|
||||
|
||||
|
||||
@router.put("/{staff_id}/password")
|
||||
async def update_staff_password(
|
||||
staff_id: str,
|
||||
body: StaffPasswordUpdate,
|
||||
current_user: TokenPayload = Depends(require_staff_management),
|
||||
):
|
||||
return await service.update_staff_password(
|
||||
staff_id=staff_id,
|
||||
new_password=body.new_password,
|
||||
current_user_role=current_user.role,
|
||||
)
|
||||
|
||||
|
||||
@router.delete("/{staff_id}")
|
||||
async def delete_staff(
|
||||
staff_id: str,
|
||||
current_user: TokenPayload = Depends(require_staff_management),
|
||||
):
|
||||
return await service.delete_staff(
|
||||
staff_id=staff_id,
|
||||
current_user_role=current_user.role,
|
||||
current_user_id=current_user.sub,
|
||||
)
|
||||
Reference in New Issue
Block a user