accounts: Add new accounts and add users and balance to accounts

Close #5

src/allmende_payment_system/api/admin.py

@@ -2,6 +2,7 @@ from typing import Annotated
 
 from fastapi import APIRouter, File, Form, HTTPException, Request
 from sqlalchemy import select
+from sqlalchemy.exc import IntegrityError
 from starlette import status
 from starlette.responses import RedirectResponse
 
@@ -12,6 +13,7 @@ from allmende_payment_system.models import (
     Area,
     Permission,
     Product,
+    Transaction,
     User,
     UserGroup,
 )
@@ -296,8 +298,78 @@ async def get_accounts(
     templates = get_jinja_renderer()
 
     accounts = session.scalars(select(Account)).all()
+    users = session.scalars(select(User)).all()
 
     return templates.TemplateResponse(
         "accounts.html.jinja",
-        context={"request": request, "accounts": accounts},
+        context={"request": request, "accounts": accounts, "users": users},
+    )
+
+
+@admin_router.post("/accounts/new")
+async def create_account(
+    request: Request,
+    session: SessionDep,
+    user: UserDep,
+    account_name: Annotated[str, Form()],
+):
+    if not user.has_permission("account", "edit"):
+        raise HTTPException(status_code=403, detail="Insufficient permissions")
+
+    account = Account(name=account_name)
+    session.add(account)
+    try:
+        session.flush()
+    except IntegrityError as e:
+        session.rollback()
+        raise HTTPException(
+            status_code=400, detail="Account with this name already exists"
+        ) from e
+    return RedirectResponse(
+        url="/admin/accounts", status_code=status.HTTP_303_SEE_OTHER
+    )
+
+
+@admin_router.post("/accounts/{account_id}/add_user")
+async def add_user_to_account(
+    request: Request,
+    session: SessionDep,
+    user: UserDep,
+    account_id: int,
+    user_id: Annotated[int, Form()],
+):
+    if not user.has_permission("account", "edit"):
+        raise HTTPException(status_code=403, detail="Insufficient permissions")
+
+    account = session.execute(
+        select(Account).where(Account.id == account_id)
+    ).scalar_one()
+    user_to_add = session.execute(select(User).where(User.id == user_id)).scalar_one()
+
+    account.users.append(user_to_add)
+
+    return RedirectResponse(
+        url="/admin/accounts", status_code=status.HTTP_303_SEE_OTHER
+    )
+
+
+@admin_router.post("/accounts/{account_id}/add_balance")
+async def add_balance_to_account(
+    request: Request,
+    session: SessionDep,
+    user: UserDep,
+    account_id: int,
+    amount: Annotated[float, Form()],
+):
+    if not user.has_permission("account", "edit"):
+        raise HTTPException(status_code=403, detail="Insufficient permissions")
+
+    account = session.execute(
+        select(Account).where(Account.id == account_id)
+    ).scalar_one()
+
+    account.transactions.append(Transaction(type="deposit", total_amount=amount))
+
+    return RedirectResponse(
+        url="/admin/accounts", status_code=status.HTTP_303_SEE_OTHER
     )