From ed3b82b5c8adebc826c71eb8f9d5cc17835387d0 Mon Sep 17 00:00:00 2001
From: duyanhehe <duyanhex@gmail.com>
Date: Fri, 4 Apr 2025 21:31:24 +0700
Subject: [PATCH] add current user update, admin update user

---
 app/backend/dummy_data.py   |  6 ++++++
 app/backend/routes/user.py  | 27 +++++++++++++++++++++++----
 app/backend/schemas/user.py |  1 +
 3 files changed, 30 insertions(+), 4 deletions(-)

diff --git a/app/backend/dummy_data.py b/app/backend/dummy_data.py
index c1c4050..bcb27d5 100644
--- a/app/backend/dummy_data.py
+++ b/app/backend/dummy_data.py
@@ -27,6 +27,12 @@ def insert_dummy_data(session: Session):
                 password=hash_password("string"),
                 role="shop_owner",
             ),
+            User(
+                username="admin",
+                email="admin@gmail.com",
+                password=hash_password("admin"),
+                role="admin",
+            ),
         ]
         session.add_all(users)
         session.commit()
diff --git a/app/backend/routes/user.py b/app/backend/routes/user.py
index f7bc712..f7947fc 100644
--- a/app/backend/routes/user.py
+++ b/app/backend/routes/user.py
@@ -10,7 +10,9 @@ router = APIRouter()
 
 # Get all users
 @router.get("/", response_model=list[UserResponse])
-def get_all_users(db: Session = Depends(get_session)):
+def get_all_users(
+    db: Session = Depends(get_session), current_user: User = Depends(admin_required)
+):
     users = db.query(User).all()
     return users
 
@@ -24,10 +26,27 @@ def get_user(user_id: int, db: Session = Depends(get_session)):
     return user
 
 
-# Update a user
+# Update current user profile
+@router.put("/me", response_model=UserResponse)
+def update_current_user(
+    user_update: UserUpdate,
+    db: Session = Depends(get_session),
+    current_user: User = Depends(get_current_user),
+):
+    for key, value in user_update.dict(exclude_unset=True).items():
+        setattr(current_user, key, value)
+    db.commit()
+    db.refresh(current_user)
+    return current_user
+
+
+# Admin updates any user
 @router.put("/{user_id}", response_model=UserResponse)
-def update_user(
-    user_id: int, user_update: UserUpdate, db: Session = Depends(get_session)
+def admin_update_user(
+    user_id: int,
+    user_update: UserUpdate,
+    db: Session = Depends(get_session),
+    current_user: User = Depends(admin_required),  # restrict to admins
 ):
     user = db.query(User).filter(User.id == user_id).first()
     if not user:
diff --git a/app/backend/schemas/user.py b/app/backend/schemas/user.py
index 9328e1b..59c4c4b 100644
--- a/app/backend/schemas/user.py
+++ b/app/backend/schemas/user.py
@@ -31,4 +31,5 @@ class UserResponse(BaseModel):
 class UserUpdate(BaseModel):
     username: Optional[str] = None
     email: Optional[EmailStr] = None
+    phone_number: Optional[str] = None
     password: Optional[str] = None
-- 
GitLab