groups WIP

2025-07-29 20:22:14 +03:00
parent 2ef27a9137
commit c203a890dc
9 changed files with 155 additions and 26 deletions
--- a/src/api/groups.py
+++ b/src/api/groups.py
@ -0,0 +1,72 @@
+from typing import Annotated
+
+from fastapi import APIRouter, Depends, HTTPException, status
+from psycopg2._psycopg import connection
+
+import db.users as db
+import settings.settings as settings
+from api.models import User
+from api.utils import get_current_user
+from db.internal import get_db_connection
+
+groups_router = APIRouter(prefix="/api/groups", tags=["groups"])
+
+
+@groups_router.get("/my")
+async def read_users_groups(current_user: Annotated[User, Depends(get_current_user)]):
+    return current_user
+
+@groups_router.post("/user")
+async def read_users_any_groups(
+    username: str,
+    conn: Annotated[connection, Depends(get_db_connection)],
+    current_user: Annotated[User, Depends(get_current_user)]
+):
+    if current_user.role not in settings.settings.admin_roles:
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail="Not allowed",
+        )
+    user = User()
+    user_data = db.get_user(conn, username)
+    if user_data is None:
+        return HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="No such user",
+        )
+    user.fill(user_data)
+    return user
+
+
+@groups_router.post("/add")
+async def add_group(
+    groupname: str,
+    conn: Annotated[connection, Depends(get_db_connection)],
+    current_user: Annotated[User, Depends(get_current_user)]
+):
+    # TODO
+    pass
+    # if not settings.settings.allow_create_admins_by_admins:
+    #     if current_user.role not in settings.settings.admin_roles:
+    #         raise HTTPException(
+    #             status_code=status.HTTP_403_FORBIDDEN,
+    #             detail="Not allowed",
+    #         )
+    # return db.create_user(conn, username, hashed_password, "admin")
+
+
+@groups_router.post("/delete")
+async def delete_user(
+    groupname: str,
+    conn: Annotated[connection, Depends(get_db_connection)],
+    current_user: Annotated[User, Depends(get_current_user)]
+):
+    # TODO
+    pass
+    # if current_user.username == username or current_user.role in settings.settings.admin_roles:
+    #     return db.delete_user(conn, groupname)
+    # else:
+    #     raise HTTPException(
+    #         status_code=status.HTTP_403_FORBIDDEN,
+    #         detail="Not allowed",
+    #     )