Implement teams in own file
This commit is contained in:
Sebastiaan
@@ -2,6 +2,7 @@ from fastapi import APIRouter
|
||||
|
||||
from app.api.routes import (
|
||||
events,
|
||||
teams,
|
||||
login,
|
||||
private,
|
||||
users,
|
||||
@@ -16,6 +17,7 @@ api_router.include_router(utils.router)
|
||||
|
||||
|
||||
api_router.include_router(events.router)
|
||||
api_router.include_router(teams.router)
|
||||
|
||||
|
||||
if settings.ENVIRONMENT == "local":
|
||||
|
||||
@@ -16,10 +16,6 @@ from app.models.event import (
|
||||
EventsPublic,
|
||||
EventUpdate,
|
||||
EventUserLink,
|
||||
EventTeam,
|
||||
EventTeamCreate,
|
||||
EventTeamPublic,
|
||||
EventTeamsPublic,
|
||||
)
|
||||
from app.models.user import (
|
||||
PermissionModule,
|
||||
@@ -88,8 +84,9 @@ def read_event(session: SessionDep, current_user: CurrentUser, id: RowId) -> Any
|
||||
module=PermissionModule.EVENT,
|
||||
part=PermissionPart.ADMIN,
|
||||
rights=PermissionRight.READ,
|
||||
) and (event.user_has_rights(user=current_user, rights=PermissionRight.READ)):
|
||||
) and not (event.user_has_rights(user=current_user, rights=PermissionRight.READ)):
|
||||
raise HTTPException(status_code=400, detail="Not enough permissions")
|
||||
|
||||
return event
|
||||
|
||||
|
||||
@@ -131,7 +128,7 @@ def update_event(
|
||||
module=PermissionModule.EVENT,
|
||||
part=PermissionPart.ADMIN,
|
||||
rights=PermissionRight.UPDATE,
|
||||
) and (event.user_has_rights(user=current_user, rights=PermissionRight.UPDATE)):
|
||||
) and not (event.user_has_rights(user=current_user, rights=PermissionRight.UPDATE)):
|
||||
raise HTTPException(status_code=400, detail="Not enough permissions")
|
||||
|
||||
return Event.update(db_obj=event, in_obj=event_in, session=session)
|
||||
@@ -154,7 +151,7 @@ def delete_event(
|
||||
module=PermissionModule.EVENT,
|
||||
part=PermissionPart.ADMIN,
|
||||
rights=PermissionRight.DELETE,
|
||||
) and (event.user_has_rights(user=current_user, rights=PermissionRight.DELETE)):
|
||||
) and not (event.user_has_rights(user=current_user, rights=PermissionRight.DELETE)):
|
||||
raise HTTPException(status_code=400, detail="Not enough permissions")
|
||||
|
||||
session.delete(event)
|
||||
@@ -187,7 +184,7 @@ def add_user_to_event(
|
||||
module=PermissionModule.EVENT,
|
||||
part=PermissionPart.ADMIN,
|
||||
rights=PermissionRight.MANAGE_USERS,
|
||||
) and (
|
||||
) and not (
|
||||
event.user_has_rights(
|
||||
user=current_user, rights=(PermissionRight.MANAGE_USERS | rights_in.rights)
|
||||
)
|
||||
@@ -219,9 +216,7 @@ def remove_user_from_event(
|
||||
module=PermissionModule.EVENT,
|
||||
part=PermissionPart.ADMIN,
|
||||
rights=PermissionRight.MANAGE_USERS,
|
||||
) and not event.user_has_rights(
|
||||
user=current_user, rights=PermissionRight.MANAGE_USERS
|
||||
):
|
||||
) and not event.user_has_rights(user=current_user, rights=PermissionRight.MANAGE_USERS):
|
||||
raise HTTPException(status_code=403, detail="Not enough permissions")
|
||||
|
||||
user = session.get(User, user_id)
|
||||
@@ -235,165 +230,3 @@ def remove_user_from_event(
|
||||
|
||||
|
||||
# endregion
|
||||
|
||||
|
||||
# region # Event / Teams #######################################################
|
||||
|
||||
@router.get("/{id}/teams", response_model=EventTeamsPublic, tags=router.tags + [ApiTags.TEAMS])
|
||||
def read_event_teams(
|
||||
session: SessionDep, current_user: CurrentUser, id: RowId, skip: int = 0, limit: int = 100
|
||||
) -> Any:
|
||||
"""
|
||||
Retrieve event teams from a single event.
