2024-02-25 19:39:33 +01:00
|
|
|
from typing import Any
|
2019-02-09 19:42:36 +04:00
|
|
|
|
2023-12-27 14:39:42 -05:00
|
|
|
from fastapi import APIRouter, Depends, HTTPException
|
2024-02-28 17:24:24 -05:00
|
|
|
from sqlmodel import delete, func, select
|
2023-11-29 12:13:15 -05:00
|
|
|
|
|
|
|
|
from app import crud
|
|
|
|
|
from app.api.deps import (
|
|
|
|
|
CurrentUser,
|
|
|
|
|
SessionDep,
|
|
|
|
|
get_current_active_superuser,
|
|
|
|
|
)
|
2020-04-16 23:56:10 -06:00
|
|
|
from app.core.config import settings
|
2024-02-21 15:55:19 -05:00
|
|
|
from app.core.security import get_password_hash, verify_password
|
2023-12-27 14:39:42 -05:00
|
|
|
from app.models import (
|
2024-02-28 17:24:24 -05:00
|
|
|
Item,
|
2024-02-13 09:25:58 -05:00
|
|
|
Message,
|
2024-02-21 15:55:19 -05:00
|
|
|
UpdatePassword,
|
2023-12-27 14:39:42 -05:00
|
|
|
User,
|
|
|
|
|
UserCreate,
|
|
|
|
|
UserCreateOpen,
|
|
|
|
|
UserOut,
|
2024-02-25 10:04:47 -05:00
|
|
|
UsersOut,
|
2023-12-27 14:39:42 -05:00
|
|
|
UserUpdate,
|
|
|
|
|
UserUpdateMe,
|
|
|
|
|
)
|
2019-02-09 19:42:36 +04:00
|
|
|
from app.utils import send_new_account_email
|
|
|
|
|
|
|
|
|
|
router = APIRouter()
|
|
|
|
|
|
|
|
|
|
|
2023-12-27 13:37:05 -05:00
|
|
|
@router.get(
|
2024-02-25 19:39:33 +01:00
|
|
|
"/", dependencies=[Depends(get_current_active_superuser)], response_model=UsersOut
|
2023-12-27 13:37:05 -05:00
|
|
|
)
|
|
|
|
|
def read_users(session: SessionDep, skip: int = 0, limit: int = 100) -> Any:
|
2019-02-09 19:42:36 +04:00
|
|
|
"""
|
:sparkles: Add Items (crud, models, endpoints), utils, refactor (#14)
* Update CRUD utils to use types better.
* Simplify Pydantic model names, from `UserInCreate` to `UserCreate`, etc.
* Upgrade packages.
* Add new generic "Items" models, crud utils, endpoints, and tests. To facilitate re-using them to create new functionality. As they are simple and generic (not like Users), it's easier to copy-paste and adapt them to each use case.
* Update endpoints/*path operations* to simplify code and use new utilities, prefix and tags in `include_router`.
* Update testing utils.
* Update linting rules, relax vulture to reduce false positives.
* Update migrations to include new Items.
* Update project README.md with tips about how to start with backend.
2019-04-19 09:45:23 +04:00
|
|
|
Retrieve users.
|
2019-02-09 19:42:36 +04:00
|
|
|
"""
|
2024-02-25 10:04:47 -05:00
|
|
|
|
|
|
|
|
statment = select(func.count()).select_from(User)
|
|
|
|
|
count = session.exec(statment).one()
|
|
|
|
|
|
2023-11-29 12:13:15 -05:00
|
|
|
statement = select(User).offset(skip).limit(limit)
|
|
|
|
|
users = session.exec(statement).all()
|
2024-02-25 10:04:47 -05:00
|
|
|
|
|
|
|
|
return UsersOut(data=users, count=count)
|
2019-02-09 19:42:36 +04:00
|
|
|
|
|
|
|
|
|
2023-12-27 13:37:05 -05:00
|
|
|
@router.post(
|
|
|
|
|
"/", dependencies=[Depends(get_current_active_superuser)], response_model=UserOut
|
|
|
|
|
)
|
|
|
|
|
def create_user(*, session: SessionDep, user_in: UserCreate) -> Any:
|
2019-02-09 19:42:36 +04:00
|
|
|
"""
|
:sparkles: Add Items (crud, models, endpoints), utils, refactor (#14)
* Update CRUD utils to use types better.
* Simplify Pydantic model names, from `UserInCreate` to `UserCreate`, etc.
* Upgrade packages.
* Add new generic "Items" models, crud utils, endpoints, and tests. To facilitate re-using them to create new functionality. As they are simple and generic (not like Users), it's easier to copy-paste and adapt them to each use case.
* Update endpoints/*path operations* to simplify code and use new utilities, prefix and tags in `include_router`.
* Update testing utils.
* Update linting rules, relax vulture to reduce false positives.
* Update migrations to include new Items.
* Update project README.md with tips about how to start with backend.
2019-04-19 09:45:23 +04:00
|
|
|
Create new user.
|
2019-02-09 19:42:36 +04:00
|
|
|
"""
|
2023-11-29 12:13:15 -05:00
|
|
|
user = crud.get_user_by_email(session=session, email=user_in.email)
|
2019-02-09 19:42:36 +04:00
|
|
|
if user:
|
|
|
|
|
raise HTTPException(
|
|
|
|
|
status_code=400,
|
|
|
|
|
detail="The user with this username already exists in the system.",
|
|
|
|
|
)
|
2023-11-29 12:13:15 -05:00
|
|
|
|
|
|
|
|
user = crud.create_user(session=session, user_create=user_in)
|
2020-04-16 23:56:10 -06:00
|
|
|
if settings.EMAILS_ENABLED and user_in.email:
|
2019-02-09 19:42:36 +04:00
|
|
|
send_new_account_email(
|
2019-02-23 18:44:29 +04:00
|
|
|
email_to=user_in.email, username=user_in.email, password=user_in.password
|
2019-02-09 19:42:36 +04:00
|
|
|
)
|
2023-12-27 13:37:05 -05:00
|
|
|
return user
|
2023-11-29 12:13:15 -05:00
|
|
|
|
|
|
|
|
|
2024-02-21 15:55:19 -05:00
|
|
|
@router.patch("/me", response_model=UserOut)
|
2023-12-27 14:39:42 -05:00
|
|
|
def update_user_me(
|
2024-02-21 15:55:19 -05:00
|
|
|
*, session: SessionDep, user_in: UserUpdateMe, current_user: CurrentUser
|
2023-12-27 14:39:42 -05:00
|
|
|
) -> Any:
|
|
|
|
|
"""
|
|
|
|
|
Update own user.
|
|
|
|
|
"""
|
2024-02-21 15:55:19 -05:00
|
|
|
|
|
|
|
|
user_data = user_in.model_dump(exclude_unset=True)
|
|
|
|
|
current_user.sqlmodel_update(user_data)
|
|
|
|
|
session.add(current_user)
|
|
|
|
|
session.commit()
|
|
|
|
|
session.refresh(current_user)
|
|
|
|
|
return current_user
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@router.patch("/me/password", response_model=Message)
|
|
|
|
|
def update_password_me(
|
|
|
|
|
*, session: SessionDep, body: UpdatePassword, current_user: CurrentUser
|
|
|
|
|
) -> Any:
|
|
|
|
|
"""
|
|
|
|
|
Update own password.
|
|
|
|
|
"""
|
|
|
|
|
if not verify_password(body.current_password, current_user.hashed_password):
|
|
|
|
|
raise HTTPException(status_code=400, detail="Incorrect password")
|
|
|
|
|
if body.current_password == body.new_password:
|
|
|
|
|
raise HTTPException(
|
|
|
|
|
status_code=400, detail="New password cannot be the same as the current one"
|
|
|
|
|
)
|
|
|
|
|
hashed_password = get_password_hash(body.new_password)
|
|
|
|
|
current_user.hashed_password = hashed_password
|
|
|
|
|
session.add(current_user)
|
|
|
|
|
session.commit()
|
|
|
|
|
return Message(message="Password updated successfully")
|
2023-11-29 12:13:15 -05:00
|
|
|
|
|
|
|
|
|
2023-12-27 13:37:05 -05:00
|
|
|
@router.get("/me", response_model=UserOut)
|
|
|
|
|
def read_user_me(session: SessionDep, current_user: CurrentUser) -> Any:
|
2019-02-09 19:42:36 +04:00
|
|
|
"""
|
:sparkles: Add Items (crud, models, endpoints), utils, refactor (#14)
* Update CRUD utils to use types better.
