csci-backend/app/apis/v1/route_user.py

# Routes for user. MAIN PART OF THE API
from fastapi import APIRouter, HTTPException, status
from sqlalchemy.orm import Session
from fastapi import Depends
from typing import List, Annotated
from apis.v1.route_auth import get_current_user
from db.models.user import User
from schemas.user import UserCreate, ShowUser
from db.session import get_db
from db.repository.user import create_new_user, list_users, get_user_by_id


router = APIRouter()


@router.post("/", response_model=ShowUser, status_code=status.HTTP_201_CREATED)
def create_user(
    user: UserCreate,
    db: Session = Depends(get_db),
    current_user: User = Depends(get_current_user),
):
    if (current_user.Role != "Admin"):
        raise HTTPException(status_code=403, detail="You are not authorized to perform this action")
    # if current_user.Role != "Admin":
    #     raise HTTPException(status_code=403, detail="You are not authorized to perform this action")
    user = create_new_user(user=user, db=db)
    return user


@router.get("/", response_model=List[ShowUser], status_code=status.HTTP_200_OK)
def get_all_users(db: Session = Depends(get_db), role: str = None):
    if role is None:
        users = list_users(db=db)
        return users
    users = list_users(db=db, role=role)
    return users


@router.get("/me", response_model=ShowUser, status_code=status.HTTP_200_OK)
def get_user_me(
    current_user: Annotated[User, Depends(get_current_user)],
    db: Annotated[Session, Depends(get_db)],
):
    print("Getting current user...")
    return current_user


@router.get("/{user_id}", response_model=ShowUser, status_code=status.HTTP_200_OK)
def get_user(user_id: int, db: Session = Depends(get_db)):
    user = get_user_by_id(user_id=user_id, db=db)
    if not user:
        raise HTTPException(status_code=404, detail="User not found")
    return user