nightbug/sukjenogi-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
sukjenogi-backend/app/api/admin_users.py
김종호 28dfc7ad69 관리자부분 추가
2025-09-19 16:28:03 +09:00

51 lines
2.2 KiB
Python
Raw Blame History

from fastapi import APIRouter, Depends, HTTPException, status
from sqlalchemy.orm import Session
from app.core.database import get_db
from app.core.security_admin import get_current_admin, hash_password
from app.models.admin_user import AdminUser
from app.schemas.admin_user import AdminUserCreate, AdminUserUpdate, AdminUserOut
router = APIRouter()
@router.get("", response_model=list[AdminUserOut])
def list_admin_users(db: Session = Depends(get_db), _: AdminUser = Depends(get_current_admin)):
return db.query(AdminUser).order_by(AdminUser.id.desc()).all()
@router.post("", response_model=AdminUserOut, status_code=201)
def create_admin_user(payload: AdminUserCreate, db: Session = Depends(get_db), me: AdminUser = Depends(get_current_admin)):
# 슈퍼관리자만 생성 허용
if not me.is_superadmin:
raise HTTPException(status_code=403, detail="Superadmin required")
if db.query(AdminUser).filter(AdminUser.username == payload.username).first():
raise HTTPException(status_code=409, detail="Username already exists")
user = AdminUser(
username=payload.username,
password_hash=hash_password(payload.password),
name=payload.name,
email=payload.email,
is_superadmin=payload.is_superadmin,
is_active=payload.is_active,
)
db.add(user); db.commit(); db.refresh(user)
return user
@router.patch("/{user_id}", response_model=AdminUserOut)
def update_admin_user(user_id: int, payload: AdminUserUpdate, db: Session = Depends(get_db), me: AdminUser = Depends(get_current_admin)):
user = db.query(AdminUser).get(user_id)
if not user: raise HTTPException(404, "Not found")
if payload.password: user.password_hash = hash_password(payload.password)
for f in ("name","email","is_active","is_superadmin"):
v = getattr(payload, f)
if v is not None:
setattr(user, f, v)
db.commit(); db.refresh(user)
return user
@router.delete("/{user_id}", status_code=204)
def delete_admin_user(user_id: int, db: Session = Depends(get_db), me: AdminUser = Depends(get_current_admin)):
if not me.is_superadmin:
raise HTTPException(403, "Superadmin required")
user = db.query(AdminUser).get(user_id)
if not user: return
db.delete(user); db.commit()
Reference in New Issue View Git Blame Copy Permalink