feat: add admin router with admin group guard
This commit is contained in:
parent
7e9eeb1339
commit
dd1f85d8d3
5 changed files with 89 additions and 0 deletions
0
src/porchlight/admin/__init__.py
Normal file
0
src/porchlight/admin/__init__.py
Normal file
34
src/porchlight/admin/routes.py
Normal file
34
src/porchlight/admin/routes.py
Normal file
|
|
@ -0,0 +1,34 @@
|
|||
from fastapi import APIRouter, Request, Response
|
||||
from fastapi.responses import HTMLResponse, RedirectResponse
|
||||
|
||||
from porchlight.dependencies import get_session_user
|
||||
from porchlight.models import User
|
||||
|
||||
router = APIRouter(prefix="/admin", tags=["admin"])
|
||||
|
||||
|
||||
async def _get_admin_user(request: Request) -> User | None:
|
||||
"""Return the current user if they are an admin, else None."""
|
||||
session_user = get_session_user(request)
|
||||
if session_user is None:
|
||||
return None
|
||||
userid, _username = session_user
|
||||
user_repo = request.app.state.user_repo
|
||||
user = await user_repo.get_by_userid(userid)
|
||||
if user is None or "admin" not in user.groups:
|
||||
return None
|
||||
return user
|
||||
|
||||
|
||||
@router.get("/users", response_class=HTMLResponse)
|
||||
async def users_list(request: Request) -> Response:
|
||||
session_user = get_session_user(request)
|
||||
if session_user is None:
|
||||
return RedirectResponse("/login", status_code=303)
|
||||
|
||||
admin = await _get_admin_user(request)
|
||||
if admin is None:
|
||||
return HTMLResponse("Forbidden", status_code=403)
|
||||
|
||||
# Placeholder — will be implemented in Task 4
|
||||
return HTMLResponse("Admin users list")
|
||||
|
|
@ -10,6 +10,7 @@ from fastapi.templating import Jinja2Templates
|
|||
from starlette.middleware.sessions import SessionMiddleware
|
||||
|
||||
from porchlight.authn.password import PasswordService
|
||||
from porchlight.admin.routes import router as admin_router
|
||||
from porchlight.authn.routes import router as authn_router
|
||||
from porchlight.authn.webauthn import WebAuthnService
|
||||
from porchlight.config import Settings, StorageBackend
|
||||
|
|
@ -114,6 +115,7 @@ def create_app(settings: Settings | None = None) -> FastAPI:
|
|||
app.mount("/static", StaticFiles(directory=str(PACKAGE_DIR / "static")), name="static")
|
||||
|
||||
# Routers
|
||||
app.include_router(admin_router)
|
||||
app.include_router(authn_router)
|
||||
app.include_router(manage_router)
|
||||
app.include_router(oidc_router)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue