✅ Refactor API routes and add authorization checks

rapeeza1598 · May 3, 2024 · bcd489e · bcd489e
1 parent ee90b1c
commit bcd489e
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 23 deletions.
diff --git a/app/routers/log.py b/app/routers/log.py
@@ -21,8 +21,10 @@
 
 @router.get("/")
 async def read_logs(
-    skip: int = 0, limit: int = 10,
-    db: Session = Depends(get_db), current_user: User = Depends(get_current_user)
+    skip: int = 0,
+    limit: int = 10,
+    db: Session = Depends(get_db),
+    current_user: User = Depends(get_current_user),
 ):
     if current_user.role not in ["superadmin", "stationadmin"]:
         raise HTTPException(status_code=401, detail="Unauthorized")
@@ -76,7 +78,7 @@ async def delete_log(
     db: Session = Depends(get_db),
     current_user: User = Depends(get_current_user),
 ):
-    if current_user.role not in ["superadmin"]:
+    if current_user.role not in ["superadmin", "stationadmin"]:
         raise HTTPException(status_code=401, detail="Unauthorized")
     if delete_log_by_time(db, delete_time.start_date, delete_time.end_date):
         return {"message": "Logs deleted successfully"}

diff --git a/app/routers/super_admin.py b/app/routers/super_admin.py
@@ -37,7 +37,7 @@ async def register_user_by_super_admin(
     db: Session = Depends(get_db),
     current_user: User = Depends(get_current_user),
 ):
-    if current_user.role not in ["superadmin"]:
+    if current_user.role not in ["superadmin", "stationadmin"]:
         raise HTTPException(status_code=401, detail="Unauthorized")
     if get_user_by_email(db, user.email):
         raise HTTPException(status_code=400, detail="Email already registered")
@@ -55,20 +55,18 @@ async def register_user_by_super_admin(
 async def read_users(
     skip: int = 0,
     limit: int = 10,
-    is_active: bool = None, # type: ignore
+    is_active: bool = None,  # type: ignore
     db: Session = Depends(get_db),
     current_user: User = Depends(
         get_current_user,
     ),
 ):
-    if current_user.role not in ["superadmin"]:
+    if current_user.role not in ["superadmin", "stationadmin"]:
         raise HTTPException(status_code=401, detail="Unauthorized")
     return get_users(db, skip=skip, limit=limit, is_active=is_active)
 
