161 lines
5.5 KiB
Python
161 lines
5.5 KiB
Python
from fastapi import APIRouter, Depends, Query, UploadFile, File
|
|
from typing import Optional, List
|
|
from sqlalchemy.ext.asyncio import AsyncSession
|
|
from auth.models import TokenPayload
|
|
from auth.dependencies import require_permission
|
|
from users.models import (
|
|
UserCreate, UserUpdate, UserInDB, UserListResponse,
|
|
SetPasswordRequest, ResetPasswordRequest,
|
|
)
|
|
from users import service
|
|
from database.postgres import get_pg_session
|
|
from shared.audit import log_action
|
|
|
|
router = APIRouter(prefix="/api/users", tags=["users"])
|
|
|
|
|
|
@router.get("", response_model=UserListResponse)
|
|
async def list_users(
|
|
search: Optional[str] = Query(None),
|
|
status: Optional[str] = Query(None),
|
|
_user: TokenPayload = Depends(require_permission("app_users", "view")),
|
|
):
|
|
users = service.list_users(search=search, status=status)
|
|
return UserListResponse(users=users, total=len(users))
|
|
|
|
|
|
@router.get("/{user_id}", response_model=UserInDB)
|
|
async def get_user(
|
|
user_id: str,
|
|
_user: TokenPayload = Depends(require_permission("app_users", "view")),
|
|
):
|
|
return service.get_user(user_id)
|
|
|
|
|
|
@router.post("", response_model=UserInDB, status_code=201)
|
|
async def create_user(
|
|
body: UserCreate,
|
|
_user: TokenPayload = Depends(require_permission("app_users", "add")),
|
|
db: AsyncSession = Depends(get_pg_session),
|
|
):
|
|
app_user = service.create_user(body)
|
|
await log_action(db, _user.sub, _user.name or _user.email, "CREATE", "app_user",
|
|
app_user.id, app_user.display_name or app_user.email or app_user.id)
|
|
return app_user
|
|
|
|
|
|
@router.put("/{user_id}", response_model=UserInDB)
|
|
async def update_user(
|
|
user_id: str,
|
|
body: UserUpdate,
|
|
_user: TokenPayload = Depends(require_permission("app_users", "edit")),
|
|
db: AsyncSession = Depends(get_pg_session),
|
|
):
|
|
old = service.get_user(user_id)
|
|
app_user = service.update_user(user_id, body)
|
|
_SKIP = {"updated_at", "id", "photo_url"}
|
|
changes = {
|
|
k: {"old": getattr(old, k, None), "new": getattr(app_user, k, None)}
|
|
for k in body.model_fields_set
|
|
if k not in _SKIP and getattr(old, k, None) != getattr(app_user, k, None)
|
|
}
|
|
await log_action(db, _user.sub, _user.name or _user.email, "UPDATE", "app_user",
|
|
user_id, app_user.display_name or app_user.email or user_id,
|
|
changes=changes or None)
|
|
return app_user
|
|
|
|
|
|
@router.delete("/{user_id}", status_code=204)
|
|
async def delete_user(
|
|
user_id: str,
|
|
_user: TokenPayload = Depends(require_permission("app_users", "delete")),
|
|
db: AsyncSession = Depends(get_pg_session),
|
|
):
|
|
service.delete_user(user_id)
|
|
await log_action(db, _user.sub, _user.name or _user.email, "DELETE", "app_user",
|
|
user_id, user_id)
|
|
|
|
|
|
@router.post("/{user_id}/block", response_model=UserInDB)
|
|
async def block_user(
|
|
user_id: str,
|
|
_user: TokenPayload = Depends(require_permission("app_users", "edit")),
|
|
db: AsyncSession = Depends(get_pg_session),
|
|
):
|
|
app_user = service.block_user(user_id)
|
|
await log_action(db, _user.sub, _user.name or _user.email, "STATUS_CHANGE", "app_user",
|
|
user_id, app_user.display_name or app_user.email or user_id,
|
|
meta={"status": "blocked"})
|
|
return app_user
|
|
|
|
|
|
@router.post("/{user_id}/unblock", response_model=UserInDB)
|
|
async def unblock_user(
|
|
user_id: str,
|
|
_user: TokenPayload = Depends(require_permission("app_users", "edit")),
|
|
db: AsyncSession = Depends(get_pg_session),
|
|
):
|
|
app_user = service.unblock_user(user_id)
|
|
await log_action(db, _user.sub, _user.name or _user.email, "STATUS_CHANGE", "app_user",
|
|
user_id, app_user.display_name or app_user.email or user_id,
|
|
meta={"status": "unblocked"})
|
|
return app_user
|
|
|
|
|
|
@router.get("/{user_id}/devices", response_model=List[dict])
|
|
async def get_user_devices(
|
|
user_id: str,
|
|
_user: TokenPayload = Depends(require_permission("app_users", "view")),
|
|
):
|
|
return service.get_user_devices(user_id)
|
|
|
|
|
|
@router.post("/{user_id}/devices/{device_id}", response_model=UserInDB)
|
|
async def assign_device(
|
|
user_id: str,
|
|
device_id: str,
|
|
_user: TokenPayload = Depends(require_permission("app_users", "edit")),
|
|
):
|
|
return service.assign_device(user_id, device_id)
|
|
|
|
|
|
@router.delete("/{user_id}/devices/{device_id}", response_model=UserInDB)
|
|
async def unassign_device(
|
|
user_id: str,
|
|
device_id: str,
|
|
_user: TokenPayload = Depends(require_permission("app_users", "edit")),
|
|
):
|
|
return service.unassign_device(user_id, device_id)
|
|
|
|
|
|
@router.post("/{user_id}/set-password", status_code=204)
|
|
async def set_password(
|
|
user_id: str,
|
|
body: SetPasswordRequest,
|
|
_user: TokenPayload = Depends(require_permission("app_users", "full_edit")),
|
|
):
|
|
"""Set a new password for the user via Firebase Auth (requires uid on the user doc)."""
|
|
service.set_password(user_id, body.password)
|
|
|
|
|
|
@router.post("/{user_id}/reset-password", status_code=204)
|
|
async def reset_password(
|
|
user_id: str,
|
|
body: ResetPasswordRequest,
|
|
_user: TokenPayload = Depends(require_permission("app_users", "full_edit")),
|
|
):
|
|
"""Reset a user's password to the supplied value (default: Bell1234!)."""
|
|
service.set_password(user_id, body.new_password)
|
|
|
|
|
|
@router.post("/{user_id}/photo")
|
|
async def upload_photo(
|
|
user_id: str,
|
|
file: UploadFile = File(...),
|
|
_user: TokenPayload = Depends(require_permission("app_users", "edit")),
|
|
):
|
|
contents = await file.read()
|
|
content_type = file.content_type or "image/jpeg"
|
|
url = service.upload_photo(user_id, contents, file.filename, content_type)
|
|
return {"photo_url": url}
|