99 lines
3.9 KiB
Python
99 lines
3.9 KiB
Python
from fastapi import APIRouter, Depends, HTTPException, status, BackgroundTasks
|
|
from sqlalchemy.orm import Session
|
|
from typing import List
|
|
from .. import database, models, schemas, auth_utils
|
|
from ..services import email
|
|
|
|
router = APIRouter(
|
|
prefix="/requests",
|
|
tags=["Access Requests"]
|
|
)
|
|
|
|
@router.post("/", response_model=schemas.AccessRequestOut)
|
|
async def create_request(request: schemas.AccessRequestCreate, background_tasks: BackgroundTasks, db: Session = Depends(database.get_db)):
|
|
# Check if user already exists
|
|
existing_user = db.query(models.User).filter(models.User.username == request.username).first()
|
|
if existing_user:
|
|
raise HTTPException(status_code=400, detail="Username already taken")
|
|
|
|
# Check if request already exists
|
|
existing_req = db.query(models.AccessRequest).filter(models.AccessRequest.username == request.username, models.AccessRequest.status == "pending").first()
|
|
if existing_req:
|
|
raise HTTPException(status_code=400, detail="Pending request already exists for this username")
|
|
|
|
hashed_password = auth_utils.get_password_hash(request.password)
|
|
|
|
db_request = models.AccessRequest(
|
|
username=request.username,
|
|
email=request.email,
|
|
hashed_password=hashed_password,
|
|
status="pending"
|
|
)
|
|
|
|
# Add requested apps
|
|
for app_id in request.app_ids:
|
|
app = db.query(models.Application).filter(models.Application.id == app_id).first()
|
|
if app:
|
|
db_request.requested_apps.append(app)
|
|
|
|
db.add(db_request)
|
|
db.commit()
|
|
db.refresh(db_request)
|
|
|
|
# Send email to user (Received)
|
|
background_tasks.add_task(email.send_request_received_email, request.email, request.username)
|
|
# Send email to admin (New Request)
|
|
background_tasks.add_task(email.send_admin_notification_email, request.username)
|
|
|
|
return db_request
|
|
|
|
@router.get("/", response_model=List[schemas.AccessRequestOut], dependencies=[Depends(auth_utils.get_current_admin_user)])
|
|
async def read_requests(skip: int = 0, limit: int = 100, db: Session = Depends(database.get_db)):
|
|
requests = db.query(models.AccessRequest).filter(models.AccessRequest.status == "pending").offset(skip).limit(limit).all()
|
|
return requests
|
|
|
|
@router.post("/{request_id}/approve", dependencies=[Depends(auth_utils.get_current_admin_user)])
|
|
async def approve_request(request_id: int, background_tasks: BackgroundTasks, db: Session = Depends(database.get_db)):
|
|
req = db.query(models.AccessRequest).filter(models.AccessRequest.id == request_id).first()
|
|
if not req:
|
|
raise HTTPException(status_code=404, detail="Request not found")
|
|
|
|
if req.status != "pending":
|
|
raise HTTPException(status_code=400, detail="Request already processed")
|
|
|
|
# Create User
|
|
new_user = models.User(
|
|
username=req.username,
|
|
email=req.email,
|
|
hashed_password=req.hashed_password,
|
|
is_active=True,
|
|
is_admin=False
|
|
)
|
|
db.add(new_user)
|
|
db.commit()
|
|
db.refresh(new_user)
|
|
|
|
# Assign Apps
|
|
for app in req.requested_apps:
|
|
assignment = models.UserApplication(user_id=new_user.id, application_id=app.id)
|
|
db.add(assignment)
|
|
|
|
req.status = "approved"
|
|
db.commit()
|
|
|
|
# Send email to user (Approved)
|
|
background_tasks.add_task(email.send_welcome_email, req.email, req.username, "********") # Don't send password again, they know it
|
|
|
|
return {"message": "Request approved and user created"}
|
|
|
|
@router.post("/{request_id}/reject", dependencies=[Depends(auth_utils.get_current_admin_user)])
|
|
async def reject_request(request_id: int, db: Session = Depends(database.get_db)):
|
|
req = db.query(models.AccessRequest).filter(models.AccessRequest.id == request_id).first()
|
|
if not req:
|
|
raise HTTPException(status_code=404, detail="Request not found")
|
|
|
|
req.status = "rejected"
|
|
db.commit()
|
|
|
|
return {"message": "Request rejected"}
|