Beesquit/picrinth-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

groups WIP

Browse Source
This commit is contained in:
Beesquit
2025-07-29 20:22:14 +03:00
parent 2ef27a9137
commit c203a890dc
9 changed files with 155 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/api/general.py
View File

@ -7,7 +7,7 @@ from api.models import User
from api.utils import get_current_user
from settings.settings import load_settings, reset_settings, save_settings
general_router = APIRouter(prefix="/api", tags=["status"])
general_router = APIRouter(prefix="/api", tags=["general"])
@general_router.get('/ping')

72
src/api/groups.py Normal file
View File

@ -0,0 +1,72 @@
from typing import Annotated
from fastapi import APIRouter, Depends, HTTPException, status
from psycopg2._psycopg import connection
import db.users as db
import settings.settings as settings
from api.models import User
from api.utils import get_current_user
from db.internal import get_db_connection
groups_router = APIRouter(prefix="/api/groups", tags=["groups"])
@groups_router.get("/my")
async def read_users_groups(current_user: Annotated[User, Depends(get_current_user)]):
return current_user
@groups_router.post("/user")
async def read_users_any_groups(
username: str,
conn: Annotated[connection, Depends(get_db_connection)],
current_user: Annotated[User, Depends(get_current_user)]
):
if current_user.role not in settings.settings.admin_roles:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="Not allowed",
)
user = User()
user_data = db.get_user(conn, username)
if user_data is None:
return HTTPException(
status_code=status.HTTP_404_NOT_FOUND,
detail="No such user",
)
user.fill(user_data)
return user
@groups_router.post("/add")
async def add_group(
groupname: str,
conn: Annotated[connection, Depends(get_db_connection)],
current_user: Annotated[User, Depends(get_current_user)]
):
# TODO
pass
# if not settings.settings.allow_create_admins_by_admins:
# if current_user.role not in settings.settings.admin_roles:
# raise HTTPException(
# status_code=status.HTTP_403_FORBIDDEN,
# detail="Not allowed",
# )
# return db.create_user(conn, username, hashed_password, "admin")
@groups_router.post("/delete")
async def delete_user(
groupname: str,
conn: Annotated[connection, Depends(get_db_connection)],
current_user: Annotated[User, Depends(get_current_user)]
):
# TODO
pass
# if current_user.username == username or current_user.role in settings.settings.admin_roles:
# return db.delete_user(conn, groupname)
# else:
# raise HTTPException(
# status_code=status.HTTP_403_FORBIDDEN,
# detail="Not allowed",
# )

15
src/api/users.py
View File

@ -100,6 +100,21 @@ async def update_disabled(
detail="Not allowed",
)
@users_router.post("/update/role")
async def update_role(
username: str,
role: str,
conn: Annotated[connection, Depends(get_db_connection)],
current_user: Annotated[User, Depends(get_current_user)]
):
if current_user.role in settings.settings.admin_roles:
return db.update_user_role(conn, username, role)
else:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="Not allowed",
)
@users_router.post("/update/username")
async def update_username(

17
src/create_app.py
View File

@ -1,8 +1,12 @@
import sys
from fastapi import FastAPI
from loguru import logger
from api.anon import anon_router
from api.auth import auth_router
from api.general import general_router
from api.groups import groups_router
from api.users import users_router
from db.internal import connect_db, disconnect_db
from settings import startup_settings
@ -19,13 +23,24 @@ app = FastAPI(
def create_app():
logger.configure(
handlers=[
{
"sink": sys.stdout,
"level": startup_settings.log_level,
"format": "<level>{level}: {message}</level>",
}
]
)
app.add_event_handler("startup", connect_db)
app.add_event_handler("startup", settings_up)
app.include_router(general_router)
app.include_router(auth_router)
app.include_router(users_router)
app.include_router(anon_router)
app.include_router(users_router)
app.include_router(groups_router)
app.add_event_handler("shutdown", disconnect_db)
app.add_event_handler("shutdown", settings_down)

52
src/db/users.py
View File

@ -75,6 +75,40 @@ def check_user_disabled(
# user updates
def update_user_disabled(
conn: connection,
username: str,
disabled: bool
):
# if disabled = True => user is disabled
with conn.cursor() as cur:
cur.execute(
"""
update picrinth.users
set disabled = %s
where username = %s
""",
(disabled, username),
)
conn.commit()
def update_user_role(
conn: connection,
username: str,
role: str
):
with conn.cursor() as cur:
cur.execute(
"""
update picrinth.users
set role = %s
where username = %s
""",
(role, username),
)
conn.commit()
def update_user_username(
conn: connection,
username: str,
@ -108,24 +142,6 @@ def update_user_password(
conn.commit()
def update_user_disabled(
conn: connection,
username: str,
disabled: bool
):
# if disabled = True -> user is disabled
with conn.cursor() as cur:
cur.execute(
"""
update picrinth.users
set disabled = %s
where username = %s
""",
(disabled, username),
)
conn.commit()
def update_user_last_seen(
conn: connection,
username: str

1
src/settings/startup_settings.py
View File

@ -20,3 +20,4 @@ access_token_expiration_time = int(config('access_token_expiration_time', defau
# other settings
swagger_enabled = str_to_bool(str(config('swagger_enabled', 'false')))
log_level = str(config('log_level', default='INFO'))