Commit existing codebase

app/user/handlers.py

@@ -0,0 +1,59 @@
+from typing import Any
+
+from fastapi import APIRouter, Depends, HTTPException
+from sqlalchemy.orm import Session
+from starlette.responses import Response
+
+from app.auth.middleware import get_auth_user
+from app.user.dto import UserCreationModel, UserResourceModel
+from app.user.model import User
+import app.user.service as user_service
+from app.db import get_db
+
+router = APIRouter()
+
+
+@router.post("", status_code=201, response_model=UserResourceModel)
+async def create_user(model: UserCreationModel, db: Session = Depends(get_db)) -> UserResourceModel:
+    user = model.to_entity()
+    created_user = user_service.create_user(db, user)
+    return UserResourceModel.from_entity(created_user)
+
+
+@router.get("/{id}", status_code=200, response_model=UserResourceModel)
+async def get_user_by_id(
+    id: int,
+    auth_user: User = Depends(get_auth_user),
+    db: Session = Depends(get_db)
+) -> UserResourceModel:
+    check_access(auth_user, id)
+
+    user = user_service.get_user_by_id(db, id)
+
+    if user is None:
+        raise HTTPException(status_code=404, detail="User not found")
+
+    return UserResourceModel.from_entity(user)
+
+
+@router.delete("/{id}", status_code=204)
+async def delete_user_by_id(
+    id: int,
+    auth_user: User = Depends(get_auth_user),
+    db: Session = Depends(get_db)
+):
+    check_access(auth_user, id)
+
+    user_service.delete_user_by_id(db, id)
+    return Response(status_code=204)
+
+
+def check_access(auth_user: User, param: Any):
+    access_exception = HTTPException(status_code=403, detail="Forbidden")
+
+    if type(param) is int:
+        if not (auth_user.id == param):
+            raise access_exception
+    elif type(param) is User:
+        if not ((auth_user.username == param.username) and (auth_user.email == param.email)):
+            raise access_exception