open-webui/backend/apps/web/routers/users.py

142 lines
4.1 KiB
Python
Raw Normal View History

2023-11-19 08:13:59 +00:00
from fastapi import Response
from fastapi import Depends, FastAPI, HTTPException, status
from datetime import datetime, timedelta
from typing import List, Union, Optional
from fastapi import APIRouter
from pydantic import BaseModel
import time
import uuid
2024-01-06 04:59:56 +00:00
from apps.web.models.users import UserModel, UserUpdateForm, UserRoleUpdateForm, Users
2023-12-29 07:24:51 +00:00
from apps.web.models.auths import Auths
2024-01-06 04:59:56 +00:00
from utils.utils import get_current_user, get_password_hash
2023-11-19 08:13:59 +00:00
from constants import ERROR_MESSAGES
router = APIRouter()
############################
# GetUsers
############################
@router.get("/", response_model=List[UserModel])
2024-01-06 04:59:56 +00:00
async def get_users(skip: int = 0, limit: int = 50, user=Depends(get_current_user)):
if user.role != "admin":
2023-11-19 08:13:59 +00:00
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
2023-11-19 08:13:59 +00:00
)
return Users.get_users(skip, limit)
2023-11-19 08:13:59 +00:00
2024-01-06 05:02:49 +00:00
############################
# UpdateUserRole
############################
@router.post("/update/role", response_model=Optional[UserModel])
async def update_user_role(
form_data: UserRoleUpdateForm, user=Depends(get_current_user)
):
if user.role != "admin":
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
)
if user.id != form_data.id:
return Users.update_user_role_by_id(form_data.id, form_data.role)
else:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail=ERROR_MESSAGES.ACTION_PROHIBITED,
)
2023-11-19 08:13:59 +00:00
############################
2024-01-06 04:59:56 +00:00
# UpdateUserById
2023-11-19 08:13:59 +00:00
############################
2024-01-06 04:59:56 +00:00
@router.post("/{user_id}/update", response_model=Optional[UserModel])
async def update_user_by_id(
user_id: str, form_data: UserUpdateForm, session_user=Depends(get_current_user)
):
if session_user.role != "admin":
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
)
2023-11-19 08:13:59 +00:00
2024-01-06 04:59:56 +00:00
user = Users.get_user_by_id(user_id)
if user:
if form_data.email != user.email:
email_user = Users.get_user_by_email(form_data.email)
if email_user:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=ERROR_MESSAGES.EMAIL_TAKEN,
)
if form_data.password:
hashed = get_password_hash(form_data.password)
print(hashed)
Auths.update_user_password_by_id(user_id, hashed)
Auths.update_email_by_id(user_id, form_data.email)
updated_user = Users.update_user_by_id(
user_id,
{
"name": form_data.name,
"email": form_data.email,
"profile_image_url": form_data.profile_image_url,
},
)
if updated_user:
return updated_user
else:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=ERROR_MESSAGES.DEFAULT(),
)
2023-11-19 08:13:59 +00:00
else:
raise HTTPException(
2024-01-06 04:59:56 +00:00
status_code=status.HTTP_400_BAD_REQUEST,
detail=ERROR_MESSAGES.USER_NOT_FOUND,
2023-11-19 08:13:59 +00:00
)
2023-12-29 07:02:49 +00:00
############################
2023-12-29 07:24:51 +00:00
# DeleteUserById
2023-12-29 07:02:49 +00:00
############################
@router.delete("/{user_id}", response_model=bool)
2023-12-30 11:00:21 +00:00
async def delete_user_by_id(user_id: str, user=Depends(get_current_user)):
if user.role == "admin":
if user.id != user_id:
result = Auths.delete_auth_by_id(user_id)
if result:
return True
2023-12-29 07:02:49 +00:00
else:
raise HTTPException(
2023-12-30 11:00:21 +00:00
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail=ERROR_MESSAGES.DELETE_USER_ERROR,
2023-12-29 07:02:49 +00:00
)
else:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
2023-12-30 11:00:21 +00:00
detail=ERROR_MESSAGES.ACTION_PROHIBITED,
2023-12-29 07:02:49 +00:00
)
else:
raise HTTPException(
2023-12-30 11:00:21 +00:00
status_code=status.HTTP_403_FORBIDDEN,
detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
2023-12-29 07:02:49 +00:00
)