feat(users): Add and remove user groups

2025-12-30 17:03:52 +01:00
parent bafca3c291
commit 927b4b0b4e
3 changed files with 77 additions and 7 deletions
--- a/src/allmende_payment_system/api/admin.py
+++ b/src/allmende_payment_system/api/admin.py
@@ -6,7 +6,7 @@ from starlette import status
 from starlette.responses import RedirectResponse

 from allmende_payment_system.api.dependencies import SessionDep, UserDep
-from allmende_payment_system.models import Area, Order, OrderItem, Product, User
+from allmende_payment_system.models import User, UserGroup
 from allmende_payment_system.tools import get_jinja_renderer

 admin_router = APIRouter(prefix="/admin")
@@ -17,10 +17,48 @@ async def user_list(request: Request, session: SessionDep, user: UserDep):
    if not user.has_permission("user", "edit"):
        raise HTTPException(status_code=403, detail="Insufficient permissions")

-    query = select(User)
-    users = session.scalars(query).all()
+    users = session.scalars(select(User)).all()
+    groups = session.scalars(select(UserGroup)).all()
    templates = get_jinja_renderer()
    return templates.TemplateResponse(
        "users.html.jinja",
-        context={"request": request, "users": users},
+        context={"request": request, "users": users, "all_groups": groups},
    )
+
+
+@admin_router.post("/users/{user_id}/add_group")
+async def user_add_group(
+    request: Request, session: SessionDep, loggend_in_user: UserDep, user_id: int
+):
+    if not loggend_in_user.has_permission("user", "edit"):
+        raise HTTPException(status_code=403, detail="Insufficient permissions")
+
+    data = await request.form()
+
+    group = session.execute(
+        select(UserGroup).where(UserGroup.id == data["group_id"])
+    ).scalar_one()
+    user = session.execute(select(User).where(User.id == user_id)).scalar_one()
+    user.user_groups.append(group)
+
+    return RedirectResponse(url="/admin/users", status_code=status.HTTP_303_SEE_OTHER)
+
+
+@admin_router.get("/users/{user_id}/remove_group/{group_id}")
+async def user_remove_group(
+    request: Request,
+    session: SessionDep,
+    loggend_in_user: UserDep,
+    user_id: int,
+    group_id: int,
+):
+    if not loggend_in_user.has_permission("user", "edit"):
+        raise HTTPException(status_code=403, detail="Insufficient permissions")
+
+    group = session.execute(
+        select(UserGroup).where(UserGroup.id == group_id)
+    ).scalar_one()
+    user = session.execute(select(User).where(User.id == user_id)).scalar_one()
+    print(user)
+    user.user_groups.remove(group)
+    return RedirectResponse(url="/admin/users", status_code=status.HTTP_303_SEE_OTHER)