|
||||
"""
|
||||
|
||||
# Event permissions
|
||||
event = session.get(Event, id)
|
||||
if not event:
|
||||
raise HTTPException(status_code=404, detail="Event not found")
|
||||
|
||||
if not current_user.has_permission(
|
||||
module=PermissionModule.EVENT,
|
||||
part=PermissionPart.ADMIN,
|
||||
rights=(PermissionRight.READ | PermissionRight.MANGE_TEAMS),
|
||||
) and ( event and (event.user_has_right(user=current_user, rights=(PermissionRight.READ | PermissionRight.MANGE_TEAMS)))):
|
||||
raise HTTPException(status_code=400, detail="Not enough permissions")
|
||||
|
||||
# Get list
|
||||
count_statement = (
|
||||
select(func.count())
|
||||
.select_from(EventTeam)
|
||||
.where(EventTeam.event_id == id)
|
||||
)
|
||||
count = session.exec(count_statement).one()
|
||||
statement = (
|
||||
select(EventTeam)
|
||||
.where(EventTeam.event_id == id)
|
||||
.offset(skip)
|
||||
.limit(limit)
|
||||
)
|
||||
event_teams = session.exec(statement).all()
|
||||
|
||||
return EventTeamsPublic(data=event_teams, count=count)
|
||||
|
||||
|
||||
@router.post("/{id}/teams", response_model=EventTeamPublic, tags=router.tags + [ApiTags.TEAMS])
|
||||
def create_event_team(
|
||||
*, session: SessionDep, current_user: CurrentUser, id: RowId, event_team_in: EventTeamCreate
|
||||
) -> Any:
|
||||
"""
|
||||
Create new team inside event.
|
||||
"""
|
||||
|
||||
event = session.get(Event, id)
|
||||
|
||||
if not current_user.has_permissions(
|
||||
module=PermissionModule.EVENT,
|
||||
part=PermissionPart.ADMIN,
|
||||
rights=PermissionRight.MANGE_TEAMS,
|
||||
) and ( event and (event.user_has_rights(user=current_user, rights=PermissionRight.MANGE_TEAMS))):
|
||||
raise HTTPException(status_code=400, detail="Not enough permissions")
|
||||
|
||||
event_team = EventTeam.create(create_obj=event_team_in, event=event, session=session)
|
||||
return event_team
|
||||
|
||||
|
||||
@router.get("-teams", response_model=EventTeamsPublic, tags=router.tags + [ApiTags.TEAMS])
|
||||
def read_all_event_teams(
|
||||
session: SessionDep, current_user: CurrentUser, skip: int = 0, limit: int = 100
|
||||
) -> Any:
|
||||
"""
|
||||
Retrieve all event teams.
|
||||
"""
|
||||
|
||||
if not current_user.has_permissions(
|
||||
module=PermissionModule.EVENT,
|
||||
part=PermissionPart.ADMIN,
|
||||
rights=PermissionRight.MANGE_TEAMS,
|
||||
):
|
||||
raise HTTPException(status_code=400, detail="Not enough permissions")
|
||||
|
||||
# Get list
|
||||
count_statement = (
|
||||
select(func.count())
|
||||
.select_from(EventTeam)
|
||||
)
|
||||
count = session.exec(count_statement).one()
|
||||
statement = (
|
||||
select(EventTeam)
|
||||
.offset(skip)
|
||||
.limit(limit)
|
||||
)
|
||||
event_teams = session.exec(statement).all()
|
||||
|
||||
return EventTeamsPublic(data=event_teams, count=count)
|
||||
|
||||
|
||||
@router.get("-teams/{id}", response_model=EventTeamPublic, tags=router.tags + [ApiTags.TEAMS])
|
||||
def read_event_team(session: SessionDep, current_user: CurrentUser, id: RowId) -> Any:
|
||||
"""
|
||||
Get event team by ID.
