feat: edit user support

backend/apps/web/routers/users.py

@@ -8,10 +8,10 @@ from pydantic import BaseModel
 import time
 import uuid
 
-from apps.web.models.users import UserModel, UserRoleUpdateForm, Users
+from apps.web.models.users import UserModel, UserUpdateForm, UserRoleUpdateForm, Users
 from apps.web.models.auths import Auths
 
-from utils.utils import get_current_user
+from utils.utils import get_current_user, get_password_hash
 from constants import ERROR_MESSAGES
 
 router = APIRouter()
@@ -22,9 +22,7 @@ router = APIRouter()
 
 
 @router.get("/", response_model=List[UserModel])
-async def get_users(skip: int = 0,
-                    limit: int = 50,
-                    user=Depends(get_current_user)):
+async def get_users(skip: int = 0, limit: int = 50, user=Depends(get_current_user)):
     if user.role != "admin":
         raise HTTPException(
             status_code=status.HTTP_403_FORBIDDEN,
@@ -34,25 +32,58 @@ async def get_users(skip: int = 0,
 
 
 ############################
-# UpdateUserRole
+# UpdateUserById
 ############################
 
 
-@router.post("/update/role", response_model=Optional[UserModel])
-async def update_user_role(form_data: UserRoleUpdateForm,
-                           user=Depends(get_current_user)):
-    if user.role != "admin":
+@router.post("/{user_id}/update", response_model=Optional[UserModel])
+async def update_user_by_id(
+    user_id: str, form_data: UserUpdateForm, session_user=Depends(get_current_user)
+):
+    if session_user.role != "admin":
         raise HTTPException(
             status_code=status.HTTP_403_FORBIDDEN,
             detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
         )
 
-    if user.id != form_data.id:
-        return Users.update_user_role_by_id(form_data.id, form_data.role)
+    user = Users.get_user_by_id(user_id)
+
+    if user:
+        if form_data.email != user.email:
+            email_user = Users.get_user_by_email(form_data.email)
+            if email_user:
+                raise HTTPException(
+                    status_code=status.HTTP_400_BAD_REQUEST,
+                    detail=ERROR_MESSAGES.EMAIL_TAKEN,
+                )
+
+        if form_data.password:
+            hashed = get_password_hash(form_data.password)
+            print(hashed)
+            Auths.update_user_password_by_id(user_id, hashed)
+
+        Auths.update_email_by_id(user_id, form_data.email)
+        updated_user = Users.update_user_by_id(
+            user_id,
+            {
+                "name": form_data.name,
+                "email": form_data.email,
+                "profile_image_url": form_data.profile_image_url,
+            },
+        )
+
+        if updated_user:
+            return updated_user
+        else:
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail=ERROR_MESSAGES.DEFAULT(),
+            )
+
     else:
         raise HTTPException(
-            status_code=status.HTTP_403_FORBIDDEN,
-            detail=ERROR_MESSAGES.ACTION_PROHIBITED,
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail=ERROR_MESSAGES.USER_NOT_FOUND,
         )