from fastapi import APIRouter, Depends, HTTPException, status, BackgroundTasks from sqlalchemy.orm import Session from typing import List from .. import database, models, schemas, auth_utils from ..services import email router = APIRouter( prefix="/requests", tags=["Access Requests"] ) @router.post("/", response_model=schemas.AccessRequestOut) async def create_request(request: schemas.AccessRequestCreate, background_tasks: BackgroundTasks, db: Session = Depends(database.get_db)): # Check if user already exists existing_user = db.query(models.User).filter(models.User.username == request.username).first() if existing_user: raise HTTPException(status_code=400, detail="Username already taken") # Check if request already exists existing_req = db.query(models.AccessRequest).filter(models.AccessRequest.username == request.username, models.AccessRequest.status == "pending").first() if existing_req: raise HTTPException(status_code=400, detail="Pending request already exists for this username") hashed_password = auth_utils.get_password_hash(request.password) db_request = models.AccessRequest( username=request.username, email=request.email, hashed_password=hashed_password, status="pending" ) # Add requested apps for app_id in request.app_ids: app = db.query(models.Application).filter(models.Application.id == app_id).first() if app: db_request.requested_apps.append(app) db.add(db_request) db.commit() db.refresh(db_request) # Send email to user (Received) background_tasks.add_task(email.send_request_received_email, request.email, request.username) # Send email to admin (New Request) background_tasks.add_task(email.send_admin_notification_email, request.username) return db_request @router.get("/", response_model=List[schemas.AccessRequestOut], dependencies=[Depends(auth_utils.get_current_admin_user)]) async def read_requests(skip: int = 0, limit: int = 100, db: Session = Depends(database.get_db)): requests = db.query(models.AccessRequest).filter(models.AccessRequest.status == "pending").offset(skip).limit(limit).all() return requests @router.post("/{request_id}/approve", dependencies=[Depends(auth_utils.get_current_admin_user)]) async def approve_request(request_id: int, background_tasks: BackgroundTasks, db: Session = Depends(database.get_db)): req = db.query(models.AccessRequest).filter(models.AccessRequest.id == request_id).first() if not req: raise HTTPException(status_code=404, detail="Request not found") if req.status != "pending": raise HTTPException(status_code=400, detail="Request already processed") # Create User new_user = models.User( username=req.username, email=req.email, hashed_password=req.hashed_password, is_active=True, is_admin=False ) db.add(new_user) db.commit() db.refresh(new_user) # Assign Apps for app in req.requested_apps: assignment = models.UserApplication(user_id=new_user.id, application_id=app.id) db.add(assignment) req.status = "approved" db.commit() # Send email to user (Approved) background_tasks.add_task(email.send_welcome_email, req.email, req.username, "********") # Don't send password again, they know it return {"message": "Request approved and user created"} @router.post("/{request_id}/reject", dependencies=[Depends(auth_utils.get_current_admin_user)]) async def reject_request(request_id: int, db: Session = Depends(database.get_db)): req = db.query(models.AccessRequest).filter(models.AccessRequest.id == request_id).first() if not req: raise HTTPException(status_code=404, detail="Request not found") req.status = "rejected" db.commit() return {"message": "Request rejected"}