id-py/app/user/handlers.py

from typing import Any

from fastapi import APIRouter, Depends, HTTPException
from sqlalchemy.orm import Session
from starlette.responses import Response

from app.auth.middleware import get_auth_user
from app.user.dto import UserCreationModel, UserResourceModel
from app.user.model import User
import app.user.service as user_service
from app.db import get_db

router = APIRouter()


@router.post("", status_code=201, response_model=UserResourceModel)
async def create_user(model: UserCreationModel, db: Session = Depends(get_db)) -> UserResourceModel:
    user = model.to_entity()
    created_user = user_service.create_user(db, user)
    return UserResourceModel.from_entity(created_user)


@router.get("/me", status_code=200, response_model=UserResourceModel)
async def get_auth_user(auth_user: User = Depends(get_auth_user)):
    return UserResourceModel.from_entity(auth_user)


@router.get("/{id}", status_code=200, response_model=UserResourceModel)
async def get_user_by_id(
    id: int,
    auth_user: User = Depends(get_auth_user),
    db: Session = Depends(get_db)
) -> UserResourceModel:
    check_access(auth_user, id)

    user = user_service.get_user_by_id(db, id)

    if user is None:
        raise HTTPException(status_code=404, detail="User not found")

    return UserResourceModel.from_entity(user)


@router.delete("/{id}", status_code=204)
async def delete_user_by_id(
    id: int,
    auth_user: User = Depends(get_auth_user),
    db: Session = Depends(get_db)
):
    check_access(auth_user, id)

    user_service.delete_user_by_id(db, id)
    return Response(status_code=204)


def check_access(auth_user: User, param: Any):
    access_exception = HTTPException(status_code=403, detail="Forbidden")

    if type(param) is int:
        if not (auth_user.id == param):
            raise access_exception
    elif type(param) is User:
        if not ((auth_user.username == param.username) and (auth_user.email == param.email)):
            raise access_exception