implemented crud operations for users

Author: matia-lee

backend/app/models/User.py

@@ -1,6 +1,6 @@
 import uuid
 
-from sqlalchemy import Column, ForeignKey, Integer, String
+from sqlalchemy import Boolean, Column, ForeignKey, Integer, String
 from sqlalchemy.dialects.postgresql import UUID
 from sqlalchemy.orm import relationship
 
@@ -15,5 +15,6 @@ class User(Base):
     email = Column(String(120), unique=True, nullable=False)
     role_id = Column(Integer, ForeignKey("roles.id"), nullable=False)
     auth_id = Column(String, nullable=False)
+    approved = Column(Boolean, default=False)
 
     role = relationship("Role")

backend/app/routes/user.py

@@ -1,7 +1,10 @@
+from typing import List
+from uuid import UUID
+
 from fastapi import APIRouter, Depends, HTTPException
 
 from app.middleware.auth import has_roles
-from app.schemas.user import UserCreateRequest, UserCreateResponse, UserRole
+from app.schemas.user import UserCreateRequest, UserCreateResponse, UserListResponse, UserResponse, UserRole, UserUpdateRequest
 from app.services.implementations.user_service import UserService
 from app.utilities.service_utils import get_user_service
 
@@ -28,3 +31,65 @@ async def create_user(
         raise http_ex
     except Exception as e:
         raise HTTPException(status_code=500, detail=str(e))
+
+
+# admin only get all users
+@router.get("/", response_model=UserListResponse)
+async def get_users(
+    user_service: UserService = Depends(get_user_service),
+    authorized: bool = has_roles([UserRole.ADMIN]),
+):
+    try:
+        users = user_service.get_users()
+        return UserListResponse(users=users, total=len(users))
+    except HTTPException as http_ex:
+        raise http_ex
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=str(e))
+
+
+# admin only get user by ID
+@router.get("/{user_id}", response_model=UserResponse)
+async def get_user(
+    user_id: str,
+    user_service: UserService = Depends(get_user_service),
+    authorized: bool = has_roles([UserRole.ADMIN]),
+):
+    try:
+        return user_service.get_user_by_id(user_id)
+    except HTTPException as http_ex:
+        raise http_ex
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=str(e))
+
+
+# admin only update user (mainly for approvals)
+@router.put("/{user_id}", response_model=UserResponse)
+async def update_user(
+    user_id: str,
+    user_update: UserUpdateRequest,
+    user_service: UserService = Depends(get_user_service),
+    authorized: bool = Depends(has_roles([UserRole.ADMIN])),
+):
+    try:
+        return user_service.update_user_by_id(user_id, user_update)
+    except HTTPException as http_ex:
+        raise http_ex
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=str(e))
+
+
+# admin only delete user
+@router.delete("/{user_id}")
+async def delete_user(
+    user_id: str,
+    user_service: UserService = Depends(get_user_service),
+    authorized: bool = has_roles([UserRole.ADMIN]),
+):
+    try:
+        user_service.delete_user_by_id(user_id)
+        return {"message": "User deleted successfully"}
+    except HTTPException as http_ex:
+        raise http_ex
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=str(e))

backend/app/schemas/user.py

@@ -4,7 +4,7 @@
 """
 
 from enum import Enum
-from typing import Optional
+from typing import List, Optional
 from uuid import UUID
 
 from pydantic import BaseModel, ConfigDict, EmailStr, Field, field_validator
@@ -73,6 +73,18 @@ def validate_password(cls, password: Optional[str], info):
         return password
 
 
+class UserUpdateRequest(BaseModel):
+    """
+    Request schema for user updates, all fields optional
+    """
+    
+    first_name: Optional[str] = Field(None, min_length=1, max_length=50)
+    last_name: Optional[str] = Field(None, min_length=1, max_length=50)
+    email: Optional[EmailStr] = None
+    role: Optional[UserRole] = None
+    approved: Optional[bool] = None
+
+
 class UserCreateResponse(BaseModel):
     """
     Response schema for user creation, maps directly from ORM User object.
@@ -84,6 +96,44 @@ class UserCreateResponse(BaseModel):
     email: EmailStr
     role_id: int
     auth_id: str
+    approved: bool
 
     # from_attributes enables automatic mapping from SQLAlchemy model to Pydantic model
     model_config = ConfigDict(from_attributes=True)
+
+
+class UserResponse(BaseModel):
+    """
+    Response schema for user data including role information
+    """
+    
+    id: UUID
+    first_name: str
+    last_name: str
+    email: EmailStr
+    role_id: int
+    auth_id: str
+    approved: bool
+    role: "RoleResponse"
+
+    model_config = ConfigDict(from_attributes=True)
+
+
+class RoleResponse(BaseModel):
+    """
+    Response schema for role data
+    """
+    
+    id: int
+    name: str
+
+    model_config = ConfigDict(from_attributes=True)
+
+
+class UserListResponse(BaseModel):
+    """
+    Response schema for listing users
+    """
+    
+    users: List[UserResponse]
+    total: int

backend/app/services/implementations/user_service.py

@@ -1,4 +1,6 @@
 import logging
+from typing import List
+from uuid import UUID
 
 import firebase_admin.auth
 from fastapi import HTTPException
@@ -10,7 +12,9 @@
     SignUpMethod,
     UserCreateRequest,
     UserCreateResponse,
+    UserResponse,
     UserRole,
+    UserUpdateRequest,
 )
 from app.utilities.constants import LOGGER_NAME
 