* Simplify Pydantic model names, from `UserInCreate` to `UserCreate`, etc.
* Upgrade packages.
* Add new generic "Items" models, crud utils, endpoints, and tests. To facilitate re-using them to create new functionality. As they are simple and generic (not like Users), it's easier to copy-paste and adapt them to each use case.
* Update endpoints/*path operations* to simplify code and use new utilities, prefix and tags in `include_router`.
* Update testing utils.
* Update linting rules, relax vulture to reduce false positives.
* Update migrations to include new Items.
* Update project README.md with tips about how to start with backend.
2019-04-19 09:45:23 +04:00
|
|
|
Get current user.
|
2019-02-09 19:42:36 +04:00
|
|
|
"""
|
2023-12-27 13:37:05 -05:00
|
|
|
return current_user
|
2019-02-09 19:42:36 +04:00
|
|
|
|
|
|
|
|
|
2023-12-27 13:37:05 -05:00
|
|
|
@router.post("/open", response_model=UserOut)
|
|
|
|
|
def create_user_open(session: SessionDep, user_in: UserCreateOpen) -> Any:
|
2019-02-09 19:42:36 +04:00
|
|
|
"""
|
:sparkles: Add Items (crud, models, endpoints), utils, refactor (#14)
* Update CRUD utils to use types better.
* Simplify Pydantic model names, from `UserInCreate` to `UserCreate`, etc.
* Upgrade packages.
* Add new generic "Items" models, crud utils, endpoints, and tests. To facilitate re-using them to create new functionality. As they are simple and generic (not like Users), it's easier to copy-paste and adapt them to each use case.
* Update endpoints/*path operations* to simplify code and use new utilities, prefix and tags in `include_router`.
* Update testing utils.
* Update linting rules, relax vulture to reduce false positives.
* Update migrations to include new Items.
* Update project README.md with tips about how to start with backend.
2019-04-19 09:45:23 +04:00
|
|
|
Create new user without the need to be logged in.
|
2019-02-09 19:42:36 +04:00
|
|
|
"""
|
2020-04-16 23:56:10 -06:00
|
|
|
if not settings.USERS_OPEN_REGISTRATION:
|
2019-02-09 19:42:36 +04:00
|
|
|
raise HTTPException(
|
|
|
|
|
status_code=403,
|
2020-01-19 22:40:50 +01:00
|
|
|
detail="Open user registration is forbidden on this server",
|
2019-02-09 19:42:36 +04:00
|
|
|
)
|
2023-11-29 12:13:15 -05:00
|
|
|
user = crud.get_user_by_email(session=session, email=user_in.email)
|
2019-02-09 19:42:36 +04:00
|
|
|
if user:
|
|
|
|
|
raise HTTPException(
|
|
|
|
|
status_code=400,
|
|
|
|
|
detail="The user with this username already exists in the system",
|
|
|
|
|
)
|
2023-11-29 12:13:15 -05:00
|
|
|
user_create = UserCreate.from_orm(user_in)
|
|
|
|
|
user = crud.create_user(session=session, user_create=user_create)
|
2023-12-27 13:37:05 -05:00
|
|
|
return user
|
2019-02-09 19:42:36 +04:00
|
|
|
|
|
|
|
|
|
2023-12-27 13:37:05 -05:00
|
|
|
@router.get("/{user_id}", response_model=UserOut)
|
2019-02-23 18:44:29 +04:00
|
|
|
def read_user_by_id(
|
2023-11-29 12:13:15 -05:00
|
|
|
user_id: int, session: SessionDep, current_user: CurrentUser
|
2023-12-27 13:37:05 -05:00
|
|
|
) -> Any:
|
2019-02-09 19:42:36 +04:00
|
|
|
"""
|
:sparkles: Add Items (crud, models, endpoints), utils, refactor (#14)
* Update CRUD utils to use types better.