|
||||
"""
|
||||
event_team = session.get(EventTeam, id)
|
||||
if not event_team:
|
||||
raise HTTPException(status_code=404, detail="Event team not found")
|
||||
|
||||
event = session.get(Event, event_team.event_id)
|
||||
|
||||
if not current_user.has_permissions(
|
||||
module=PermissionModule.EVENT,
|
||||
part=PermissionPart.ADMIN,
|
||||
rights=PermissionRight.MANGE_TEAMS,
|
||||
) and ( event and (event.user_has_rights(user=current_user, rights=PermissionRight.MANGE_TEAMS))):
|
||||
raise HTTPException(status_code=400, detail="Not enough permissions")
|
||||
|
||||
return event_team
|
||||
|
||||
|
||||
@router.put("-teams/{id}", response_model=EventTeamPublic, tags=router.tags + [ApiTags.TEAMS])
|
||||
def create_event_team(
|
||||
*, session: SessionDep, current_user: CurrentUser, id: RowId, event_team_in: EventTeamCreate
|
||||
) -> Any:
|
||||
"""
|
||||
Update team.
|
||||
"""
|
||||
event_team = session.get(EventTeam, id)
|
||||
if not event_team:
|
||||
raise HTTPException(status_code=404, detail="Event team not found")
|
||||
|
||||
event = session.get(Event, event_team.event_id)
|
||||
|
||||
if not current_user.has_permissions(
|
||||
module=PermissionModule.EVENT,
|
||||
part=PermissionPart.ADMIN,
|
||||
rights=PermissionRight.MANGE_TEAMS,
|
||||
) and ( event and (event.user_has_rights(user=current_user, rights=PermissionRight.MANGE_TEAMS))):
|
||||
raise HTTPException(status_code=400, detail="Not enough permissions")
|
||||
|
||||
event_team = EventTeam.update(db_obj=event_team, in_obj=event_team_in, session=session)
|
||||
return event_team
|
||||
|
||||
|
||||
@router.delete("-teams/{id}", tags=router.tags + [ApiTags.TEAMS])
|
||||
def delete_event_team(session: SessionDep,current_user: CurrentUser, id: RowId) -> Message:
|
||||
"""
|
||||
Delete an event team.
|
||||
"""
|
||||
event_team = session.get(EventTeam, id)
|
||||
if not event_team:
|
||||
raise HTTPException(status_code=404, detail="Event team not found")
|
||||
|
||||
event = session.get(Event, event_team.event_id)
|
||||
|
||||
if not current_user.has_permissions(
|
||||
module=PermissionModule.EVENT,
|
||||
part=PermissionPart.ADMIN,
|
||||
rights=PermissionRight.MANGE_TEAMS,
|
||||
) and (event.user_has_rights(user=current_user, rights=PermissionRight.MANGE_TEAMS)):
|
||||
raise HTTPException(status_code=400, detail="Not enough permissions")
|
||||
|
||||
session.delete(event_team)
|
||||
session.commit()
|
||||
return Message(message="Event team deleted successfully")
|
||||
|
||||
# endregion
|
||||
193
backend/app/api/routes/teams.py
Normal file
193
backend/app/api/routes/teams.py
Normal file
@@ -0,0 +1,193 @@
|
||||
from typing import Any
|
||||
|
||||
from fastapi import APIRouter, HTTPException
|
||||
from sqlmodel import func, select
|
||||
|
||||
from app.api.deps import CurrentUser, SessionDep
|
||||
from app.models.base import (
|
||||
ApiTags,
|
||||
Message,
|
||||
RowId,
|
||||
)
|
||||
from app.models.team import (
|
||||
Team,
|
||||
TeamCreate,
|
||||
TeamUpdate,
|
||||
TeamPublic,
|
||||
TeamsPublic,
|
||||
)
|
||||
from app.models.event import (
|
||||
Event,
|
||||
EventUserLink,
|
||||
)
|
||||
from app.models.user import (
|
||||
PermissionModule,
|
||||
PermissionPart,
|
||||
PermissionRight,
|
||||
)
|
||||
|
||||
router = APIRouter(prefix="/teams", tags=[ApiTags.TEAMS])
|
||||
|
||||
|
||||
# region # Teams ###############################################################
|
||||
|
||||
@router.get("/", response_model=TeamsPublic)
|
||||
def read_teams(
|
||||
session: SessionDep, current_user: CurrentUser, skip: int = 0, limit: int = 100
|
||||
) -> Any:
|
||||
"""
|
||||
Retrieve all teams.
