diff --git a/backend/app/api/deps.py b/backend/app/api/deps.py index d1dd6d1..3a1d6b8 100644 --- a/backend/app/api/deps.py +++ b/backend/app/api/deps.py @@ -5,6 +5,7 @@ from sqlalchemy.orm import Session from app.db.session import SessionLocal from app.core.security import verify_token from app.crud.crud_user import user as crud_user +from app.models.ppr import UserRole security = HTTPBearer() @@ -44,4 +45,29 @@ def get_current_active_user( current_user = Depends(get_current_user), ): """Get current active user (for future use if we add user status)""" + return current_user + + +def get_current_admin_user(current_user = Depends(get_current_user)): + """Get current user and ensure they are an administrator""" + if current_user.role != UserRole.ADMINISTRATOR: + raise HTTPException( + status_code=status.HTTP_403_FORBIDDEN, + detail="Not enough permissions" + ) + return current_user + + +def get_current_operator_user(current_user = Depends(get_current_user)): + """Get current user and ensure they are an operator or administrator""" + if current_user.role not in [UserRole.OPERATOR, UserRole.ADMINISTRATOR]: + raise HTTPException( + status_code=status.HTTP_403_FORBIDDEN, + detail="Not enough permissions" + ) + return current_user + + +def get_current_read_user(current_user = Depends(get_current_user)): + """Get current user (read-only or higher)""" return current_user \ No newline at end of file diff --git a/backend/app/api/endpoints/auth.py b/backend/app/api/endpoints/auth.py index b0373d4..f736778 100644 --- a/backend/app/api/endpoints/auth.py +++ b/backend/app/api/endpoints/auth.py @@ -1,12 +1,13 @@ from datetime import timedelta +from typing import List from fastapi import APIRouter, Depends, HTTPException, status from fastapi.security import OAuth2PasswordRequestForm from sqlalchemy.orm import Session -from app.api.deps import get_db +from app.api.deps import get_db, get_current_admin_user, get_current_read_user from app.core.config import settings from app.core.security import create_access_token from app.crud.crud_user import user as crud_user -from app.schemas.ppr import Token +from app.schemas.ppr import Token, UserCreate, UserUpdate, User router = APIRouter() @@ -26,16 +27,63 @@ async def login_for_access_token( detail="Incorrect username or password", headers={"WWW-Authenticate": "Bearer"}, ) - + access_token_expires = timedelta(minutes=settings.access_token_expire_minutes) access_token = create_access_token( subject=user.username, expires_delta=access_token_expires ) - + return {"access_token": access_token, "token_type": "bearer"} -@router.post("/test-token") -async def test_token(current_user = Depends(get_db)): +@router.post("/test-token", response_model=User) +async def test_token(current_user = Depends(get_current_read_user)): """Test access token""" - return current_user \ No newline at end of file + return current_user + + +@router.get("/users", response_model=List[User]) +async def list_users( + db: Session = Depends(get_db), + skip: int = 0, + limit: int = 100, + current_user = Depends(get_current_admin_user) +): + """List all users (admin only)""" + users = crud_user.get_multi(db, skip=skip, limit=limit) + return users + + +@router.post("/users", response_model=User) +async def create_user( + user_in: UserCreate, + db: Session = Depends(get_db), + current_user = Depends(get_current_admin_user) +): + """Create a new user (admin only)""" + user = crud_user.get_by_username(db, username=user_in.username) + if user: + raise HTTPException( + status_code=status.HTTP_400_BAD_REQUEST, + detail="Username already registered" + ) + user = crud_user.create(db, obj_in=user_in) + return user + + +@router.put("/users/{user_id}", response_model=User) +async def update_user( + user_id: int, + user_in: UserUpdate, + db: Session = Depends(get_db), + current_user = Depends(get_current_admin_user) +): + """Update a user (admin only)""" + user = crud_user.get(db, user_id=user_id) + if not user: + raise HTTPException( + status_code=status.HTTP_404_NOT_FOUND, + detail="User not found" + ) + user = crud_user.update(db, db_obj=user, obj_in=user_in) + return user \ No newline at end of file diff --git a/backend/app/api/endpoints/pprs.py b/backend/app/api/endpoints/pprs.py index 513f814..5aad588 100644 --- a/backend/app/api/endpoints/pprs.py +++ b/backend/app/api/endpoints/pprs.py @@ -2,7 +2,7 @@ from typing import List, Optional from fastapi import APIRouter, Depends, HTTPException, status, Request from sqlalchemy.orm import Session from datetime import date -from app.api.deps import get_db, get_current_active_user +from app.api.deps import get_db, get_current_read_user, get_current_operator_user from app.crud.crud_ppr import ppr as crud_ppr from app.crud.crud_journal import journal as crud_journal from app.schemas.ppr import PPR, PPRCreate, PPRUpdate, PPRStatus, PPRStatusUpdate, Journal @@ -21,7 +21,7 @@ async def get_pprs( date_from: Optional[date] = None, date_to: Optional[date] = None, db: Session = Depends(get_db), - current_user: User = Depends(get_current_active_user) + current_user: User = Depends(get_current_read_user) ): """Get PPR records with optional filtering""" pprs = crud_ppr.get_multi( @@ -36,7 +36,7 @@ async def create_ppr( request: Request, ppr_in: PPRCreate, db: Session = Depends(get_db), - current_user: User = Depends(get_current_active_user) + current_user: User = Depends(get_current_operator_user) ): """Create a new PPR record""" client_ip = get_client_ip(request) @@ -60,7 +60,7 @@ async def create_ppr( async def get_ppr( ppr_id: int, db: Session = Depends(get_db), - current_user: User = Depends(get_current_active_user) + current_user: User = Depends(get_current_read_user) ): """Get a specific PPR record""" ppr = crud_ppr.get(db, ppr_id=ppr_id) @@ -78,7 +78,7 @@ async def update_ppr( ppr_id: int, ppr_in: PPRUpdate, db: Session = Depends(get_db), - current_user: User = Depends(get_current_active_user) + current_user: User = Depends(get_current_operator_user) ): """Update a PPR record""" db_ppr = crud_ppr.get(db, ppr_id=ppr_id) @@ -111,7 +111,7 @@ async def patch_ppr( ppr_id: int, ppr_in: PPRUpdate, db: Session = Depends(get_db), - current_user: User = Depends(get_current_active_user) + current_user: User = Depends(get_current_operator_user) ): """Partially update a PPR record (only provided fields will be updated)""" db_ppr = crud_ppr.get(db, ppr_id=ppr_id) @@ -144,7 +144,7 @@ async def update_ppr_status( ppr_id: int, status_update: PPRStatusUpdate, db: Session = Depends(get_db), - current_user: User = Depends(get_current_active_user) + current_user: User = Depends(get_current_operator_user) ): """Update PPR status (LANDED, DEPARTED, etc.)""" client_ip = get_client_ip(request) @@ -182,7 +182,7 @@ async def delete_ppr( request: Request, ppr_id: int, db: Session = Depends(get_db), - current_user: User = Depends(get_current_active_user) + current_user: User = Depends(get_current_operator_user) ): """Delete (soft delete) a PPR record""" client_ip = get_client_ip(request) @@ -210,7 +210,7 @@ async def delete_ppr( async def get_ppr_journal( ppr_id: int, db: Session = Depends(get_db), - current_user: User = Depends(get_current_active_user) + current_user: User = Depends(get_current_read_user) ): """Get journal entries for a specific PPR""" # Verify PPR exists diff --git a/backend/app/crud/crud_user.py b/backend/app/crud/crud_user.py index 960f5cc..abe59b6 100644 --- a/backend/app/crud/crud_user.py +++ b/backend/app/crud/crud_user.py @@ -1,7 +1,7 @@ -from typing import Optional +from typing import List, Optional from sqlalchemy.orm