Compare commits
39 Commits
878fbbf5df
...
1.0.1
| Author | SHA1 | Date | |
|---|---|---|---|
| 5f9c3c32c6 | |||
| 8f31746c68 | |||
| ff3cb878c4 | |||
| fb302ca63e | |||
| 6edc87fb1d | |||
| afd2dec01d | |||
| d621977955 | |||
| e7e4326a31 | |||
| ecc19cf09a | |||
| e7d13bda96 | |||
| 322c00e18d | |||
| c7b209030e | |||
| a85582d200 | |||
| 6cc43005f0 | |||
| 51634184af | |||
| ff72cf3c05 | |||
| 75a6802c15 | |||
| d206a9f8a3 | |||
| dd04cedf0e | |||
| 82750bbd0c | |||
| 632f61a376 | |||
| 4f6a057eca | |||
| ce0ba3e55b | |||
| 753f4ee087 | |||
| a279439e72 | |||
| 2546763b03 | |||
| 1286f0a3f2 | |||
| 475c8e0ffc | |||
| 6cc12e0535 | |||
| af4af31e26 | |||
| 4059411828 | |||
| 4e2cf12c3b | |||
| 94bdf0e27a | |||
| c120e60911 | |||
| e12c1c91b3 | |||
| 76a4680622 | |||
| 68c578c449 | |||
| 6e7970d5e3 | |||
| 0d00df8194 |
37
app/dependencies/cookie.py
Normal file
37
app/dependencies/cookie.py
Normal file
@@ -0,0 +1,37 @@
|
||||
from fastapi.security import OAuth2
|
||||
from fastapi.openapi.models import OAuthFlows as OAuthFlowsModel
|
||||
from fastapi import Request
|
||||
from fastapi.security.utils import get_authorization_scheme_param
|
||||
from fastapi import HTTPException
|
||||
from fastapi import status
|
||||
from typing import Optional
|
||||
from typing import Dict
|
||||
|
||||
|
||||
class OAuth2PasswordBearerWithCookie(OAuth2):
|
||||
def __init__(
|
||||
self,
|
||||
tokenUrl: str,
|
||||
scheme_name: Optional[str] = None,
|
||||
scopes: Optional[Dict[str, str]] = None,
|
||||
auto_error: bool = True,
|
||||
):
|
||||
if not scopes:
|
||||
scopes = {}
|
||||
flows = OAuthFlowsModel(password={"tokenUrl": tokenUrl, "scopes": scopes})
|
||||
super().__init__(flows=flows, scheme_name=scheme_name, auto_error=auto_error)
|
||||
|
||||
async def __call__(self, request: Request) -> Optional[str]:
|
||||
authorization: str = request.cookies.get("access_token") #changed to accept access token from httpOnly Cookie
|
||||
|
||||
scheme, param = get_authorization_scheme_param(authorization)
|
||||
if not authorization or scheme.lower() != "bearer":
|
||||
if self.auto_error:
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_401_UNAUTHORIZED,
|
||||
detail="Not authenticated",
|
||||
headers={"WWW-Authenticate": "Bearer"},
|
||||
)
|
||||
else:
|
||||
return None
|
||||
return param
|
||||
@@ -4,18 +4,17 @@ from passlib.context import CryptContext
|
||||
from pydantic import EmailStr
|
||||
|
||||
|
||||
def add(username="", password="", roles="User", disabled=False, confirmed=True, email="test@toto.com"):
|
||||
def add(username="", password="", roles="User", status=1, email="test@toto.com"):
|
||||
user_repository = users.UserRepository(database=database.database)
|
||||
|
||||
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
|
||||
result = user_repository.find_one_by({'username': username})
|
||||
change = "added"
|
||||
user = users.User(username=username, password=pwd_context.hash(password), roles=roles, disabled=disabled, confirmed=confirmed, email=email)
|
||||
user = users.User(username=username, password=pwd_context.hash(password), roles=roles, status=status, email=email)
|
||||
if result is not None:
|
||||
result.password=pwd_context.hash(password)
|
||||
result.roles=roles
|
||||
result.disabled=disabled
|
||||
result.confirmed=confirmed
|
||||
result.status=status
|
||||
result.email=email
|
||||
user = result
|
||||
change = "updated"
|
||||
|
||||
@@ -8,14 +8,14 @@ from jose import JWTError, jwt
|
||||
from passlib.context import CryptContext
|
||||
|
||||
from ..models import users, token
|
||||
from ..dependencies import database
|
||||
from ..dependencies import database, cookie
|
||||
|
||||
SECRET_KEY = "09d25e094faa6ca2556c818166b7a9563b93f7099f6f0f4caa6cf63b88e8d3e7"
|
||||
ALGORITHM = "HS256"
|
||||
|
||||
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
|
||||
|
||||
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")
|
||||
oauth2_scheme = cookie.OAuth2PasswordBearerWithCookie(tokenUrl="token")
|
||||
|
||||
def verify_password(plain_password, hashed_password):
|
||||
return pwd_context.verify(plain_password, hashed_password)
|
||||
@@ -35,6 +35,9 @@ def authenticate_user(username: str, password: str):
|
||||
return False
|
||||
if not verify_password(password, user.password):
|
||||
return False
|
||||
user.connected_at = datetime.today()
|
||||
user_repository = users.UserRepository(database=database.database)
|
||||
user_repository.save(user)
|
||||
return user
|
||||
|
||||
def create_access_token(data: dict, expires_delta: timedelta | None = None):
|
||||
@@ -70,6 +73,6 @@ async def get_current_user(token_str: Annotated[str, Depends(oauth2_scheme)]):
|
||||
async def get_current_active_user(
|
||||
current_user: Annotated[users.User, Depends(get_current_user)]
|
||||
):
|
||||
if current_user.disabled:
|
||||
if current_user.status == 0:
|
||||
raise HTTPException(status_code=400, detail="Inactive user")
|
||||
return current_user
|
||||
@@ -1,7 +1,7 @@
|
||||
from fastapi import FastAPI
|
||||
from fastapi.middleware.cors import CORSMiddleware
|
||||
|
||||
from .routers import users, token, mail
|
||||
from .routers import users, token, mail, events
|
||||
from .dependencies import user_add
|
||||
|
||||
import os
|
||||
@@ -10,6 +10,7 @@ app = FastAPI()
|
||||
|
||||
origins = [
|
||||
"http://localhost:8084",
|
||||
"https://backoffice.valczeryba.ovh"
|
||||
]
|
||||
|
||||
app.add_middleware(
|
||||
@@ -24,6 +25,7 @@ app.add_middleware(
|
||||
app.include_router(users.router)
|
||||
app.include_router(token.router)
|
||||
app.include_router(mail.router)
|
||||
app.include_router(events.router)
|
||||
|
||||
|
||||
@app.on_event("startup")
|
||||
|
||||
44
app/models/events.py
Normal file
44
app/models/events.py
Normal file
@@ -0,0 +1,44 @@
|
||||
from pydantic import BaseModel, EmailStr
|
||||
from pydantic_mongo import AbstractRepository, ObjectIdField
|
||||
from datetime import datetime, date
|
||||
|
||||
class Event(BaseModel):
|
||||
id: ObjectIdField = None
|
||||
name: str
|
||||
place: str
|
||||
status: int = 0
|
||||
latitude: float = 0.0
|
||||
longitude: float = 0.0
|
||||
organizers: list[str] = []
|
||||
start_date: datetime | None = None
|
||||
end_date: datetime | None = None
|
||||
created_at: datetime = datetime.today()
|
||||
updated_at: datetime | None = None
|
||||
deleted_at: datetime | None = None
|
||||
disabled_at: datetime | None = None
|
||||
|
||||
class EventOut(BaseModel):
|
||||
id: ObjectIdField = None
|
||||
name: str
|
||||
place: str
|
||||
status: int = 0
|
||||
start_date: datetime | None = None
|
||||
end_date: datetime | None = None
|
||||
|
||||
class EventIn(BaseModel):
|
||||
name: str
|
||||
place: str
|
||||
status: int = 0
|
||||
organizers: list[str] = []
|
||||
start_date: datetime | None = None
|
||||
end_date: datetime | None = None
|
||||
latitude: float = 0.0
|
||||
longitude: float = 0.0
|
||||
|
||||
class EventIDS(BaseModel):
|
||||
ids: list[str]
|
||||
|
||||
|
||||
class EventRepository(AbstractRepository[Event]):
|
||||
class Meta:
|
||||
collection_name = "events"
|
||||
@@ -1,30 +1,40 @@
|
||||
from pydantic import BaseModel, EmailStr
|
||||
from pydantic_mongo import AbstractRepository, ObjectIdField
|
||||
from datetime import datetime, date
|
||||
|
||||
class User(BaseModel):
|
||||
id: ObjectIdField = None
|
||||
username: str
|
||||
password: str
|
||||
firstName: str = ""
|
||||
name: str = ""
|
||||
roles: str = "User"
|
||||
disabled: bool = False
|
||||
removed: bool = False
|
||||
confirmed: bool = False
|
||||
status: int = 0
|
||||
email: EmailStr
|
||||
birth: str | None = None
|
||||
created_at: datetime = datetime.today()
|
||||
connected_at: datetime | None = None
|
||||
updated_at: datetime | None = None
|
||||
deleted_at: datetime | None = None
|
||||
disabled_at: datetime | None = None
|
||||
|
||||
class UserOut(BaseModel):
|
||||
id: ObjectIdField = None
|
||||
username: str
|
||||
roles: str
|
||||
disabled: bool
|
||||
removed: bool
|
||||
confirmed: bool
|
||||
firstName: str
|
||||
name: str
|
||||
status: int = 0
|
||||
email: EmailStr
|
||||
|
||||
|
||||
class UserIn(BaseModel):
|
||||
username: str
|
||||
name: str
|
||||
firstName: str
|
||||
roles: str
|
||||
password: str
|
||||
birth: str
|
||||
email: EmailStr
|
||||
|
||||
|
||||
@@ -37,6 +47,9 @@ class UserCreate(BaseModel):
|
||||
class UserInDB(User):
|
||||
password: str
|
||||
|
||||
class UserIDS(BaseModel):
|
||||
ids: list[str]
|
||||
|
||||
class UserRepository(AbstractRepository[User]):
|
||||
class Meta:
|
||||
collection_name = "users"
|
||||
@@ -0,0 +1,234 @@
|
||||
from fastapi import APIRouter, Depends, HTTPException, status, Response
|
||||
from fastapi.responses import JSONResponse
|
||||
from datetime import datetime
|
||||
from ..dependencies import users_token, permissions_checker, database
|
||||
from ..models import events, users
|
||||
from pydantic import EmailStr
|
||||
from typing import Annotated
|
||||
from bson import ObjectId
|
||||
router = APIRouter()
|
||||
|
||||
|
||||
|
||||
@router.get("/events", tags=["events"], response_model=list[events.EventOut])
