feat: add admin router with admin group guard

This commit is contained in:
Johan Lundberg 2026-02-19 11:18:50 +01:00
parent 7e9eeb1339
commit dd1f85d8d3
No known key found for this signature in database
GPG key ID: A6C152738D03C7D1
5 changed files with 89 additions and 0 deletions

View file

View file

@ -0,0 +1,34 @@
from fastapi import APIRouter, Request, Response
from fastapi.responses import HTMLResponse, RedirectResponse
from porchlight.dependencies import get_session_user
from porchlight.models import User
router = APIRouter(prefix="/admin", tags=["admin"])
async def _get_admin_user(request: Request) -> User | None:
"""Return the current user if they are an admin, else None."""
session_user = get_session_user(request)
if session_user is None:
return None
userid, _username = session_user
user_repo = request.app.state.user_repo
user = await user_repo.get_by_userid(userid)
if user is None or "admin" not in user.groups:
return None
return user
@router.get("/users", response_class=HTMLResponse)
async def users_list(request: Request) -> Response:
session_user = get_session_user(request)
if session_user is None:
return RedirectResponse("/login", status_code=303)
admin = await _get_admin_user(request)
if admin is None:
return HTMLResponse("Forbidden", status_code=403)
# Placeholder — will be implemented in Task 4
return HTMLResponse("Admin users list")

View file

@ -10,6 +10,7 @@ from fastapi.templating import Jinja2Templates
from starlette.middleware.sessions import SessionMiddleware
from porchlight.authn.password import PasswordService
from porchlight.admin.routes import router as admin_router
from porchlight.authn.routes import router as authn_router
from porchlight.authn.webauthn import WebAuthnService
from porchlight.config import Settings, StorageBackend
@ -114,6 +115,7 @@ def create_app(settings: Settings | None = None) -> FastAPI:
app.mount("/static", StaticFiles(directory=str(PACKAGE_DIR / "static")), name="static")
# Routers
app.include_router(admin_router)
app.include_router(authn_router)
app.include_router(manage_router)
app.include_router(oidc_router)