 
-@router.put(
-    "/users/{user_id}",response_model=User
-)
+@router.put("/users/{user_id}", response_model=User)
 async def update_user_by_id(
     user_id: str,
     user: updateUserBySuperAdmin,
@@ -94,12 +92,12 @@ async def disable_user(
     current_user: User = Depends(get_current_user),
 ):
     try:
-        if current_user.role not in ["superadmin"]:
+        if current_user.role not in ["superadmin", "stationadmin"]:
             raise HTTPException(status_code=401, detail="Unauthorized")
         user = get_user_by_id(db, user_id)
         if not user:
             raise HTTPException(status_code=404, detail="User not found")
-        user.is_active = False # type: ignore
+        user.is_active = False  # type: ignore
         db.commit()
         user_activity = f"User {current_user.email} disabled user {user_id}"
         create_log_info(db, str(current_user.id), user_activity, type_log="user")
@@ -116,7 +114,7 @@ async def update_user_password_by_superadmin(
     db: Session = Depends(get_db),
     current_user: User = Depends(get_current_user),
 ):
-    if current_user.role not in ["superadmin"]:
+    if current_user.role not in ["superadmin", "stationadmin"]:
         raise HTTPException(status_code=401, detail="Unauthorized")
     try:
         user = get_user_by_id(db, user_id)
@@ -127,8 +125,10 @@ async def update_user_password_by_superadmin(
         user.hashed_password = password_hash(password.password)
         db.commit()
         user_activity = f"User {current_user.email} updated password for user {user_id}"
-        create_log_info(db, str(current_user.id), message=user_activity, type_log="user")
+        create_log_info(
+            db, str(current_user.id), message=user_activity, type_log="user"
+        )
         return {"message": "Password updated successfully"}
     except Exception as e:
         print(e)
-        raise HTTPException(status_code=400, detail="Password not updated") from e
+        raise HTTPException(status_code=400, detail="Password not updated") from e
diff --git a/app/routers/topup.py b/app/routers/topup.py
@@ -53,7 +53,7 @@ async def read_topups(
     db: Session = Depends(get_db),
     current_user: User = Depends(get_current_user),
 ):
-    if current_user.role not in ["superadmin"]:
+    if current_user.role not in ["superadmin", "stationadmin"]:
         raise HTTPException(status_code=401, detail="Unauthorized")
     if topups := get_topups(
         db, skip=skip, limit=limit, status_approved=status_approved
@@ -103,7 +103,7 @@ async def topup_user_balance_by_superadmin(
 ):
     if amount <= 0:
         raise HTTPException(status_code=400, detail="Amount should be greater than 0")
-    if current_user.role not in ["superadmin"]:
+    if current_user.role not in ["superadmin", "stationadmin"]:
         raise HTTPException(status_code=401, detail="Unauthorized")
     user = get_user_by_id(db, user_id)
     if not user:
@@ -124,13 +124,13 @@ async def approve_topup_by_sueradmin(
     db: Session = Depends(get_db),
     current_user: User = Depends(get_current_user),
 ):
-    if current_user.role not in ["superadmin"]:
+    if current_user.role not in ["superadmin", "stationadmin"]:
         raise HTTPException(status_code=401, detail="Unauthorized")
     user = get_user_by_id(db, user_id)
     if not user:
         raise HTTPException(status_code=404, detail="User not found")
     my_topup = get_topup_by_id(db, topup_id)
-    if my_topup.status_approved: # type: ignore
+    if my_topup.status_approved:  # type: ignore
         raise HTTPException(status_code=400, detail="Topup already approved")
     my_approve_topup = approve_topup(db, topup_id)
     if is_approved and not my_approve_topup:
@@ -143,7 +143,9 @@ async def approve_topup_by_sueradmin(
         "Topup approved",
     )
     user_activity = f"User {current_user.email} approved topup {topup_id}"
-    create_log_info(db, str(current_user.id), user_activity, topup_id=topup_id, type_log="topup")
+    create_log_info(
+        db, str(current_user.id), user_activity, topup_id=topup_id, type_log="topup"
+    )
     return {"message": "Transaction approved successfully"}
 
 

diff --git a/app/routers/transaction.py b/app/routers/transaction.py
@@ -34,26 +34,28 @@ async def read_transactions(
             transaction.email = users.email
     return transactions
 
-@router.get("/all",response_model=list[responseTransaction])
+
+@router.get("/all", response_model=list[responseTransaction])
 async def read_transactions_all(
     skip: int = 0,
     limit: int = 10,
     db: Session = Depends(get_db),
     current_user: User = Depends(get_current_user),
 ):
-    if current_user.role not in ["superadmin"]:
+    if current_user.role not in ["superadmin", "stationadmin"]:
         raise HTTPException(status_code=401, detail="Unauthorized")
     transactions = get_transactions(db)
     user_all = get_users(db)
     # map user to transaction
     for transaction in transactions:
         for user in user_all:
-            if transaction.userId == user.id: # type: ignore
+            if transaction.userId == user.id:  # type: ignore
                 transaction.firstName = user.firstName
                 transaction.lastName = user.lastName
                 transaction.email = user.email
     return transactions
 
+
 @router.get("/{user_id}", response_model=list[responseTransaction])
 async def read_transactions_by_user_id(
     user_id: str,
@@ -62,7 +64,7 @@ async def read_transactions_by_user_id(
     db: Session = Depends(get_db),
     current_user: User = Depends(get_current_user),
 ):
-    if current_user.role not in ["superadmin"]:
+    if current_user.role not in ["superadmin", "stationadmin"]:
         raise HTTPException(status_code=401, detail="Unauthorized")
     users = get_user_by_id(db, user_id)
     transactions = get_transaction_by_user_id(db, user_id)