|
||||
"""
|
||||
|
||||
if current_user.has_permissions(
|
||||
module=PermissionModule.TEAM,
|
||||
part=PermissionPart.ADMIN,
|
||||
rights=PermissionRight.READ,
|
||||
):
|
||||
count_statement = select(func.count()).select_from(Team)
|
||||
count = session.exec(count_statement).one()
|
||||
statement = select(Team).offset(skip).limit(limit)
|
||||
teams = session.exec(statement).all()
|
||||
|
||||
else:
|
||||
# Only read teams that are connected to an event that the user can read
|
||||
count_statement = (
|
||||
select(func.count())
|
||||
.select_from(Team)
|
||||
.join(Event) # Join with Event to filter teams based on events
|
||||
.join(EventUserLink) # Join with EventUserLink to check user permissions
|
||||
.where(
|
||||
EventUserLink.user_id == current_user.id,
|
||||
# FIXME: (EventUserLink.rights & (PermissionRight.READ | PermissionRight.MANAGE_TEAMS)) > 0
|
||||
)
|
||||
)
|
||||
count = session.exec(count_statement).one()
|
||||
|
||||
statement = (
|
||||
select(Team)
|
||||
.join(Event)
|
||||
.join(EventUserLink)
|
||||
.where(
|
||||
EventUserLink.user_id == current_user.id,
|
||||
# FIXME: (EventUserLink.rights & (PermissionRight.READ | PermissionRight.MANAGE_TEAMS)) > 0
|
||||
)
|
||||
.offset(skip)
|
||||
.limit(limit)
|
||||
)
|
||||
teams = session.exec(statement).all()
|
||||
|
||||
return TeamsPublic(data=teams, count=count)
|
||||
|
||||
|
||||
@router.get("/{id}", response_model=TeamPublic)
|
||||
def read_team(session: SessionDep, current_user: CurrentUser, id: RowId) -> Any:
|
||||
"""
|
||||
Get team by ID.
|
||||
"""
|
||||
team = session.get(Team, id)
|
||||
if not team:
|
||||
raise HTTPException(status_code=404, detail="Team not found")
|
||||
|
||||
event = session.get(Event, team.event_id)
|
||||
if not event:
|
||||
raise HTTPException(status_code=404, detail="Event not found")
|
||||
|
||||
if not current_user.has_permissions(
|
||||
module=PermissionModule.TEAM,
|
||||
part=PermissionPart.ADMIN,
|
||||
rights=PermissionRight.READ,
|
||||
) and not (event.user_has_rights(user=current_user, rights=PermissionRight.MANAGE_TEAMS)):
|
||||
raise HTTPException(status_code=400, detail="Not enough permissions")
|
||||
|
||||
return team
|
||||
|
||||
|
||||
@router.post("/", response_model=TeamPublic)
|
||||
def create_team(
|
||||
*, session: SessionDep, current_user: CurrentUser, team_in: TeamCreate
|
||||
) -> Any:
|
||||
"""
|
||||
Create new team.
