csci-backend/app/apis/v1/route_user.py

# Routes for user. MAIN PART OF THE API
from fastapi import APIRouter, HTTPException, status
from sqlalchemy.orm import Session
from fastapi import Depends
from typing import List, Annotated
from apis.v1.route_auth import get_current_user
from db.models.user import User
from schemas.user import UserCreate, ShowUser, ShowDriver, DriverCreate
from db.session import get_db
from db.repository.user import (
    create_new_user,
    list_users,
    get_user_by_id,
    replace_user_data,
    create_new_driver,
    delete_user_data,
)


router = APIRouter()


@router.post("/", response_model=ShowUser, status_code=status.HTTP_201_CREATED)
def create_user(
    user: UserCreate,
    db: Session = Depends(get_db),
    current_user: User = Depends(get_current_user),
):
    if current_user.Role != "Admin":
        raise HTTPException(
            status_code=403, detail="You are not authorized to perform this action"
        )
    # if current_user.Role != "Admin":
    #     raise HTTPException(status_code=403, detail="You are not authorized to perform this action")
    user = create_new_user(user=user, db=db)
    return user


@router.post("/driver", response_model=ShowDriver, status_code=status.HTTP_201_CREATED)
def create_driver(
    driver: DriverCreate,
    db: Session = Depends(get_db),
    current_user: User = Depends(get_current_user),
):
    if current_user.Role != "Admin":
        raise HTTPException(
            status_code=403, detail="You are not authorized to perform this action"
        )
    driver = create_new_driver(driver=driver, db=db)
    return driver


@router.get("/", response_model=List[ShowUser], status_code=status.HTTP_200_OK)
def get_all_users(db: Session = Depends(get_db), role: str = None):
    if role is None:
        users = list_users(db=db)
        return users
    users = list_users(db=db, role=role)
    return users


@router.put("/{user_id}", response_model=ShowUser, status_code=status.HTTP_202_ACCEPTED)
def update_user(
    user_id: int,
    user: UserCreate,
    db: Session = Depends(get_db),
    current_user: User = Depends(get_current_user),
):
    if current_user.Role != "Admin":
        raise HTTPException(
            status_code=403, detail="You are not authorized to perform this action"
        )
    user = replace_user_data(user_id=user_id, user=user, db=db)
    return user


@router.get("/me", response_model=ShowUser, status_code=status.HTTP_200_OK)
def get_user_me(
    current_user: Annotated[User, Depends(get_current_user)],
    db: Annotated[Session, Depends(get_db)],
):
    print("Getting current user...")
    return current_user


@router.get("/{user_id}", response_model=ShowUser, status_code=status.HTTP_200_OK)
def get_user(user_id: int, db: Session = Depends(get_db)):
    user = get_user_by_id(user_id=user_id, db=db)
    if not user:
        raise HTTPException(status_code=404, detail="User not found")
    return user


@router.get(
    "/driver/{driver_id}", response_model=ShowDriver, status_code=status.HTTP_200_OK
)
def get_driver(driver_id: int, db: Session = Depends(get_db)):
    driver = get_user_by_id(user_id=driver_id, role="Driver", db=db)
    if not driver:
        raise HTTPException(status_code=404, detail="Driver not found")
    res = driver.__dict__
    res["AssignedVehicle"] = driver.vehicle

    return driver


@router.delete("/{user_id}", status_code=status.HTTP_200_OK)
def delete_user(
    user_id: int,
    db: Session = Depends(get_db),
    current_user: User = Depends(get_current_user),
):
    if current_user.Role != "Admin":
        raise HTTPException(
            status_code=403, detail="You are not authorized to perform this action"
        )
    result = delete_user_data(id=user_id, db=db)
    if result == "userNotFound":
        raise HTTPException(status_code=404, detail="User not found")
    return result