|
||||
async def read_events(authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))], skip: int = 0, limit: int = 20, id_event: str | None = None, name: str | None = None, status: int | None = None):
|
||||
if limit < 1 or skip < 0 or limit < skip:
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_400_BAD_REQUEST,
|
||||
detail="skip should be greater than 0 and limit should be greater than 1. Limit should be greater than skip"
|
||||
)
|
||||
limit = limit + skip
|
||||
listEvents = []
|
||||
event_repository = events.EventRepository(database=database.database)
|
||||
object_search = {}
|
||||
if status is not None:
|
||||
object_search = {"status":{"$eq": status}}
|
||||
if id_event is not None:
|
||||
eventid = ObjectId(id_event)
|
||||
object_search = {"id": {"$regex": userid}}
|
||||
if status is not None:
|
||||
object_search = {"$and":[{"id":{"$regex": eventid}}, {"status":{"$eq":status}}]}
|
||||
if name is not None:
|
||||
object_search = {"name": {"$regex": name}}
|
||||
if status is not None:
|
||||
object_search = {"$and":[{"name":{"$regex": name}}, {"status":{"$eq":status}}]}
|
||||
|
||||
|
||||
for event_index in event_repository.find_by(object_search, limit=limit, skip=skip):
|
||||
event = events.EventOut(id=event_index.id, name=event_index.name, place=event_index.place, status=event_index.status, start_date=event_index.start_date, end_date=event_index.end_date)
|
||||
listEvents.append(event)
|
||||
return listEvents
|
||||
|
||||
|
||||
@router.get("/events/me",tags=["events"])
|
||||
async def read_users_me(current_user: Annotated[users.User, Depends(users_token.get_current_active_user)], authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))]):
|
||||
event_repository = events.EventRepository(database=database.database)
|
||||
listOrganizers = []
|
||||
|
||||
for event_index in event_repository.find_by({"organizers":{"$eq": current_user.username}}, limit=limit, skip=skip):
|
||||
event = events.EventOut(id=event_index.id, name=event_index.name, place=event_index.place, status=event_index.status, start_date=event_index.start_date, end_date=event_index.end_date)
|
||||
listOrganizers.append(event)
|
||||
|
||||
content = {"organizers":listOrganizers}
|
||||
response = JSONResponse(content=content)
|
||||
return response
|
||||
|
||||
@router.get("/events/count", tags=["events"])
|
||||
async def read_events_count(authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))]):
|
||||
count = database.database.get_collection("events").estimated_document_count()
|
||||
content = {"count":count}
|
||||
response = JSONResponse(content=content)
|
||||
return response
|
||||
|
||||
|
||||
@router.get("/events/{item_id}", tags=["events"], response_model=events.Event)
|
||||
async def read_events_id(item_id : str, authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))]):
|
||||
event_repository = events.EventRepository(database=database.database)
|
||||
event = event_repository.find_one_by_id(ObjectId(item_id))
|
||||
return event
|
||||
|
||||
|
||||
@router.delete("/events/me/{item_id}", tags=["events"])
|
||||
async def delete_event_me(item_id: str, current_user: Annotated[users.User, Depends(users_token.get_current_active_user)], authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))], remove: bool = False):
|
||||
event_repository = events.EventRepository(database=database.database)
|
||||
event = event_repository.find_one_by_id(ObjectId(item_id))
|
||||
if remove is True:
|
||||
event.deleted_at = datetime.today()
|
||||
event.status = -1
|
||||
content = {"message": "event is deleted"}
|
||||
else:
|
||||
event.status = 0
|
||||
event.deleted_at = datetime.today()
|
||||
content = {"message": "event is disabled"}
|
||||
event_repository.save(event)
|
||||
response = JSONResponse(content=content)
|
||||
return response
|
||||
|
||||
@router.delete("/events/groups",tags=["events"])
|
||||
async def delete_events_groups(authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))], remove: bool = False, eventids: events.EventIDS | None = None):
|
||||
if len(eventids.ids) == 0:
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_400_BAD_REQUEST,
|
||||
detail="eventids should be greater than 0"
|
||||
)
|
||||
|
||||
event_repository = event.EventRepository(database=database.database)
|
||||
for i in eventids.ids:
|
||||
event = event_repository.find_one_by_id(ObjectId(i))
|
||||
if remove is True:
|
||||
event.status = -1
|
||||
event.deleted_at = datetime.today()
|
||||
content = {"message": "events are deleted "}
|
||||
else:
|
||||
event.status = 0
