added users list endpoint

med_backend/auth/crud.py

@@ -26,7 +26,12 @@ async def get_users(
     skip: int = 0,
     limit: int = 100,
 ) -> List[User] | None:
-    r = await session.execute(select(UserScheme).offset(skip).limit(limit))
+    r = await session.execute(
+        select(UserScheme)
+        .where(UserScheme.is_manager == False)
+        .offset(skip)
+        .limit(limit),
+    )
     users = r.scalars().all()
     return users
 

med_backend/auth/schemas.py

@@ -40,6 +40,7 @@ class User(UserBase):
     fullname: str | None
     hashed_password: str
     disabled: bool
+    is_manager: bool
 
     class Config:
         orm_mode = True

med_backend/auth/views.py

@@ -21,9 +21,9 @@ router = APIRouter()
 @router.post("/token", response_model=Token)
 async def login_for_access_token(
     data: UserLogin,
-    db: AsyncSession = Depends(get_db_session),
+    session: AsyncSession = Depends(get_db_session),
 ) -> Dict[str, str]:
-    user = await authenticate_user(db, data.username, data.password)
+    user = await authenticate_user(session, data.username, data.password)
     if not user:
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED,

med_backend/db/models/users.py

@@ -10,8 +10,13 @@ class UserScheme(Base):
     __tablename__ = "users"
 
     id: int = Column(Integer, primary_key=True, index=True)
-    username: str = Column(String, unique=True, index=True)
-    email: EmailStr = Column(String, unique=True, index=True)
-    fullname: str = Column(String)
+    username: str = Column(String, unique=True, index=True, nullable=False)
+    email: EmailStr = Column(String, unique=True, index=True, nullable=False)
+    fullname: str = Column(String, default="")
     hashed_password: str = Column(String)
+    gender: str = Column(String, default="Не выбран")
+    age: int = Column(Integer, default=0)
+    latest_form_result: str = Column(String, default="ok")
+
+    is_manager: bool = Column(Boolean, default=False)
     disabled: bool = Column(Boolean, default=False)

med_backend/users/__init__.py

@@ -0,0 +1,5 @@
+"""API for all user information and operations"""
+
+from med_backend.users.views import router
+
+__all__ = ["router"]

med_backend/users/schemas.py

@@ -0,0 +1,24 @@
+from pydantic import EmailStr
+
+from med_backend.auth.schemas import UserBase
+
+
+class ExtendedUser(UserBase):
+    id: int
+    fullname: str
+    age: int
+
+
+class ListUser(ExtendedUser):
+    latest_form_result: str
+
+    class Config:
+        orm_mode = True
+
+
+class FullUser(ListUser):
+    gender: str
+    email: EmailStr
+
+    class Config:
+        orm_mode = True

med_backend/users/views.py

@@ -0,0 +1,27 @@
+from fastapi import APIRouter, Depends, HTTPException
+from sqlalchemy.ext.asyncio import AsyncSession
+from starlette import status
+
+from med_backend.auth.crud import get_users
+from med_backend.auth.schemas import User
+from med_backend.auth.services import get_current_active_user
+from med_backend.db.dependencies import get_db_session
+from med_backend.users.schemas import ListUser
+
+router = APIRouter()
+
+
+@router.get("/list", response_model=list[ListUser])
+async def get_all_users(
+    skip: int = 0,
+    limit: int = 100,
+    current_user: User = Depends(get_current_active_user),
+    session: AsyncSession = Depends(get_db_session),
+):
+    if not current_user.is_manager:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="You are not allowed to access this info",
+        )
+    users = await get_users(session, skip, limit)
+    return users

med_backend/web/api/router.py

@@ -1,9 +1,10 @@
 from fastapi.routing import APIRouter
 
-from med_backend import auth
+from med_backend import auth, users
 from med_backend.web.api import echo, monitoring
 
 api_router = APIRouter()
 api_router.include_router(monitoring.router)
 api_router.include_router(echo.router, prefix="/echo", tags=["echo"])
 api_router.include_router(auth.router, prefix="/auth", tags=["auth"])
+api_router.include_router(users.router, prefix="/users", tags=["users"])