"""User management web routes.""" from fastapi import APIRouter, Request, Depends, Form from fastapi.responses import HTMLResponse, RedirectResponse from sqlalchemy.orm import Session from ..database import get_db from ..models.user import User, UserRole from ..utils.security import get_password_hash from .deps import get_current_user_web, require_admin_web, flash, get_flashed_messages router = APIRouter() @router.get("/users", response_class=HTMLResponse) async def list_users( request: Request, db: Session = Depends(get_db), current_user: User = Depends(require_admin_web) ): """List users.""" if current_user.role == UserRole.SUPER_ADMIN: users = db.query(User).all() else: users = db.query(User).filter(User.tenant_id == current_user.tenant_id).all() return request.app.state.templates.TemplateResponse( "users/list.html", { "request": request, "current_user": current_user, "users": users, "flash_messages": get_flashed_messages(request) } ) @router.get("/users/new", response_class=HTMLResponse) async def new_user_form( request: Request, db: Session = Depends(get_db), current_user: User = Depends(require_admin_web) ): """New user form.""" from ..models.tenant import Tenant tenants = db.query(Tenant).filter(Tenant.is_active == True).all() return request.app.state.templates.TemplateResponse( "users/form.html", { "request": request, "current_user": current_user, "user": None, "tenants": tenants, "roles": [r.value for r in UserRole if r != UserRole.SUPER_ADMIN or current_user.role == UserRole.SUPER_ADMIN], "flash_messages": get_flashed_messages(request) } ) @router.post("/users/new") async def create_user( request: Request, username: str = Form(...), email: str = Form(...), password: str = Form(...), role: str = Form(...), full_name: str = Form(None), tenant_id: int = Form(None), db: Session = Depends(get_db), current_user: User = Depends(require_admin_web) ): """Create new user.""" # Check if username exists existing = db.query(User).filter(User.username == username).first() if existing: flash(request, "Benutzername bereits vergeben", "danger") return RedirectResponse(url="/users/new", status_code=303) # Check if email exists existing = db.query(User).filter(User.email == email).first() if existing: flash(request, "E-Mail bereits vergeben", "danger") return RedirectResponse(url="/users/new", status_code=303) # Determine tenant if current_user.role == UserRole.SUPER_ADMIN and tenant_id: user_tenant_id = tenant_id else: user_tenant_id = current_user.tenant_id user = User( username=username, email=email, password_hash=get_password_hash(password), role=UserRole(role), full_name=full_name or None, tenant_id=user_tenant_id if UserRole(role) != UserRole.SUPER_ADMIN else None ) db.add(user) db.commit() flash(request, f"Benutzer '{username}' erstellt", "success") return RedirectResponse(url="/users", status_code=303) @router.get("/users/{user_id}/access", response_class=HTMLResponse) async def user_access( request: Request, user_id: int, db: Session = Depends(get_db), current_user: User = Depends(require_admin_web) ): """Manage user gateway access.""" from ..models.gateway import Gateway from ..models.access import UserGatewayAccess user = db.query(User).filter(User.id == user_id).first() if not user: flash(request, "Benutzer nicht gefunden", "danger") return RedirectResponse(url="/users", status_code=303) # Get all gateways and current access if current_user.role == UserRole.SUPER_ADMIN: gateways = db.query(Gateway).all() else: gateways = db.query(Gateway).filter(Gateway.tenant_id == current_user.tenant_id).all() user_access = db.query(UserGatewayAccess).filter( UserGatewayAccess.user_id == user_id ).all() access_gateway_ids = [a.gateway_id for a in user_access] return request.app.state.templates.TemplateResponse( "users/access.html", { "request": request, "current_user": current_user, "user": user, "gateways": gateways, "access_gateway_ids": access_gateway_ids, "flash_messages": get_flashed_messages(request) } )