add update, delete user

61e369ca · duyanhehe · 0404a04f · 61e369ca · 61e369ca · 61e369ca
Commit 61e369ca authored 1 month ago by duyanhehe
--- a/app/backend/main.py
+++ b/app/backend/main.py
@@ -5,7 +5,7 @@ sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))

 from fastapi import FastAPI
 from fastapi.staticfiles import StaticFiles
-from backend.routes import auth, shop, product, category, search, order, payment
+from backend.routes import auth, shop, product, category, search, order, payment, user
 from backend.database import init_db
 from core.config import settings

@@ -22,6 +22,7 @@ init_db()
 # Include API routes
 app.include_router(search.router, prefix="/search", tags=["search"])
 app.include_router(auth.router, prefix="/auth", tags=["auth"])
+app.include_router(user.router, prefix="/user", tags=["user"])
 app.include_router(payment.router, prefix="/payment", tags=["payment"])
 app.include_router(shop.router, prefix="/shops", tags=["shops"])
 app.include_router(product.router, prefix="/product", tags=["product"])

--- a/app/backend/routes/auth.py
+++ b/app/backend/routes/auth.py
@@ -29,6 +29,13 @@ def get_current_user(
    return user


+def admin_required(current_user: User):
+    if current_user.role != "admin":
+        raise HTTPException(
+            status_code=403, detail="Unauthorized. Admin access required."
+        )
+
+
 @router.post("/signup")
 def signup(user_data: UserCreate, session: Session = Depends(get_session)):
    existing_user = session.exec(

--- a/app/backend/routes/category.py
+++ b/app/backend/routes/category.py
@@ -3,25 +3,18 @@ from sqlmodel import Session
 from backend.models.models import Category, User
 from backend.schemas.category import CategoryRead
 from backend.database import get_session
-from backend.routes.auth import get_current_user
+from backend.routes.auth import get_current_user, admin_required

 router = APIRouter()


-def verify_admin(current_user: User):
-    if current_user.role != "admin":
-        raise HTTPException(
-            status_code=403, detail="Unauthorized. Admin access required."
-        )
-
-
 @router.post("/create", response_model=CategoryRead)
 def create_category(
    name: str = Form(...),
    session: Session = Depends(get_session),
    current_user: User = Depends(get_current_user),
 ):
-    verify_admin(current_user)
+    admin_required(current_user)

    category = Category(name=name)
    session.add(category)
@@ -45,7 +38,7 @@ def update_category(
    session: Session = Depends(get_session),
    current_user: User = Depends(get_current_user),
 ):
-    verify_admin(current_user)
+    admin_required(current_user)
    category = session.get(Category, category_id)
    if not category:
        raise HTTPException(status_code=404, detail="Category not found")
@@ -65,7 +58,7 @@ def delete_category(
    session: Session = Depends(get_session),
    current_user: User = Depends(get_current_user),
 ):
-    verify_admin(current_user)
+    admin_required(current_user)

    category = session.get(Category, category_id)
    if not category:

--- a/app/backend/routes/user.py
+++ b/app/backend/routes/user.py
+from fastapi import APIRouter, HTTPException, Depends
+from sqlmodel import Session
+from app.backend.schemas.user import UserResponse, UserUpdate
+from backend.database import get_session
+from backend.models.models import User
+from backend.routes.auth import get_current_user, admin_required
+
+router = APIRouter()
+
+
+# Get all users
+@router.get("/", response_model=list[UserResponse])
+def get_all_users(db: Session = Depends(get_session)):
+    users = db.query(User).all()
+    return users
+
+
+# Get one user by ID
+@router.get("/{user_id}", response_model=UserResponse)
+def get_user(user_id: int, db: Session = Depends(get_session)):
+    user = db.query(User).filter(User.id == user_id).first()
+    if not user:
+        raise HTTPException(status_code=404, detail="User not found")
+    return user
+
+
+# Update a user
+@router.put("/{user_id}", response_model=UserResponse)
+def update_user(
+    user_id: int, user_update: UserUpdate, db: Session = Depends(get_session)
+):
+    user = db.query(User).filter(User.id == user_id).first()
+    if not user:
+        raise HTTPException(status_code=404, detail="User not found")
+    for key, value in user_update.dict(exclude_unset=True).items():
+        setattr(user, key, value)
+    db.commit()
+    db.refresh(user)
+    return user
+
+
+# Update a user's role (Admin only)
+@router.patch("/{user_id}/role", response_model=UserResponse)
+def update_user_role(
+    user_id: int,
+    new_role: str,
+    db: Session = Depends(get_session),
+    current_user: User = Depends(admin_required),  # Ensure only admins can access
+):
+    # Validate the new role
+    valid_roles = ["customer", "shop_owner", "admin"]
+    if new_role not in valid_roles:
+        raise HTTPException(status_code=400, detail="Invalid role")
+
+    # Fetch the user
+    user = db.query(User).filter(User.id == user_id).first()
+    if not user:
+        raise HTTPException(status_code=404, detail="User not found")
+
+    # Update the role
+    user.role = new_role
+    db.add(user)
+    db.commit()
+    db.refresh(user)
+    return user
+
+
+# Delete a user
+@router.delete("/{user_id}", status_code=204)
+def delete_user(user_id: int, db: Session = Depends(get_session)):
+    user = db.query(User).filter(User.id == user_id).first()
+    if not user:
+        raise HTTPException(status_code=404, detail="User not found")
+    db.delete(user)
+    db.commit()
+    return