|
||||
"""
|
||||
|
||||
event = session.get(Event, team_in.event_id)
|
||||
if not event:
|
||||
raise HTTPException(status_code=404, detail="Event not found")
|
||||
|
||||
if not current_user.has_permissions(
|
||||
module=PermissionModule.TEAM,
|
||||
part=PermissionPart.ADMIN,
|
||||
rights=PermissionRight.UPDATE,
|
||||
) and not (event.user_has_rights(user=current_user, rights=PermissionRight.MANAGE_TEAMS)):
|
||||
raise HTTPException(status_code=400, detail="Not enough permissions")
|
||||
|
||||
team = Team.create(create_obj=team_in, session=session)
|
||||
return team
|
||||
|
||||
|
||||
@router.put("/{id}", response_model=TeamPublic)
|
||||
def update_team(
|
||||
*, session: SessionDep, current_user: CurrentUser, id: RowId, team_in: TeamUpdate
|
||||
) -> Any:
|
||||
"""
|
||||
Update a team.
|
||||
"""
|
||||
team = session.get(Team, id)
|
||||
if not team:
|
||||
raise HTTPException(status_code=404, detail="Team not found")
|
||||
|
||||
# Check user's permissions for the existing event
|
||||
event = session.get(Event, team.event_id)
|
||||
if not event:
|
||||
raise HTTPException(status_code=404, detail="Event not found")
|
||||
|
||||
if not current_user.has_permissions(
|
||||
module=PermissionModule.TEAM,
|
||||
part=PermissionPart.ADMIN,
|
||||
rights=PermissionRight.UPDATE,
|
||||
) and not (event.user_has_rights(user=current_user, rights=PermissionRight.MANAGE_TEAMS)):
|
||||
raise HTTPException(status_code=400, detail="Not enough permissions")
|
||||
|
||||
# Check rights for the new event data
|
||||
if team_in.event_id:
|
||||
event = session.get(Event, team_in.event_id)
|
||||
if not event:
|
||||
raise HTTPException(status_code=404, detail="New event not found")
|
||||
|
||||
if not current_user.has_permissions(
|
||||
module=PermissionModule.TEAM,
|
||||
part=PermissionPart.ADMIN,
|
||||
rights=PermissionRight.UPDATE,
|
||||
) and not (event.user_has_rights(user=current_user, rights=PermissionRight.MANAGE_TEAMS)):
|
||||
raise HTTPException(status_code=400, detail="Not enough permissions")
|
||||
|
||||
# Update the team
|
||||
team = Team.update(db_obj=team, in_obj=team_in, session=session)
|
||||
return team
|
||||
|
||||
|
||||
@router.delete("/{id}")
|
||||
def delete_team(session: SessionDep,current_user: CurrentUser, id: RowId) -> Message:
|
||||
"""
|
||||
Delete a team.
|
||||
"""
|
||||
team = session.get(Team, id)
|
||||
if not team:
|
||||
raise HTTPException(status_code=404, detail="Team not found")
|
||||
|
||||
event = session.get(Event, team.event_id)
|
||||
if not event:
|
||||
raise HTTPException(status_code=404, detail="Event not found")
|
||||
|
||||
if not current_user.has_permissions(
|
||||
module=PermissionModule.TEAM,
|
||||
part=PermissionPart.ADMIN,
|
||||
rights=PermissionRight.DELETE,
|
||||
) and not (event.user_has_rights(user=current_user, rights=PermissionRight.MANAGE_TEAMS)):
|
||||
raise HTTPException(status_code=400, detail="Not enough permissions")
|
||||
|
||||
session.delete(team)
|
||||
session.commit()
|
||||
return Message(message="Team deleted successfully")
|
||||
|
||||
# endregion
|
||||
Reference in New Issue
Block a user