|
||||
event.disabled_at = datetime.today()
|
||||
content = {"message": "events are disabled"}
|
||||
event_repository.save(event)
|
||||
|
||||
response = JSONResponse(content=content)
|
||||
return response
|
||||
|
||||
@router.delete("/events/{item_id}", tags=["events"])
|
||||
async def delete_events_id(item_id : str, authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))], remove : bool = False):
|
||||
event_repository = events.EventRepository(database=database.database)
|
||||
event = event_repository.find_one_by_id(ObjectId(item_id))
|
||||
if remove is True:
|
||||
event.status = -1
|
||||
event.deleted_at = datetime.today()
|
||||
content = {"message": "events are deleted"}
|
||||
else:
|
||||
event.status = 0
|
||||
event.disabled_at = datetime.today()
|
||||
content = {"message": "events are disabled"}
|
||||
event_repository.save(event)
|
||||
response = JSONResponse(content=content)
|
||||
return response
|
||||
|
||||
@router.put("/events/me/{item_id}",tags=["events"])
|
||||
async def update_events_me(item_id: str, current_user: Annotated[users.User, Depends(users_token.get_current_active_user)], authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))], eventSingle: events.EventIn | None = None):
|
||||
event_repository = event.EventRepository(database=database.database)
|
||||
event = event_repository.find_one_by_id(ObjectId(item_id))
|
||||
event.name = EventSingle.name
|
||||
event.place = EventSingle.place
|
||||
event.start_date = eventSingle.start_date
|
||||
event.end_date = eventSingle.end_date
|
||||
event.latitude = eventSingle.latitude
|
||||
event.longitude = eventSingle.longitude
|
||||
event.updated_at = datetime.today()
|
||||
event_repository.save(event)
|
||||
content = {"message": "event is updated"}
|
||||
response = JSONResponse(content=content)
|
||||
return response
|
||||
|
||||
@router.put("/events", tags=["events"], status_code=status.HTTP_201_CREATED)
|
||||
async def update_events(authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))], eventSingle: events.EventIn | None = None):
|
||||
if eventSingle is None:
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_400_BAD_REQUEST,
|
||||
detail="Body request is empty"
|
||||
)
|
||||
event_repository = events.EventRepository(database=database.database)
|
||||
|
||||
event = event_repository.find_one_by({"name": {'$eq': eventSingle.name}})
|
||||
if event is not None:
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_204_NO_CONTENT,
|
||||
detail="name"
|
||||
)
|
||||
|
||||
|
||||
event = events.Event(name=eventSingle.name, place=eventSingle.place)
|
||||
event.start_date = eventSingle.start_date
|
||||
event.end_date = eventSingle.end_date
|
||||
event.organizers = eventSingle.organizers
|
||||
event.latitude = eventSingle.latitude
|
||||
event.longitude = eventSingle.longitude
|
||||
event.created_at = datetime.today()
|
||||
event_repository.save(event)
|
||||
content = {"message": "event is created"}
|
||||
response = JSONResponse(content=content, status_code=status.HTTP_201_CREATED)
|
||||
return response
|
||||
|
||||
|
||||
@router.put("/events/{item_id}", tags=["events"], status_code=status.HTTP_200_OK)
|
||||
async def update_events_id(item_id: str, authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))], eventSingle: events.EventIn | None = None, response: Response = Response):
|
||||
if eventSingle is None:
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_400_BAD_REQUEST,
|
||||
detail="Body request is empty"
|
||||
)
|
||||
event_repository = events.EventRepository(database=database.database)
|
||||
|
||||
event = event_repository.find_one_by({"id": {'$eq': ObjectId(item_id)}})
|
||||
if event is None:
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_404_NOT_FOUND,
|
||||
detail="Event not found"
|
||||
)
|
||||
|
||||
event.name = eventSingle.name
|
||||
event.place = eventSingle.place
|
||||
event.start_date = eventSingle.start_date
|
||||
event.end_date = eventSingle.end_date
|
||||
event.organizers = eventSingle.organizers
|
||||
event.latitude = eventSingle.latitude
|
||||
event.longitude = eventSingle.longitude
|
||||
event.updated_at = datetime.today()
|
||||
event_repository.save(event)
|
||||
content = {"message": "event is updated"}
|
||||
response = JSONResponse(content=content)
|
||||
return response
|
||||
|
||||
|
||||
@router.patch("/events/groups",tags=["events"])
|
||||
async def patch_events_groups(authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))], eventids: events.EventIDS | None = None):
|
||||
if len(eventids.ids) == 0:
