open-webui/backend/apps/web/routers/users.py

from fastapi import Response
from fastapi import Depends, FastAPI, HTTPException, status
from datetime import datetime, timedelta
from typing import List, Union, Optional

from fastapi import APIRouter
from pydantic import BaseModel
import time
import uuid

from apps.web.models.users import UserModel, UserRoleUpdateForm, Users
from apps.web.models.auths import Auths


from utils.utils import (
    get_password_hash,
    bearer_scheme,
    create_token,
)
from constants import ERROR_MESSAGES

router = APIRouter()

############################
# GetUsers
############################


@router.get("/", response_model=List[UserModel])
async def get_users(skip: int = 0, limit: int = 50, cred=Depends(bearer_scheme)):
    token = cred.credentials
    user = Users.get_user_by_token(token)

    if user:
        if user.role == "admin":
            return Users.get_users(skip, limit)
        else:
            raise HTTPException(
                status_code=status.HTTP_403_FORBIDDEN,
                detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
            )
    else:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail=ERROR_MESSAGES.INVALID_TOKEN,
        )


############################
# UpdateUserRole
############################


@router.post("/update/role", response_model=Optional[UserModel])
async def update_user_role(form_data: UserRoleUpdateForm, cred=Depends(bearer_scheme)):
    token = cred.credentials
    user = Users.get_user_by_token(token)

    if user:
        if user.role == "admin":
            if user.id != form_data.id:
                return Users.update_user_role_by_id(form_data.id, form_data.role)
            else:
                raise HTTPException(
                    status_code=status.HTTP_403_FORBIDDEN,
                    detail=ERROR_MESSAGES.ACTION_PROHIBITED,
                )
        else:
            raise HTTPException(
                status_code=status.HTTP_403_FORBIDDEN,
                detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
            )
    else:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail=ERROR_MESSAGES.INVALID_TOKEN,
        )


############################
# DeleteUserById
############################


@router.delete("/{user_id}", response_model=bool)
async def delete_user_by_id(user_id: str, cred=Depends(bearer_scheme)):
    token = cred.credentials
    user = Users.get_user_by_token(token)

    if user:
        if user.role == "admin":
            if user.id != user_id:
                result = Auths.delete_auth_by_id(user_id)

                if result:
                    return True
                else:
                    raise HTTPException(
                        status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
                        detail=ERROR_MESSAGES.DELETE_USER_ERROR,
                    )
            else:
                raise HTTPException(
                    status_code=status.HTTP_403_FORBIDDEN,
                    detail=ERROR_MESSAGES.ACTION_PROHIBITED,
                )
        else:
            raise HTTPException(
                status_code=status.HTTP_403_FORBIDDEN,
                detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
            )
    else:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail=ERROR_MESSAGES.INVALID_TOKEN,
        )
feat: admin panel added 2023-11-19 09:13:59 +01:00			`from fastapi import Response`
			`from fastapi import Depends, FastAPI, HTTPException, status`
			`from datetime import datetime, timedelta`
			`from typing import List, Union, Optional`

			`from fastapi import APIRouter`
			`from pydantic import BaseModel`
			`import time`
			`import uuid`

			`from apps.web.models.users import UserModel, UserRoleUpdateForm, Users`
fix: delete auth with user 2023-12-29 08:24:51 +01:00			`from apps.web.models.auths import Auths`

feat: admin panel added 2023-11-19 09:13:59 +01:00
			`from utils.utils import (`
			`get_password_hash,`
			`bearer_scheme,`
			`create_token,`
			`)`
			`from constants import ERROR_MESSAGES`

			`router = APIRouter()`

			`############################`
			`# GetUsers`
			`############################`


			`@router.get("/", response_model=List[UserModel])`
			`async def get_users(skip: int = 0, limit: int = 50, cred=Depends(bearer_scheme)):`
			`token = cred.credentials`
			`user = Users.get_user_by_token(token)`

			`if user:`
			`if user.role == "admin":`
			`return Users.get_users(skip, limit)`
			`else:`
			`raise HTTPException(`
			`status_code=status.HTTP_403_FORBIDDEN,`
			`detail=ERROR_MESSAGES.ACCESS_PROHIBITED,`
			`)`
			`else:`
			`raise HTTPException(`
			`status_code=status.HTTP_401_UNAUTHORIZED,`
			`detail=ERROR_MESSAGES.INVALID_TOKEN,`
			`)`


			`############################`
			`# UpdateUserRole`
			`############################`


			`@router.post("/update/role", response_model=Optional[UserModel])`
			`async def update_user_role(form_data: UserRoleUpdateForm, cred=Depends(bearer_scheme)):`
			`token = cred.credentials`
			`user = Users.get_user_by_token(token)`

			`if user:`
			`if user.role == "admin":`
			`if user.id != form_data.id:`
			`return Users.update_user_role_by_id(form_data.id, form_data.role)`
			`else:`
			`raise HTTPException(`
			`status_code=status.HTTP_403_FORBIDDEN,`
			`detail=ERROR_MESSAGES.ACTION_PROHIBITED,`
			`)`
			`else:`
			`raise HTTPException(`
			`status_code=status.HTTP_403_FORBIDDEN,`
			`detail=ERROR_MESSAGES.ACCESS_PROHIBITED,`
			`)`
			`else:`
			`raise HTTPException(`
			`status_code=status.HTTP_401_UNAUTHORIZED,`
			`detail=ERROR_MESSAGES.INVALID_TOKEN,`
			`)`
feat: delete user backend support 2023-12-29 08:02:49 +01:00

			`############################`
fix: delete auth with user 2023-12-29 08:24:51 +01:00			`# DeleteUserById`
feat: delete user backend support 2023-12-29 08:02:49 +01:00			`############################`


			`@router.delete("/{user_id}", response_model=bool)`
			`async def delete_user_by_id(user_id: str, cred=Depends(bearer_scheme)):`
			`token = cred.credentials`
			`user = Users.get_user_by_token(token)`

			`if user:`
			`if user.role == "admin":`
fix: disable admin self user delete 2023-12-29 08:07:46 +01:00			`if user.id != user_id:`
fix: delete auth with user 2023-12-29 08:24:51 +01:00			`result = Auths.delete_auth_by_id(user_id)`
fix: disable admin self user delete 2023-12-29 08:07:46 +01:00
			`if result:`
			`return True`
			`else:`
			`raise HTTPException(`
			`status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,`
			`detail=ERROR_MESSAGES.DELETE_USER_ERROR,`
			`)`
feat: delete user backend support 2023-12-29 08:02:49 +01:00			`else:`
			`raise HTTPException(`
			`status_code=status.HTTP_403_FORBIDDEN,`
fix: disable admin self user delete 2023-12-29 08:07:46 +01:00			`detail=ERROR_MESSAGES.ACTION_PROHIBITED,`
feat: delete user backend support 2023-12-29 08:02:49 +01:00			`)`
			`else:`
			`raise HTTPException(`
			`status_code=status.HTTP_403_FORBIDDEN,`
			`detail=ERROR_MESSAGES.ACCESS_PROHIBITED,`
			`)`
			`else:`
			`raise HTTPException(`
			`status_code=status.HTTP_401_UNAUTHORIZED,`
			`detail=ERROR_MESSAGES.INVALID_TOKEN,`
			`)`