Refactor user admin with Form() dependency

2026-01-17 12:35:31 +01:00
parent a451d2e532
commit 45bd37e26c
2 changed files with 24 additions and 10 deletions
--- a/src/allmende_payment_system/api/admin.py
+++ b/src/allmende_payment_system/api/admin.py
@@ -32,15 +32,17 @@ async def user_list(request: Request, session: SessionDep, user: UserDep):

@admin_router.post("/users/{user_id}/add_group")
 async def user_add_group(
-    request: Request, session: SessionDep, loggend_in_user: UserDep, user_id: int
+    request: Request,
+    session: SessionDep,
+    loggend_in_user: UserDep,
+    user_id: int,
+    group_id: Annotated[int, Form()],
 ):
    if not loggend_in_user.has_permission("user", "edit"):
        raise HTTPException(status_code=403, detail="Insufficient permissions")

-    data = await request.form()
-
    group = session.execute(
-        select(UserGroup).where(UserGroup.id == data["group_id"])
+        select(UserGroup).where(UserGroup.id == group_id)
    ).scalar_one()
    user = session.execute(select(User).where(User.id == user_id)).scalar_one()
    user.user_groups.append(group)
@@ -86,13 +88,16 @@ async def group_list(request: Request, session: SessionDep, user: UserDep):

@admin_router.post("/groups/{group_id}/add_permission")
 async def group_add_permission(
-    request: Request, session: SessionDep, user: UserDep, group_id: int
+    request: Request,
+    session: SessionDep,
+    user: UserDep,
+    group_id: int,
+    permission: Annotated[str, Form()],
 ):
    if not user.has_permission("user", "edit"):
        raise HTTPException(status_code=403, detail="Insufficient permissions")

-    data = await request.form()
-    scope_action = data["permission"].split(":")
+    scope_action = permission.split(":")
    if len(scope_action) != 2:
        raise HTTPException(
            status_code=400, detail="Permission must be in the format 'scope:action'"
@@ -132,12 +137,16 @@ async def group_remove_permission(


@admin_router.post("/groups/create")
-async def create_group(request: Request, session: SessionDep, user: UserDep):
+async def create_group(
+    request: Request,
+    session: SessionDep,
+    user: UserDep,
+    group_data: Annotated[types.UserGroup, Form()],
+):
    if not user.has_permission("user", "edit"):
        raise HTTPException(status_code=403, detail="Insufficient permissions")

-    data = await request.form()
-    group = UserGroup(name=data["name"], description=data["description"])
+    group = UserGroup(name=group_data.name, description=group_data.description)
    session.add(group)

    return RedirectResponse(url="/admin/groups", status_code=status.HTTP_303_SEE_OTHER)
--- a/src/allmende_payment_system/api/types.py
+++ b/src/allmende_payment_system/api/types.py
@@ -18,3 +18,8 @@ class Product(BaseModel):
    vat_rate: Decimal
    allow_fractional: bool = False
    unit_of_measure: UnitsOfMeasure
+
+
+class UserGroup(BaseModel):
+    name: str
+    description: typing.Optional[str] = None