import Session from app.models.ppr import User -from app.schemas.ppr import UserCreate +from app.schemas.ppr import UserCreate, UserUpdate from app.core.security import get_password_hash, verify_password @@ -12,17 +12,32 @@ class CRUDUser: def get_by_username(self, db: Session, username: str) -> Optional[User]: return db.query(User).filter(User.username == username).first() + def get_multi(self, db: Session, skip: int = 0, limit: int = 100) -> List[User]: + return db.query(User).offset(skip).limit(limit).all() + def create(self, db: Session, obj_in: UserCreate) -> User: hashed_password = get_password_hash(obj_in.password) db_obj = User( username=obj_in.username, - password=hashed_password + password=hashed_password, + role=obj_in.role ) db.add(db_obj) db.commit() db.refresh(db_obj) return db_obj + def update(self, db: Session, db_obj: User, obj_in: UserUpdate) -> User: + update_data = obj_in.dict(exclude_unset=True) + if "password" in update_data: + update_data["password"] = get_password_hash(update_data["password"]) + for field, value in update_data.items(): + setattr(db_obj, field, value) + db.add(db_obj) + db.commit() + db.refresh(db_obj) + return db_obj + def authenticate(self, db: Session, username: str, password: str) -> Optional[User]: user = self.get_by_username(db, username=username) if not user: diff --git a/backend/app/models/ppr.py b/backend/app/models/ppr.py index a2b5075..1076e2e 100644 --- a/backend/app/models/ppr.py +++ b/backend/app/models/ppr.py @@ -13,6 +13,12 @@ class PPRStatus(str, Enum): DEPARTED = "DEPARTED" +class UserRole(str, Enum): + ADMINISTRATOR = "administrator" + OPERATOR = "operator" + READ_ONLY = "read_only" + + class PPRRecord(Base): __tablename__ = "submitted" @@ -44,6 +50,7 @@ class User(Base): id = Column(Integer, primary_key=True, autoincrement=True) username = Column(String(50), nullable=False, unique=True, index=True) password = Column(String(255), nullable=False) + role = Column(SQLEnum(UserRole), nullable=False, default=UserRole.READ_ONLY) class Journal(Base): diff --git a/backend/app/schemas/ppr.py b/backend/app/schemas/ppr.py index 40a7f96..446873d 100644 --- a/backend/app/schemas/ppr.py +++ b/backend/app/schemas/ppr.py @@ -13,6 +13,12 @@ class PPRStatus(str, Enum): DEPARTED = "DEPARTED" +class UserRole(str, Enum): + ADMINISTRATOR = "administrator" + OPERATOR = "operator" + READ_ONLY = "read_only" + + class PPRBase(BaseModel): ac_reg: str ac_type: str @@ -97,12 +103,19 @@ class PPRInDB(PPRInDBBase): # User schemas class UserBase(BaseModel): username: str + role: UserRole = UserRole.READ_ONLY class UserCreate(UserBase): password: str +class UserUpdate(BaseModel): + username: Optional[str] = None + password: Optional[str] = None + role: Optional[UserRole] = None + + class UserInDBBase(UserBase): id: int diff --git a/init_db.sql b/init_db.sql index a26dd6f..510635b 100644 --- a/init_db.sql +++ b/init_db.sql @@ -9,6 +9,7 @@ CREATE TABLE users ( id INT AUTO_INCREMENT PRIMARY KEY, username VARCHAR(50) NOT NULL UNIQUE, password VARCHAR(255) NOT NULL, + role ENUM('ADMINISTRATOR','OPERATOR','READ_ONLY') NOT NULL DEFAULT 'READ_ONLY', email VARCHAR(128), full_name VARCHAR(100), is_active BOOLEAN DEFAULT TRUE, @@ -108,8 +109,8 @@ CREATE TABLE aircraft ( -- Insert default admin user (password: admin123) -- Password hash for 'admin123' using bcrypt -INSERT INTO users (username, password, email, full_name) VALUES -('admin', '$2b$12$BJOha2yRxkxuHL./BaMfpu2fMDgGMYISuRV2.B1sSklVpRjz3Y4a6', 'admin@ppr.local', 'System Administrator'); +INSERT INTO users (username, password, role, email, full_name) VALUES +('admin', '$2b$12$BJOha2yRxkxuHL./BaMfpu2fMDgGMYISuRV2.B1sSklVpRjz3Y4a6', 'ADMINISTRATOR', 'admin@ppr.local', 'System Administrator'); -- Create a view for active PPRs CREATE VIEW active_pprs AS