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_400_BAD_REQUEST,
|
||||
detail="eventids should be greater than 0"
|
||||
)
|
||||
|
||||
event_repository = events.EventRepository(database=database.database)
|
||||
content = {"message": "events are enabled"}
|
||||
for i in eventids.ids:
|
||||
event = event_repository.find_one_by_id(ObjectId(i))
|
||||
event.status = 1
|
||||
event.disabled_at = None
|
||||
event.deleted_at = None
|
||||
event_repository.save(event)
|
||||
|
||||
|
||||
response = JSONResponse(content=content)
|
||||
return response
|
||||
|
||||
@router.patch("/events/{item_id}", tags=["events"])
|
||||
async def patch_events_id(item_id : str, authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))]):
|
||||
event_repository = events.EventRepository(database=database.database)
|
||||
event = event_repository.find_one_by_id(ObjectId(item_id))
|
||||
event.status = 1
|
||||
event.disabled_at = None
|
||||
event.deleted_at = None
|
||||
event_repository.save(event)
|
||||
content = {"message": "event is enabled"}
|
||||
response = JSONResponse(content=content)
|
||||
return response
|
||||
@@ -7,13 +7,13 @@ from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
|
||||
from ..dependencies import users_token, permissions_checker
|
||||
from ..models import token, users
|
||||
|
||||
|
||||
router = APIRouter()
|
||||
ACCESS_TOKEN_EXPIRE_MINUTES = 30
|
||||
|
||||
@router.post("/token", tags=["token"])
|
||||
async def login_for_access_token(
|
||||
form_data: Annotated[OAuth2PasswordRequestForm, Depends()]
|
||||
):
|
||||
form_data: Annotated[OAuth2PasswordRequestForm, Depends()]):
|
||||
user = users_token.authenticate_user(form_data.username, form_data.password)
|
||||
if not user:
|
||||
raise HTTPException(
|
||||
@@ -25,13 +25,20 @@ async def login_for_access_token(
|
||||
access_token = users_token.create_access_token(
|
||||
data={"sub": user.username}, expires_delta=access_token_expires
|
||||
)
|
||||
content = {"message": "Access token generated"}
|
||||
content = {"roles":user.roles,"message": "Access token generated"}
|
||||
response = JSONResponse(content=content)
|
||||
response.set_cookie(key="jwt", value=access_token)
|
||||
response.set_cookie(key="access_token", value="Bearer {0}".format(access_token), httponly=True)
|
||||
return response
|
||||
|
||||
@router.get("/token",tags=["token"])
|
||||
async def check_token(current_user: Annotated[users.User, Depends(users_token.get_current_active_user)], authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))]):
|
||||
content = {"message": "Check token"}
|
||||
response = JSONResponse(content=content)
|
||||
return response
|
||||
|
||||
@router.delete("/token",tags=["token"])
|
||||
async def check_token(current_user: Annotated[users.User, Depends(users_token.get_current_active_user)], authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))]):
|
||||
content = {"message": "Token deleted"}
|
||||
response = JSONResponse(content=content)
|
||||
response.set_cookie(key="access_token", value="", httponly=True)
|
||||
return response
|
||||
@@ -1,6 +1,9 @@
|
||||
from fastapi import APIRouter, Depends, HTTPException, status
|
||||
from fastapi import APIRouter, Depends, HTTPException, status, Response
|
||||
from fastapi.responses import JSONResponse
|
||||
from datetime import datetime
|
||||
from ..dependencies import users_token, permissions_checker, database
|
||||
from ..models import users
|
||||
from pydantic import EmailStr
|
||||
from typing import Annotated
|
||||
from bson import ObjectId
|
||||
router = APIRouter()
|
||||
@@ -8,7 +11,7 @@ router = APIRouter()
|
||||
|
||||
|
||||
@router.get("/users", tags=["users"], response_model=list[users.UserOut])
|
||||
async def read_users(authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))], skip: int = 0, limit: int = 20):
|
||||
async def read_users(authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))], skip: int = 0, limit: int = 20, id_user: str | None = None, roles: str | None = None, status: int | None = None, email: EmailStr | None = None, name: str | None = None):
|
||||
if limit < 1 or skip < 0 or limit < skip:
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_400_BAD_REQUEST,
|
||||
@@ -17,36 +20,62 @@ async def read_users(authorize: Annotated[bool, Depends(permissions_checker.Perm
|
||||
limit = limit + skip
|
||||
listUsers = []
|
||||
user_repository = users.UserRepository(database=database.database)
|
||||
for user_index in user_repository.find_by({}, limit=limit, skip=skip):
|
||||