@@ -79,10 +83,38 @@ async def create_user(self, user: UserCreateRequest) -> UserCreateResponse:
             raise HTTPException(status_code=500, detail=str(e))
 
     def delete_user_by_email(self, email: str):
-        pass
+        try:
+            db_user = self.db.query(User).filter(User.email == email).first()
+            if not db_user:
+                raise HTTPException(status_code=404, detail="User not found")
+
+            self.db.delete(db_user)
+            self.db.commit()
 
+        except HTTPException:
+            raise
+        except Exception as e:
+            self.db.rollback()
+            self.logger.error(f"Error deleting user with email {email}: {str(e)}")
+            raise HTTPException(status_code=500, detail=str(e))
+            
     def delete_user_by_id(self, user_id: str):
-        pass
+        try:
+            db_user = self.db.query(User).filter(User.id == UUID(user_id)).first()
+            if not db_user:
+                raise HTTPException(status_code=404, detail="User not found")
+
+            self.db.delete(db_user)
+            self.db.commit()
+
+        except ValueError:
+            raise HTTPException(status_code=400, detail="Invalid user ID format")
+        except HTTPException:
+            raise
+        except Exception as e:
+            self.db.rollback()
+            self.logger.error(f"Error deleting user {user_id}: {str(e)}")
+            raise HTTPException(status_code=500, detail=str(e))
 
     def get_user_id_by_auth_id(self, auth_id: str) -> str:
         """Get user ID for a user by their Firebase auth_id"""
@@ -97,8 +129,19 @@ def get_user_by_email(self, email: str):
             raise ValueError(f"User with email {email} not found")
         return user
 
-    def get_user_by_id(self, user_id: str):
-        pass
+    def get_user_by_id(self, user_id: str) -> UserResponse:
+        try:
+            user = self.db.query(User).join(Role).filter(User.id == UUID(user_id)).first()
+            if not user:
+                raise HTTPException(status_code=404, detail="User not found")
+            return UserResponse.model_validate(user)
+        except ValueError:
+            raise HTTPException(status_code=400, detail="Invalid user ID format")
+        except HTTPException:
+            raise
+        except Exception as e:
+            self.logger.error(f"Error retrieving user {user_id}: {str(e)}")
+            raise HTTPException(status_code=500, detail=str(e))
 
     def get_auth_id_by_user_id(self, user_id: str) -> str:
         """Get Firebase auth_id for a user"""
@@ -114,8 +157,42 @@ def get_user_role_by_auth_id(self, auth_id: str) -> str:
             raise ValueError(f"User with auth_id {auth_id} not found")
         return user.role.name
 
-    def get_users(self):
-        pass
+    def get_users(self) -> List[UserResponse]:
+        try:
+            users = self.db.query(User).join(Role).all()
+            return [UserResponse.model_validate(user) for user in users]
+        except Exception as e:
+            self.logger.error(f"Error retrieving users: {str(e)}")
+            raise HTTPException(status_code=500, detail=str(e))
+
+    def update_user_by_id(self, user_id: str, user_update: UserUpdateRequest) -> UserResponse:
+        try:
+            db_user = self.db.query(User).filter(User.id == UUID(user_id)).first()
+            if not db_user:
+                raise HTTPException(status_code=404, detail="User not found")
+
+            # update provided fields only
+            update_data = user_update.model_dump(exclude_unset=True)
+            
+            # handle role conversion if role is being updated
+            if "role" in update_data:
+                update_data["role_id"] = UserRole.to_role_id(update_data.pop("role"))
 
-    def update_user_by_id(self, user_id: str, user):
-        pass
+            for field, value in update_data.items():
+                setattr(db_user, field, value)
+
+            self.db.commit()
+            self.db.refresh(db_user)
+
+            # return user with role information
+            updated_user = self.db.query(User).join(Role).filter(User.id == UUID(user_id)).first()
+            return UserResponse.model_validate(updated_user)
+
+        except ValueError:
+            raise HTTPException(status_code=400, detail="Invalid user ID format")
+        except HTTPException:
+            raise
+        except Exception as e:
+            self.db.rollback()
+            self.logger.error(f"Error updating user {user_id}: {str(e)}")
+            raise HTTPException(status_code=500, detail=str(e))