diff --git a/app/backend/main.py b/app/backend/main.py
index 2cf270aad86fa6f2c97a3177e54bd35781238d1c..30997e5e1cf6cbbda5e0551b18dbae0b967dad5b 100644
--- a/app/backend/main.py
+++ b/app/backend/main.py
@@ -5,7 +5,7 @@ sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
from fastapi import FastAPI
from fastapi.staticfiles import StaticFiles
-from backend.routes import auth, shop, product, category, search, order, payment
+from backend.routes import auth, shop, product, category, search, order, payment, user
from backend.database import init_db
from core.config import settings
@@ -22,6 +22,7 @@ init_db()
# Include API routes
app.include_router(search.router, prefix="/search", tags=["search"])
app.include_router(auth.router, prefix="/auth", tags=["auth"])
+app.include_router(user.router, prefix="/user", tags=["user"])
app.include_router(payment.router, prefix="/payment", tags=["payment"])
app.include_router(shop.router, prefix="/shops", tags=["shops"])
app.include_router(product.router, prefix="/product", tags=["product"])
diff --git a/app/backend/routes/auth.py b/app/backend/routes/auth.py
index 7dfc67be951acc8e333e9146a162a65f0e48ae20..f999ae5895f25529b45b20000ed72e71218e5d41 100644
--- a/app/backend/routes/auth.py
+++ b/app/backend/routes/auth.py
@@ -29,6 +29,13 @@ def get_current_user(
return user
+def admin_required(current_user: User):
+ if current_user.role != "admin":
+ raise HTTPException(
+ status_code=403, detail="Unauthorized. Admin access required."
+ )
+
+
@router.post("/signup")
def signup(user_data: UserCreate, session: Session = Depends(get_session)):
existing_user = session.exec(
diff --git a/app/backend/routes/category.py b/app/backend/routes/category.py
index 5aa3a5a1b47327075a824f494e3254bfc3eacdc7..7dc3baae402a7bad986076068fc72ffcd2cb71b4 100644
--- a/app/backend/routes/category.py
+++ b/app/backend/routes/category.py
@@ -3,25 +3,18 @@ from sqlmodel import Session
from backend.models.models import Category, User
from backend.schemas.category import CategoryRead
from backend.database import get_session
-from backend.routes.auth import get_current_user
+from backend.routes.auth import get_current_user, admin_required
router = APIRouter()
-def verify_admin(current_user: User):
- if current_user.role != "admin":
- raise HTTPException(
- status_code=403, detail="Unauthorized. Admin access required."
- )
-
-
@router.post("/create", response_model=CategoryRead)
def create_category(
name: str = Form(...),
session: Session = Depends(get_session),
current_user: User = Depends(get_current_user),
):
- verify_admin(current_user)
+ admin_required(current_user)
category = Category(name=name)
session.add(category)
@@ -45,7 +38,7 @@ def update_category(
session: Session = Depends(get_session),
current_user: User = Depends(get_current_user),
):
- verify_admin(current_user)
+ admin_required(current_user)
category = session.get(Category, category_id)
if not category:
raise HTTPException(status_code=404, detail="Category not found")
@@ -65,7 +58,7 @@ def delete_category(
session: Session = Depends(get_session),
current_user: User = Depends(get_current_user),
):
- verify_admin(current_user)
+ admin_required(current_user)
category = session.get(Category, category_id)
if not category:
diff --git a/app/backend/routes/user.py b/app/backend/routes/user.py
new file mode 100644
index 0000000000000000000000000000000000000000..f7bc71274156e7e7e82e4c0d9d0f2341919cad87
--- /dev/null
+++ b/app/backend/routes/user.py
@@ -0,0 +1,76 @@
+from fastapi import APIRouter, HTTPException, Depends
+from sqlmodel import Session
+from app.backend.schemas.user import UserResponse, UserUpdate
+from backend.database import get_session
+from backend.models.models import User
+from backend.routes.auth import get_current_user, admin_required
+
+router = APIRouter()
+
+
+# Get all users
+@router.get("/", response_model=list[UserResponse])
+def get_all_users(db: Session = Depends(get_session)):
+ users = db.query(User).all()
+ return users
+
+
+# Get one user by ID
+@router.get("/{user_id}", response_model=UserResponse)
+def get_user(user_id: int, db: Session = Depends(get_session)):
+ user = db.query(User).filter(User.id == user_id).first()
+ if not user:
+ raise HTTPException(status_code=404, detail="User not found")
+ return user
+
+
+# Update a user
+@router.put("/{user_id}", response_model=UserResponse)
+def update_user(
+ user_id: int, user_update: UserUpdate, db: Session = Depends(get_session)
+):
+ user = db.query(User).filter(User.id == user_id).first()
+ if not user:
+ raise HTTPException(status_code=404, detail="User not found")
+ for key, value in user_update.dict(exclude_unset=True).items():
+ setattr(user, key, value)
+ db.commit()
+ db.refresh(user)
+ return user
+
+
+# Update a user's role (Admin only)
+@router.patch("/{user_id}/role", response_model=UserResponse)
+def update_user_role(
+ user_id: int,
+ new_role: str,
+ db: Session = Depends(get_session),
+ current_user: User = Depends(admin_required), # Ensure only admins can access
+):
+ # Validate the new role
+ valid_roles = ["customer", "shop_owner", "admin"]
+ if new_role not in valid_roles:
+ raise HTTPException(status_code=400, detail="Invalid role")
+
+ # Fetch the user
+ user = db.query(User).filter(User.id == user_id).first()
+ if not user:
+ raise HTTPException(status_code=404, detail="User not found")
+
+ # Update the role
+ user.role = new_role
+ db.add(user)
+ db.commit()
+ db.refresh(user)
+ return user
+
+
+# Delete a user
+@router.delete("/{user_id}", status_code=204)
+def delete_user(user_id: int, db: Session = Depends(get_session)):
+ user = db.query(User).filter(User.id == user_id).first()
+ if not user:
+ raise HTTPException(status_code=404, detail="User not found")
+ db.delete(user)
+ db.commit()
+ return