user = users.UserOut(id=user_index.id, username=user_index.username, email=user_index.email, disabled=user_index.disabled, roles=user_index.roles, removed=user_index.removed, confirmed=user_index.confirmed)
|
||||
object_search = {}
|
||||
if status is not None and roles is not None:
|
||||
object_search = {"$and":[{"roles":{"$eq": roles}}, {"status":{"$eq":status}}]}
|
||||
else:
|
||||
if status is not None:
|
||||
object_search = {"status":{"$eq": status}}
|
||||
if roles is not None:
|
||||
object_search = {"roles":{"$eq":roles}}
|
||||
if id_user is not None:
|
||||
userid = ObjectId(id_user)
|
||||
object_search = {"id": {"$regex": userid}}
|
||||
if status is not None and roles is not None:
|
||||
object_search = {"$and":[{"id":{"$regex": userid}}, {"roles":{"$eq": roles}}, {"status":{"$eq":status}}]}
|
||||
else:
|
||||
if status is not None:
|
||||
object_search = {"$and":[{"id":{"$regex": userid}}, {"status":{"$eq":status}}]}
|
||||
if roles is not None:
|
||||
object_search = {"$and":[{"id":{"$regex": userid}}, {"roles":{"$eq":roles}}]}
|
||||
if email is not None:
|
||||
object_search = {"email": {"$eq": email}}
|
||||
if status is not None and roles is not None:
|
||||
object_search = {"$and":[{"email":{"$eq": email}}, {"roles":{"$eq": roles}}, {"status":{"$eq":status}}]}
|
||||
else:
|
||||
if status is not None:
|
||||
object_search = {"$and":[{"email":{"$eq": email}}, {"status":{"$eq":status}}]}
|
||||
if roles is not None:
|
||||
object_search = {"$and":[{"email":{"$eq": email}}, {"roles":{"$eq":roles}}]}
|
||||
|
||||
if name is not None:
|
||||
object_search = {"username": {"$regex": name}}
|
||||
if status is not None and roles is not None:
|
||||
object_search = {"$and":[{"username":{"$regex": name}}, {"roles":{"$eq": roles}}, {"status":{"$eq":status}}]}
|
||||
else:
|
||||
if status is not None:
|
||||
object_search = {"$and":[{"username":{"$regex": name}}, {"status":{"$eq":status}}]}
|
||||
if roles is not None:
|
||||
object_search = {"$and":[{"username":{"$regex": name}}, {"roles":{"$eq":roles}}]}
|
||||
|
||||
|
||||
for user_index in user_repository.find_by(object_search, limit=limit, skip=skip):
|
||||
user = users.UserOut(id=user_index.id, username=user_index.username, email=user_index.email, status=user_index.status, roles=user_index.roles, firstName=user_index.firstName, name=user_index.name)
|
||||
listUsers.append(user)
|
||||
return listUsers
|
||||
|
||||
@router.get("/users/search", tags=["users"], response_model=list[users.UserOut])
|
||||
async def read_users_id(authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))], skip: int = 0, limit: int = 20, key: str | None = None, value: str | None= None):
|
||||
if limit < 1 or skip < 0 or limit < skip:
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_400_BAD_REQUEST,
|
||||
detail="skip should be greater than 0 and limit should be greater than 1. Limit should be greater than skip"
|
||||
)
|
||||
if key is None or value is None:
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_400_BAD_REQUEST,
|
||||
detail="Key or/and value parameter is empty"
|
||||
)
|
||||
limit = limit + skip
|
||||
listUsers = []
|
||||
user_repository = users.UserRepository(database=database.database)
|
||||
for user_index in user_repository.find_by({key: {'$regex': value}}, limit=limit, skip=skip):
|
||||
user = users.UserOut(id=user_index.id, username=user_index.username, disabled=user_index.disabled, roles=user_index.roles, email=user_index.email, removed=user_index.removed, confirmed=user_index.confirmed)
|
||||
listUsers.append(user)
|
||||
return listUsers
|
||||
|
||||
|
||||
@router.get("/users/me",tags=["users"], response_model=users.User, response_model_exclude=["id", "password", "roles", "disabled"])
|
||||
@router.get("/users/me",tags=["users"], response_model=users.User, response_model_exclude=["id", "password", "roles", "status"])
|
||||
async def read_users_me(current_user: Annotated[users.User, Depends(users_token.get_current_active_user)], authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))]):
|
||||
return current_user
|
||||
|
||||
@router.get("/users/count", tags=["users"])
|
||||
async def read_users_count(authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))]):
|
||||
count = database.database.get_collection("users").estimated_document_count()
|
||||
content = {"count":count}
|
||||
response = JSONResponse(content=content)
|
||||
return response
|
||||
|
||||
|
||||
@router.get("/users/{item_id}", tags=["users"], response_model=users.User)
|
||||
async def read_users_id(item_id : str, authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))]):
