Dump changes

app/user/handlers.py

@@ -4,6 +4,7 @@ from fastapi import APIRouter, Depends, HTTPException
 from sqlalchemy.orm import Session
 from starlette.responses import Response
 
+from app.access_control.role import has_role
 from app.auth.middleware import get_auth_user
 from app.user.dto import UserCreationModel, UserResourceModel
 from app.user.model import User
@@ -21,6 +22,7 @@ async def create_user(
 ) -> UserResourceModel:
     user = model.to_entity()
     created_user = user_service.create_user(db, user)
+
     return UserResourceModel.from_entity(created_user)
 
 

app/user/model.py

@@ -1,9 +1,11 @@
 import enum
 from datetime import datetime
 
-from sqlalchemy import Column, String, Integer, DateTime, Enum, Date
+from sqlalchemy import Column, String, Integer, DateTime, Enum, Date, ForeignKey
+from sqlalchemy.orm import relationship
 
 from app.db import EntityBase
+from app.role.model import Role
 
 
 class Sex(enum.Enum):
@@ -22,8 +24,14 @@ class User(EntityBase):
     username = Column(String(length=32), unique=True, nullable=False)
     email = Column(String, unique=True, nullable=False)
     password = Column(String, nullable=False)
+    role_id = Column(Integer, ForeignKey("roles.id"))
     given_name = Column(String(length=32), nullable=False)
     family_name = Column(String(length=32))
     sex = Column(Enum(Sex), nullable=False, default=Sex.NOT_KNOWN)
     birthdate = Column(Date)
     creation_date = Column(DateTime, nullable=False, default=datetime.utcnow())
+
+    role = relationship("Role", back_populates="users")
+
+
+Role.users = relationship("User", back_populates="role")

app/user/root.py

@@ -1,21 +0,0 @@
-from datetime import date
-
-from app.config import config
-from app.db import session_factory
-from app.user import service as user_service
-from app.user.model import User
-
-
-def init_root_user():
-    db = session_factory()
-    root_user = user_service.get_user_by_username(db, "root")
-
-    if root_user is None:
-        user_service.create_user(db, User(
-            username="root",
-            email=config["CGNO_ROOT_EMAIL"],
-            password=config["CGNO_ROOT_PASSWORD"],
-            given_name="Root",
-            birthdate=date.today()
-        ))
-        db.close()

app/user/service.py

@@ -1,15 +1,18 @@
+from datetime import date
 from typing import Optional
 
 from passlib.context import CryptContext
 from sqlalchemy.orm import Session
 
 from app.user.model import User
+from app.role import service as role_service
 
 pwd_context = CryptContext(schemes=["bcrypt"])
 
 
 def create_user(db: Session, user: User) -> User:
-    if get_user_by_username_or_email(db, user.username, user.email) is not None:
+    existing_user = get_user_by_username_or_email(db, user.username, user.email)
+    if existing_user is not None:
         raise Exception()
 
     user.password = pwd_context.hash(user.password)
@@ -31,8 +34,28 @@ def get_user_by_username_or_email(db: Session, username: str, email: str) -> Opt
     return db.query(User).filter(User.username == username, User.email == email).one_or_none()
 
 
+def create_root_user(db: Session, root_email: str, root_password: str):
+    root_user = get_user_by_username(db, "root")
+    admin_role = role_service.get_role_by_name(db, "admin")
+
+    if root_user is None:
+        root_user = User(
+            username="root",
+            email=root_email,
+            password=root_password,
+            given_name="Root",
+            role=admin_role,
+            birthdate=date.today()
+        )
+        create_user(db, root_user)
+
+
 def delete_user_by_id(db: Session, id: int):
     user = get_user_by_id(db, id)
+
+    if user.username == "root":
+        raise Exception()
+
     if user is not None:
         db.delete(user)
         db.commit()