niklas.m/allmende-payment-system
1
0
Fork 0
Code Issues 4 Pull Requests Packages Projects 1 Releases Wiki Activity

Refactor user admin with Form() dependency

Browse Source
This commit is contained in:
Niklas Meinzer
2026-01-17 12:35:31 +01:00
parent a451d2e532
commit 45bd37e26c
2 changed files with 24 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
src/allmende_payment_system/api/admin.py
View File

@@ -32,15 +32,17 @@ async def user_list(request: Request, session: SessionDep, user: UserDep):
@admin_router.post("/users/{user_id}/add_group") @admin_router.post("/users/{user_id}/add_group")
async def user_add_group( async def user_add_group(
request: Request, session: SessionDep, loggend_in_user: UserDep, user_id: int request: Request,
session: SessionDep,
loggend_in_user: UserDep,
user_id: int,
group_id: Annotated[int, Form()],
): ):
if not loggend_in_user.has_permission("user", "edit"): if not loggend_in_user.has_permission("user", "edit"):
raise HTTPException(status_code=403, detail="Insufficient permissions") raise HTTPException(status_code=403, detail="Insufficient permissions")
data = await request.form()
group = session.execute( group = session.execute(
select(UserGroup).where(UserGroup.id == data["group_id"]) select(UserGroup).where(UserGroup.id == group_id)
).scalar_one() ).scalar_one()
user = session.execute(select(User).where(User.id == user_id)).scalar_one() user = session.execute(select(User).where(User.id == user_id)).scalar_one()
user.user_groups.append(group) user.user_groups.append(group)
@@ -86,13 +88,16 @@ async def group_list(request: Request, session: SessionDep, user: UserDep):
@admin_router.post("/groups/{group_id}/add_permission") @admin_router.post("/groups/{group_id}/add_permission")
async def group_add_permission( async def group_add_permission(
request: Request, session: SessionDep, user: UserDep, group_id: int request: Request,
session: SessionDep,
user: UserDep,
group_id: int,
permission: Annotated[str, Form()],
): ):
if not user.has_permission("user", "edit"): if not user.has_permission("user", "edit"):
raise HTTPException(status_code=403, detail="Insufficient permissions") raise HTTPException(status_code=403, detail="Insufficient permissions")
data = await request.form() scope_action = permission.split(":")
scope_action = data["permission"].split(":")
if len(scope_action) != 2: if len(scope_action) != 2:
raise HTTPException( raise HTTPException(
status_code=400, detail="Permission must be in the format 'scope:action'" status_code=400, detail="Permission must be in the format 'scope:action'"
@@ -132,12 +137,16 @@ async def group_remove_permission(
@admin_router.post("/groups/create") @admin_router.post("/groups/create")
async def create_group(request: Request, session: SessionDep, user: UserDep): async def create_group(
request: Request,
session: SessionDep,
user: UserDep,
group_data: Annotated[types.UserGroup, Form()],
):
if not user.has_permission("user", "edit"): if not user.has_permission("user", "edit"):
raise HTTPException(status_code=403, detail="Insufficient permissions") raise HTTPException(status_code=403, detail="Insufficient permissions")
data = await request.form() group = UserGroup(name=group_data.name, description=group_data.description)
group = UserGroup(name=data["name"], description=data["description"])
session.add(group) session.add(group)
return RedirectResponse(url="/admin/groups", status_code=status.HTTP_303_SEE_OTHER) return RedirectResponse(url="/admin/groups", status_code=status.HTTP_303_SEE_OTHER)

5
src/allmende_payment_system/api/types.py
View File

@@ -18,3 +18,8 @@ class Product(BaseModel):
vat_rate: Decimal vat_rate: Decimal
allow_fractional: bool = False allow_fractional: bool = False
unit_of_measure: UnitsOfMeasure unit_of_measure: UnitsOfMeasure
class UserGroup(BaseModel):
name: str
description: typing.Optional[str] = None