|
||||
user_repository = users.UserRepository(database=database.database)
|
||||
@@ -54,38 +83,76 @@ async def read_users_id(item_id : str, authorize: Annotated[bool, Depends(permis
|
||||
return user
|
||||
|
||||
|
||||
|
||||
@router.delete("/users/me",tags=["users"], response_model=users.User, response_model_exclude=["id", "password", "roles", "disabled"])
|
||||
async def read_users_me(current_user: Annotated[users.User, Depends(users_token.get_current_active_user)], authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))], remove: bool = False):
|
||||
@router.delete("/users/me",tags=["users"])
|
||||
async def delete_users_me(current_user: Annotated[users.User, Depends(users_token.get_current_active_user)], authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))], remove: bool = False):
|
||||
user_repository = users.UserRepository(database=database.database)
|
||||
current_user.disabled = True
|
||||
|
||||
if remove is True:
|
||||
current_user.removed = True
|
||||
current_user.deleted_at = datetime.today()
|
||||
current_user.status = -1
|
||||
content = {"message": "users are deleted"}
|
||||
else:
|
||||
current_user.status = 0
|
||||
current_user.deleted_at = datetime.today()
|
||||
content = {"message": "users are disabled"}
|
||||
user_repository.save(current_user)
|
||||
return current_user
|
||||
response = JSONResponse(content=content)
|
||||
return response
|
||||
|
||||
@router.delete("/users/{item_id}", tags=["users"], response_model=users.User)
|
||||
async def read_users_id(item_id : str, authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))], remove : bool = False):
|
||||
@router.delete("/users/groups",tags=["users"])
|
||||
async def delete_users_groups(authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))], remove: bool = False, userids: users.UserIDS | None = None):
|
||||
if len(userids.ids) == 0:
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_400_BAD_REQUEST,
|
||||
detail="userids should be greater than 0"
|
||||
)
|
||||
|
||||
user_repository = users.UserRepository(database=database.database)
|
||||
for i in userids.ids:
|
||||
user = user_repository.find_one_by_id(ObjectId(i))
|
||||
if remove is True:
|
||||
user.status = -1
|
||||
user.deleted_at = datetime.today()
|
||||
content = {"message": "users are deleted "}
|
||||
else:
|
||||
user.status = 0
|
||||
user.disabled_at = datetime.today()
|
||||
content = {"message": "users are disabled"}
|
||||
user_repository.save(user)
|
||||
|
||||
response = JSONResponse(content=content)
|
||||
return response
|
||||
|
||||
@router.delete("/users/{item_id}", tags=["users"])
|
||||
async def delete_users_id(item_id : str, authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))], remove : bool = False):
|
||||
user_repository = users.UserRepository(database=database.database)
|
||||
user = user_repository.find_one_by_id(ObjectId(item_id))
|
||||
user.disabled = True
|
||||
if remove is True:
|
||||
user.removed = True
|
||||
user.status = -1
|
||||
user.deleted_at = datetime.today()
|
||||
content = {"message": "users are deleted"}
|
||||
else:
|
||||
user.status = 0
|
||||
user.disabled_at = datetime.today()
|
||||
content = {"message": "users are disabled"}
|
||||
user_repository.save(user)
|
||||
return user
|
||||
response = JSONResponse(content=content)
|
||||
return response
|
||||
|
||||
@router.put("/users/me",tags=["users"], response_model=users.User, response_model_exclude=["id", "password", "roles", "disabled"])
|
||||
async def read_users_me(current_user: Annotated[users.User, Depends(users_token.get_current_active_user)], authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))], userSingle: users.UserIn | None = None):
|
||||
@router.put("/users/me",tags=["users"])
|
||||
async def update_users_me(current_user: Annotated[users.User, Depends(users_token.get_current_active_user)], authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin", "User"]))], userSingle: users.UserIn | None = None):
|
||||
user_repository = users.UserRepository(database=database.database)
|
||||
current_user.username = userSingle.username
|
||||
current_user.password = user_token.get_password_hash(userSingle.password)
|
||||
current_user.roles = userSingle.roles
|
||||
current_user.email = userSingle.email
|
||||
user_repository.save(current_user)
|
||||
content = {"message": "user is updated"}
|
||||
response = JSONResponse(content=content)
|
||||
return current_user
|
||||
|
||||
@router.put("/users", tags=["users"], response_model=users.User, status_code=status.HTTP_200_OK)
