ettore.dreucci/lagomareGates
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

First commit

Browse Source
This commit is contained in:
Ettore
2026-05-06 01:51:22 +02:00
commit 78fca8ebc2
56 changed files with 2584 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
src/routers/admins.py Normal file
View File

@@ -0,0 +1,55 @@
from typing import Optional
from fastapi import APIRouter, Depends, HTTPException
from sqlalchemy.orm import Session
from core.auth import hash_password
from core.database import AdminUser, get_db
from core.dependencies import require_admin
from core.schemas import AdminUserCreate, AdminUserResponse
router = APIRouter(prefix="/api/admin/admins", tags=["admin-admins"])
@router.get("", response_model=list[AdminUserResponse])
async def list_admins(
db: Session = Depends(get_db), _: dict = Depends(require_admin)
):
return [AdminUserResponse(id=u.id, username=u.username, role=u.role) for u in db.query(AdminUser).order_by(AdminUser.id).all()]
@router.post("", response_model=AdminUserResponse, status_code=201)
async def create_admin(
req: AdminUserCreate,
db: Session = Depends(get_db),
_: dict = Depends(require_admin),
):
username = req.username.strip()
if not username:
raise HTTPException(422, "Username cannot be empty")
if req.role not in ("admin", "manager"):
raise HTTPException(422, "role must be 'admin' or 'manager'")
if db.query(AdminUser).filter_by(username=username).first():
raise HTTPException(409, "Username already exists")
user = AdminUser(username=username, password_hash=hash_password(req.password), role=req.role)
db.add(user)
db.commit()
db.refresh(user)
return AdminUserResponse(id=user.id, username=user.username, role=user.role)
@router.delete("/{username}", status_code=204)
async def delete_admin(
username: str,
db: Session = Depends(get_db),
caller: dict = Depends(require_admin),
):
if username == caller["sub"]:
raise HTTPException(409, "Cannot delete your own account")
user: Optional[AdminUser] = db.query(AdminUser).filter_by(username=username).first()
if not user:
raise HTTPException(404, "Admin not found")
if db.query(AdminUser).count() <= 1:
raise HTTPException(409, "Cannot delete the last admin account")
db.delete(user)
db.commit()