feat: admin panel added

2023-11-19 00:13:59 -08:00 · 2023-11-19 00:13:59 -08:00 · 07d2c9871f
commit 07d2c9871f
parent 8547b7807d
9 changed files with 326 additions and 1087 deletions
--- a/backend/apps/web/main.py
+++ b/backend/apps/web/main.py
@ -1,7 +1,7 @@
 from fastapi import FastAPI, Request, Depends, HTTPException
 from fastapi.middleware.cors import CORSMiddleware

-from apps.web.routers import auths
+from apps.web.routers import auths, users
 from config import OLLAMA_WEBUI_VERSION, OLLAMA_WEBUI_AUTH

 app = FastAPI()
@ -18,6 +18,7 @@ app.add_middleware(


 app.include_router(auths.router, prefix="/auths", tags=["auths"])
+app.include_router(users.router, prefix="/users", tags=["users"])


@app.get("/")
--- a/backend/apps/web/models/users.py
+++ b/backend/apps/web/models/users.py
@ -27,6 +27,11 @@ class UserModel(BaseModel):
 ####################


+class UserRoleUpdateForm(BaseModel):
+    id: str
+    role: str
+
+
 class UsersTable:
    def __init__(self, db):
        self.db = db
@ -71,10 +76,19 @@ class UsersTable:
    def get_users(self, skip: int = 0, limit: int = 50) -> Optional[UserModel]:
        return [
            UserModel(**user)
-            for user in list(self.table.find({}, {"_id": False}))
-            .skip(skip)
-            .limit(limit)
+            for user in list(
+                self.table.find({}, {"_id": False}).skip(skip).limit(limit)
+            )
        ]

+    def update_user_by_id(self, id: str, updated: dict) -> Optional[UserModel]:
+        user = self.table.find_one_and_update(
+            {"id": id}, {"$set": updated}, return_document=ReturnDocument.AFTER
+        )
+        return UserModel(**user)
+
+    def update_user_role_by_id(self, id: str, role: str) -> Optional[UserModel]:
+        return self.update_user_by_id(id, {"role": role})
+

 Users = UsersTable(DB)
--- a/backend/apps/web/routers/auths.py
+++ b/backend/apps/web/routers/auths.py
@ -8,15 +8,6 @@ from pydantic import BaseModel
 import time
 import uuid

-from constants import ERROR_MESSAGES
-from utils.utils import (
-    get_password_hash,
-    bearer_scheme,
-    create_token,
-)
-
-from utils.misc import get_gravatar_url
-
 from apps.web.models.auths import (
    SigninForm,
    SignupForm,
@ -25,13 +16,19 @@ from apps.web.models.auths import (
    Auths,
 )
 from apps.web.models.users import Users
-import config
+
+
+from utils.utils import (
+    get_password_hash,
+    bearer_scheme,
+    create_token,
+)
+from utils.misc import get_gravatar_url
+from constants import ERROR_MESSAGES
+

 router = APIRouter()

-DB = config.DB
-
-
 ############################
 # GetSessionUser
 ############################
--- a/backend/apps/web/routers/users.py
+++ b/backend/apps/web/routers/users.py
@ -0,0 +1,75 @@
+from fastapi import Response
+from fastapi import Depends, FastAPI, HTTPException, status
+from datetime import datetime, timedelta
+from typing import List, Union, Optional
+
+from fastapi import APIRouter
+from pydantic import BaseModel
+import time
+import uuid
+
+from apps.web.models.users import UserModel, UserRoleUpdateForm, Users
+
+from utils.utils import (
+    get_password_hash,
+    bearer_scheme,
+    create_token,
+)
+from constants import ERROR_MESSAGES
+
+router = APIRouter()
+
+############################
+# GetUsers
+############################
+
+
+@router.get("/", response_model=List[UserModel])
+async def get_users(skip: int = 0, limit: int = 50, cred=Depends(bearer_scheme)):
+    token = cred.credentials
+    user = Users.get_user_by_token(token)
+
+    if user:
+        if user.role == "admin":
+            return Users.get_users(skip, limit)
+        else:
+            raise HTTPException(
+                status_code=status.HTTP_403_FORBIDDEN,
+                detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
+            )
+    else:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail=ERROR_MESSAGES.INVALID_TOKEN,
+        )
+
+
+############################
+# UpdateUserRole
+############################
+
+
+@router.post("/update/role", response_model=Optional[UserModel])
+async def update_user_role(form_data: UserRoleUpdateForm, cred=Depends(bearer_scheme)):
+    token = cred.credentials
+    user = Users.get_user_by_token(token)
+
+    if user:
+        if user.role == "admin":
+            if user.id != form_data.id:
+                return Users.update_user_role_by_id(form_data.id, form_data.role)
+            else:
+                raise HTTPException(
+                    status_code=status.HTTP_403_FORBIDDEN,
+                    detail=ERROR_MESSAGES.ACTION_PROHIBITED,
+                )
+        else:
+            raise HTTPException(
+                status_code=status.HTTP_403_FORBIDDEN,
+                detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
+            )
+    else:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail=ERROR_MESSAGES.INVALID_TOKEN,
+        )