|
||||
async def read_users_id(authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))], userSingle: users.UserIn | None = None):
|
||||
@router.put("/users", tags=["users"], status_code=status.HTTP_201_CREATED)
|
||||
async def update_users(authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))], userSingle: users.UserIn | None = None):
|
||||
if userSingle is None:
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_400_BAD_REQUEST,
|
||||
@@ -93,13 +160,90 @@ async def read_users_id(authorize: Annotated[bool, Depends(permissions_checker.P
|
||||
)
|
||||
user_repository = users.UserRepository(database=database.database)
|
||||
|
||||
user = user_repository.find_one_by({"username": {'$eq': userSingle.username}})
|
||||
user = user_repository.find_one_by({"$or":[{"username": {'$eq': userSingle.username}}, {"email": {"$eq": userSingle.email}}]})
|
||||
if user is not None:
|
||||
if user.username == userSingle.username:
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_204_NO_CONTENT,
|
||||
detail="username"
|
||||
)
|
||||
if user.email == userSingle.email:
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_204_NO_CONTENT,
|
||||
detail="email"
|
||||
)
|
||||
|
||||
user = users.User(username=userSingle.username, password=users_token.get_password_hash(userSingle.password), email=userSingle.email)
|
||||
user.roles = userSingle.roles
|
||||
user.firstName = userSingle.firstName
|
||||
user.name = userSingle.name
|
||||
user.birth = userSingle.birth
|
||||
user.created_at = datetime.today()
|
||||
user_repository.save(user)
|
||||
content = {"message": "user is created"}
|
||||
response = JSONResponse(content=content, status_code=status.HTTP_201_CREATED)
|
||||
return response
|
||||
|
||||
|
||||
@router.put("/users/{item_id}", tags=["users"], status_code=status.HTTP_200_OK)
|
||||
async def update_users_id(item_id: str, authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))], userSingle: users.UserIn | None = None, response: Response = Response):
|
||||
if userSingle is None:
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_400_BAD_REQUEST,
|
||||
detail="Body request is empty"
|
||||
)
|
||||
user_repository = users.UserRepository(database=database.database)
|
||||
|
||||
user = user_repository.find_one_by({"id": {'$eq': ObjectId(item_id)}})
|
||||
if user is None:
|
||||
response.status_code = status.HTTP_201_CREATED
|
||||
user = users.User()
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_404_NOT_FOUND,
|
||||
detail="User not found"
|
||||
)
|
||||
|
||||
user.username = userSingle.username
|
||||
user.password = user_token.get_password_hash(userSingle.password)
|
||||
user.password = users_token.get_password_hash(userSingle.password)
|
||||
user.roles = userSingle.roles
|
||||
user.email = userSingle.email
|
||||
user.firstName = userSingle.firstName
|
||||
user.name = userSingle.name
|
||||
user.birth = userSingle.birth
|
||||
user.updated_at = datetime.today()
|
||||
user_repository.save(user)
|
||||
return user
|
||||
content = {"message": "user is updated"}
|
||||
response = JSONResponse(content=content)
|
||||
return response
|
||||
|
||||
|
||||
@router.patch("/users/groups",tags=["users"])
|
||||
async def patch_users_groups(authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))], userids: users.UserIDS | None = None):
|
||||
if len(userids.ids) == 0:
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_400_BAD_REQUEST,
|
||||
detail="userids should be greater than 0"
|
||||
)
|
||||
|
||||
user_repository = users.UserRepository(database=database.database)
|
||||
content = {"message": "users are enabled"}
|
||||
for i in userids.ids:
|
||||
user = user_repository.find_one_by_id(ObjectId(i))
|
||||
user.status = 1
|
||||
user.disabled_at = None
|
||||
user.deleted_at = None
|
||||
user_repository.save(user)
|
||||
|
||||
|
||||
response = JSONResponse(content=content)
|
||||
return response
|
||||
|
||||
@router.patch("/users/{item_id}", tags=["users"], response_model=users.User)
|
||||
async def patch_users_id(item_id : str, authorize: Annotated[bool, Depends(permissions_checker.PermissionChecker(roles=["Admin"]))]):
|
||||
user_repository = users.UserRepository(database=database.database)
|
||||
user = user_repository.find_one_by_id(ObjectId(item_id))
|
||||
user.status = 1
|
||||
user.disabled_at = None
|
||||
user.deleted_at = None
|
||||
user_repository.save(user)
|
||||
content = {"message": "user is enabled"}
|
||||
response = JSONResponse(content=content)
|
||||
return response
|
||||
Reference in New Issue
Block a user