From 9c41e925d2443da80a7a2eacf000c5d3afabd9d1 Mon Sep 17 00:00:00 2001 From: Alix JEUDI--LEMOINE Date: Thu, 5 Jun 2025 23:56:09 +0200 Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20Added=20routes=20for=20user=20manag?= =?UTF-8?q?ement:=20list=20of=20users=20and=20deletion=20of=20a=20user=20b?= =?UTF-8?q?y=20UID.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/dto/__init__.py | 2 +- app/dto/user.py | 7 ++++++- app/routes/admin.py | 37 ++++++++++++++++++++++++++++++++++++- 3 files changed, 43 insertions(+), 3 deletions(-) diff --git a/app/dto/__init__.py b/app/dto/__init__.py index ffc4e9e..02d8375 100644 --- a/app/dto/__init__.py +++ b/app/dto/__init__.py @@ -1,3 +1,3 @@ from .FriendAddDTO import FriendAddDTO -from .user import UserDTO, UserRegisterDTO +from .user import UserDTO, UserRegisterDTO, UserAdminDTO from .pin import PinDTO, PinShareDTO \ No newline at end of file diff --git a/app/dto/user.py b/app/dto/user.py index 22c6865..3c06811 100644 --- a/app/dto/user.py +++ b/app/dto/user.py @@ -6,4 +6,9 @@ class UserDTO(BaseModel): class UserRegisterDTO(BaseModel): username: str - password: str \ No newline at end of file + password: str + +class UserAdminDTO(BaseModel): + uid: str + username: str + is_admin: bool \ No newline at end of file diff --git a/app/routes/admin.py b/app/routes/admin.py index 0901a55..adc4cd5 100644 --- a/app/routes/admin.py +++ b/app/routes/admin.py @@ -8,6 +8,7 @@ from app.models import User, HTTPError from app.models.config import SystemConfig, DBConfig from app.routes.auth import users_collection from app.routes.utils import get_admin_user +from app.dto import UserAdminDTO # Database setup client = pymongo.MongoClient(config.MONGODB_URL, username=config.MONGODB_USERNAME, password=config.MONGODB_PASSWORD) @@ -195,4 +196,38 @@ async def update_config( config.MAX_PINS_PER_USER = new_config.max_pins_per_user config.MAX_FRIENDS_PER_USER = new_config.max_friends_per_user - return new_config \ No newline at end of file + return new_config + +@admin_router.get( + path="/users", + responses={401: {"model": HTTPError}, 403: {"model": HTTPError}}, + response_model=list[UserAdminDTO] +) +async def list_users(admin_user: User = Depends(get_admin_user)): + """Liste tous les utilisateurs (sans le mot de passe) - Route admin uniquement""" + users = users_collection.find({}, {"password": 0}) # Exclure le mot de passe + users_list = [] + + for user in users: + user["uid"] = str(user["_id"]) + user = UserAdminDTO(**user) + users_list.append(user) + + return users_list + +@admin_router.delete( + path="/user/{uid}", + responses={401: {"model": HTTPError}, 403: {"model": HTTPError}, 404: {"model": HTTPError}, 400: {"model": HTTPError}} +) +async def delete_user(uid: str, admin_user: User = Depends(get_admin_user)): + try: + ObjectId(uid) + except: + raise HTTPException(status_code=400, detail="UID invalide") + + user = users_collection.find_one({"_id": ObjectId(uid)}) + if not user: + raise HTTPException(status_code=404, detail="Utilisateur non trouvé") + users_collection.delete_one({"_id": ObjectId(uid)}) + + return {"message": "Utilisateur supprimé avec succès"}