* Simplify Pydantic model names, from `UserInCreate` to `UserCreate`, etc.
* Upgrade packages.
* Add new generic "Items" models, crud utils, endpoints, and tests. To facilitate re-using them to create new functionality. As they are simple and generic (not like Users), it's easier to copy-paste and adapt them to each use case.
* Update endpoints/*path operations* to simplify code and use new utilities, prefix and tags in `include_router`.
* Update testing utils.
* Update linting rules, relax vulture to reduce false positives.
* Update migrations to include new Items.
* Update project README.md with tips about how to start with backend.
2019-04-19 09:45:23 +04:00
|
|
|
Get a specific user by id.
|
2019-02-09 19:42:36 +04:00
|
|
|
"""
|
2023-11-29 12:13:15 -05:00
|
|
|
user = session.get(User, user_id)
|
2019-02-09 19:42:36 +04:00
|
|
|
if user == current_user:
|
2023-12-27 13:37:05 -05:00
|
|
|
return user
|
2023-11-29 12:13:15 -05:00
|
|
|
if not current_user.is_superuser:
|
2019-02-09 19:42:36 +04:00
|
|
|
raise HTTPException(
|
2024-03-07 18:21:46 -05:00
|
|
|
status_code=403,
|
2023-11-29 12:13:15 -05:00
|
|
|
detail="The user doesn't have enough privileges",
|
2019-02-09 19:42:36 +04:00
|
|
|
)
|
2023-12-27 13:37:05 -05:00
|
|
|
return user
|
2023-11-29 12:13:15 -05:00
|
|
|
|
|
|
|
|
|
2024-02-21 15:55:19 -05:00
|
|
|
@router.patch(
|
2023-12-27 14:39:42 -05:00
|
|
|
"/{user_id}",
|
|
|
|
|
dependencies=[Depends(get_current_active_superuser)],
|
|
|
|
|
response_model=UserOut,
|
|
|
|
|
)
|
|
|
|
|
def update_user(
|
|
|
|
|
*,
|
|
|
|
|
session: SessionDep,
|
|
|
|
|
user_id: int,
|
|
|
|
|
user_in: UserUpdate,
|
|
|
|
|
) -> Any:
|
|
|
|
|
"""
|
|
|
|
|
Update a user.
|
|
|
|
|
"""
|
|
|
|
|
|
2024-02-29 15:42:55 -05:00
|
|
|
db_user = crud.update_user(session=session, user_id=user_id, user_in=user_in)
|
|
|
|
|
if db_user is None:
|
2024-02-21 15:55:19 -05:00
|
|
|
raise HTTPException(
|
|
|
|
|
status_code=404,
|
|
|
|
|
detail="The user with this username does not exist in the system",
|
|
|
|
|
)
|
|
|
|
|
return db_user
|
2024-02-13 09:25:58 -05:00
|
|
|
|
|
|
|
|
|
|
|
|
|
@router.delete("/{user_id}")
|
|
|
|
|
def delete_user(
|
|
|
|
|
session: SessionDep, current_user: CurrentUser, user_id: int
|
|
|
|
|
) -> Message:
|
|
|
|
|
"""
|
|
|
|
|
Delete a user.
|
|
|
|
|
"""
|
|
|
|
|
user = session.get(User, user_id)
|
|
|
|
|
if not user:
|
|
|
|
|
raise HTTPException(status_code=404, detail="User not found")
|
2024-02-27 15:47:42 -05:00
|
|
|
|
|
|
|
|
if (user == current_user and not current_user.is_superuser) or (user != current_user and current_user.is_superuser):
|
|
|
|
|
statement = delete(Item).where(Item.owner_id == user_id)
|
|
|
|
|
session.exec(statement)
|
|
|
|
|
session.delete(user)
|
|
|
|
|
session.commit()
|
|
|
|
|
return Message(message="User deleted successfully")
|
|
|
|
|
elif user == current_user and current_user.is_superuser:
|
2024-02-13 09:25:58 -05:00
|
|
|
raise HTTPException(
|
2024-03-07 18:21:46 -05:00
|
|
|
status_code=403, detail="Super users are not allowed to delete themselves"
|
2024-02-13 09:25:58 -05:00
|
|
|
)
|
