From e4cbc0a07ffdc5613dc33b11b571c003a54823bb Mon Sep 17 00:00:00 2001 From: Gabriel Luiz Freitas Almeida Date: Fri, 25 Aug 2023 10:10:57 -0300 Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20fix(users.py):=20change=20router?= =?UTF-8?q?=20tag=20from=20"Login"=20to=20"Users"=20for=20better=20categor?= =?UTF-8?q?ization=20=E2=9C=A8=20feat(users.py):=20add=20status=20code=202?= =?UTF-8?q?01=20to=20the=20response=20of=20the=20add=5Fuser=20endpoint=20t?= =?UTF-8?q?o=20indicate=20successful=20creation=20of=20a=20new=20user=20?= =?UTF-8?q?=F0=9F=90=9B=20fix(users.py):=20update=20the=20usage=20of=20Use?= =?UTF-8?q?rCreate=20model=20to=20create=20a=20new=20User=20instance=20usi?= =?UTF-8?q?ng=20User.from=5Form(user)=20for=20better=20compatibility=20?= =?UTF-8?q?=E2=9C=A8=20feat(users.py):=20add=20current=5Fuser=20parameter?= =?UTF-8?q?=20to=20the=20read=5Fcurrent=5Fuser=20endpoint=20to=20enforce?= =?UTF-8?q?=20authentication=20and=20authorization=20=E2=9C=A8=20feat(user?= =?UTF-8?q?s.py):=20add=20current=5Fuser=20parameter=20to=20the=20read=5Fa?= =?UTF-8?q?ll=5Fusers=20endpoint=20to=20enforce=20authentication=20and=20a?= =?UTF-8?q?uthorization=20=E2=9C=A8=20feat(users.py):=20add=20current=5Fus?= =?UTF-8?q?er=20parameter=20to=20the=20delete=5Fuser=20endpoint=20to=20enf?= =?UTF-8?q?orce=20authentication=20and=20authorization.=20Also,=20add=20va?= =?UTF-8?q?lidation=20checks=20to=20prevent=20deleting=20own=20user=20acco?= =?UTF-8?q?unt=20and=20unauthorized=20deletion=20of=20users.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/backend/langflow/api/v1/users.py | 29 +++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) diff --git a/src/backend/langflow/api/v1/users.py b/src/backend/langflow/api/v1/users.py index 33ddc9763..5a464b5f2 100644 --- a/src/backend/langflow/api/v1/users.py +++ b/src/backend/langflow/api/v1/users.py @@ -14,15 +14,19 @@ from sqlmodel import Session, select from fastapi import APIRouter, Depends, HTTPException from langflow.services.utils import get_session -from langflow.services.auth.utils import get_current_active_user, get_password_hash +from langflow.services.auth.utils import ( + get_current_active_superuser, + get_current_active_user, + get_password_hash, +) from langflow.services.database.models.user.utils import ( update_user, ) -router = APIRouter(tags=["Login"]) +router = APIRouter(tags=["Users"]) -@router.post("/user", response_model=UserRead) +@router.post("/user", response_model=UserRead, status_code=201) def add_user( user: UserCreate, db: Session = Depends(get_session), @@ -30,7 +34,7 @@ def add_user( """ Add a new user to the database. """ - new_user = User(**user.dict()) + new_user = User.from_orm(user) try: new_user.password = get_password_hash(user.password) @@ -45,7 +49,9 @@ def add_user( @router.get("/user", response_model=UserRead) -def read_current_user(current_user: User = Depends(get_current_active_user)) -> User: +def read_current_user( + current_user: User = Depends(get_current_active_user), +) -> User: """ Retrieve the current user's data. """ @@ -56,7 +62,7 @@ def read_current_user(current_user: User = Depends(get_current_active_user)) -> def read_all_users( skip: int = 0, limit: int = 10, - _: Session = Depends(get_current_active_user), + current_user: Session = Depends(get_current_active_superuser), db: Session = Depends(get_session), ) -> UsersResponse: """ @@ -90,12 +96,21 @@ def patch_user( @router.delete("/user/{user_id}") def delete_user( user_id: UUID, - _: Session = Depends(get_current_active_user), + current_user: Session = Depends(get_current_active_superuser), db: Session = Depends(get_session), ) -> dict: """ Delete a user from the database. """ + if current_user.id == user_id: + raise HTTPException( + status_code=400, detail="You can't delete your own user account" + ) + elif not current_user.is_superuser: + raise HTTPException( + status_code=403, detail="You don't have the permission to delete this user" + ) + user_db = db.query(User).filter(User.id == user_id).first() if not user_db: raise HTTPException(status_code=404, detail="User not found")