new init

apps/backend/setup_admin.py

@@ -0,0 +1,81 @@
+from fastapi import APIRouter, Depends, HTTPException, status, Body
+from sqlalchemy.orm import Session
+from app.schemas.user import UserOut, UserCreate, UserUpdate, UserRole
+from app.models.user import User
+from app.core.database import SessionLocal
+from passlib.context import CryptContext
+from typing import List
+
+router = APIRouter(prefix="/users", tags=["users"])
+pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
+
+def get_db():
+    db = SessionLocal()
+    try:
+        yield db
+    finally:
+        db.close()
+
+# — Endpoints —
+
+@router.get("/", response_model=List[UserOut])
+def list_users(db: Session = Depends(get_db)):
+    return db.query(User).all()
+
+@router.get("/{user_id}", response_model=UserOut)
+def get_user(user_id: int, db: Session = Depends(get_db)):
+    user = db.query(User).filter(User.id == user_id).first()
+    if not user:
+        raise HTTPException(status_code=404, detail="User not found")
+    return user
+
+@router.post("/", response_model=UserOut, status_code=status.HTTP_201_CREATED)
+def create_user(user: UserCreate, db: Session = Depends(get_db)):
+    if db.query(User).filter(User.email == user.email).first():
+        raise HTTPException(status_code=409, detail="E-Mail already exists")
+    if user.alias and db.query(User).filter(User.alias == user.alias).first():
+        raise HTTPException(status_code=409, detail="Alias already exists")
+    hashed_password = pwd_context.hash(user.password)
+    hashed_pin = pwd_context.hash(user.pin)
+    db_user = User(
+        name=user.name,
+        email=user.email,
+        hashed_password=hashed_password,
+        hashed_pin=hashed_pin,
+        alias=user.alias,
+        paypal_email=user.paypal_email,
+        role=user.role,
+        is_active=True
+    )
+    db.add(db_user)
+    db.commit()
+    db.refresh(db_user)
+    return db_user
+
+@router.patch("/{user_id}", response_model=UserOut)
+def update_user(user_id: int, user: UserUpdate, db: Session = Depends(get_db)):
+    db_user = db.query(User).filter(User.id == user_id).first()
+    if not db_user:
+        raise HTTPException(status_code=404, detail="User not found")
+    # ... (bestehende Update-Logik) ...
+    db.commit()
+    db.refresh(db_user)
+    return db_user
+
+@router.delete("/{user_id}", status_code=status.HTTP_204_NO_CONTENT)
+def delete_user(user_id: int, db: Session = Depends(get_db)):
+    db_user = db.query(User).filter(User.id == user_id).first()
+    if not db_user:
+        raise HTTPException(status_code=404, detail="User not found")
+    db.delete(db_user)
+    db.commit()
+
+# — NEU: PIN-Login endpoint —
+@router.post("/login/pin", response_model=UserOut)
+def login_with_pin(pin: str = Body(...), db: Session = Depends(get_db)):
+    # alle aktiven User laden und PIN gegen hashed_pin prüfen
+    users = db.query(User).filter(User.is_active == True).all()
+    for u in users:
+        if pwd_context.verify(pin, u.hashed_pin):
+            return u
+    raise HTTPException(status_code=401, detail="Invalid PIN")