✨ Added routes for user management: list of users and deletion of a user by UID.

2 days ago · 9c41e925d2
parent c1c65cdc87
commit 9c41e925d2
3 changed files with 43 additions and 3 deletions
--- a/app/dto/init.py
+++ b/app/dto/init.py
@ -1,3 +1,3 @@
 from .FriendAddDTO import FriendAddDTO
-from .user import UserDTO, UserRegisterDTO
+from .user import UserDTO, UserRegisterDTO, UserAdminDTO
 from .pin import PinDTO, PinShareDTO
--- a/app/dto/user.py
+++ b/app/dto/user.py
@ -6,4 +6,9 @@ class UserDTO(BaseModel):
    
 class UserRegisterDTO(BaseModel):
    username: str
-    password: str
+    password: str
+
+class UserAdminDTO(BaseModel):
+    uid: str
+    username: str
+    is_admin: bool
--- a/app/routes/admin.py
+++ b/app/routes/admin.py
@ -8,6 +8,7 @@ from app.models import User, HTTPError
 from app.models.config import SystemConfig, DBConfig
 from app.routes.auth import users_collection
 from app.routes.utils import get_admin_user
+from app.dto import UserAdminDTO

 # Database setup
 client = pymongo.MongoClient(config.MONGODB_URL, username=config.MONGODB_USERNAME, password=config.MONGODB_PASSWORD)
@ -195,4 +196,38 @@ async def update_config(
    config.MAX_PINS_PER_USER = new_config.max_pins_per_user
    config.MAX_FRIENDS_PER_USER = new_config.max_friends_per_user
    
-    return new_config 
+    return new_config 
+
+@admin_router.get(
+    path="/users",
+    responses={401: {"model": HTTPError}, 403: {"model": HTTPError}},
+    response_model=list[UserAdminDTO]
+)
+async def list_users(admin_user: User = Depends(get_admin_user)):
+    """Liste tous les utilisateurs (sans le mot de passe) - Route admin uniquement"""
+    users = users_collection.find({}, {"password": 0})  # Exclure le mot de passe
+    users_list = []
+
+    for user in users:
+        user["uid"] = str(user["_id"])
+        user = UserAdminDTO(**user)
+        users_list.append(user)
+
+    return users_list
+
+@admin_router.delete(
+    path="/user/{uid}",
+    responses={401: {"model": HTTPError}, 403: {"model": HTTPError}, 404: {"model": HTTPError}, 400: {"model": HTTPError}}
+)
+async def delete_user(uid: str, admin_user: User = Depends(get_admin_user)):
+    try:
+        ObjectId(uid)
+    except:
+        raise HTTPException(status_code=400, detail="UID invalide")
+    
+    user = users_collection.find_one({"_id": ObjectId(uid)})
+    if not user:
+        raise HTTPException(status_code=404, detail="Utilisateur non trouvé")
+    users_collection.delete_one({"_id": ObjectId(uid)})
+
+    return {"message": "Utilisateur supprimé avec succès"}