2026-01-08 01:00:26 +10:30
|
|
|
|
"""User endpoints."""
|
|
|
|
|
|
from flask import g, request
|
|
|
|
|
|
from marshmallow import ValidationError
|
2026-01-15 03:40:29 +10:30
|
|
|
|
from gatehouse_app.api.v1 import api_v1_bp
|
|
|
|
|
|
from gatehouse_app.utils.response import api_response
|
2026-01-16 17:31:20 +10:30
|
|
|
|
from gatehouse_app.utils.decorators import login_required, full_access_required
|
2026-01-15 03:40:29 +10:30
|
|
|
|
from gatehouse_app.schemas.user_schema import UserUpdateSchema, ChangePasswordSchema
|
|
|
|
|
|
from gatehouse_app.services.user_service import UserService
|
|
|
|
|
|
from gatehouse_app.services.auth_service import AuthService
|
2026-01-08 01:00:26 +10:30
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@api_v1_bp.route("/users/me", methods=["GET"])
|
|
|
|
|
|
@login_required
|
|
|
|
|
|
def get_me():
|
|
|
|
|
|
"""
|
|
|
|
|
|
Get current user profile.
|
|
|
|
|
|
|
|
|
|
|
|
Returns:
|
|
|
|
|
|
200: User profile data
|
|
|
|
|
|
401: Not authenticated
|
|
|
|
|
|
"""
|
|
|
|
|
|
user = g.current_user
|
|
|
|
|
|
|
|
|
|
|
|
return api_response(
|
|
|
|
|
|
data={"user": user.to_dict()},
|
|
|
|
|
|
message="User profile retrieved successfully",
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@api_v1_bp.route("/users/me", methods=["PATCH"])
|
|
|
|
|
|
@login_required
|
2026-01-16 17:31:20 +10:30
|
|
|
|
@full_access_required
|
2026-01-08 01:00:26 +10:30
|
|
|
|
def update_me():
|
|
|
|
|
|
"""
|
|
|
|
|
|
Update current user profile.
|
|
|
|
|
|
|
|
|
|
|
|
Request body:
|
|
|
|
|
|
full_name: Optional full name
|
|
|
|
|
|
avatar_url: Optional avatar URL
|
|
|
|
|
|
|
|
|
|
|
|
Returns:
|
|
|
|
|
|
200: User updated successfully
|
|
|
|
|
|
400: Validation error
|
|
|
|
|
|
401: Not authenticated
|
|
|
|
|
|
"""
|
|
|
|
|
|
try:
|
|
|
|
|
|
# Validate request data
|
|
|
|
|
|
schema = UserUpdateSchema()
|
|
|
|
|
|
data = schema.load(request.json)
|
|
|
|
|
|
|
|
|
|
|
|
# Update user
|
|
|
|
|
|
user = UserService.update_user(g.current_user, **data)
|
|
|
|
|
|
|
|
|
|
|
|
return api_response(
|
|
|
|
|
|
data={"user": user.to_dict()},
|
|
|
|
|
|
message="Profile updated successfully",
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
except ValidationError as e:
|
|
|
|
|
|
return api_response(
|
|
|
|
|
|
success=False,
|
|
|
|
|
|
message="Validation failed",
|
|
|
|
|
|
status=400,
|
|
|
|
|
|
error_type="VALIDATION_ERROR",
|
|
|
|
|
|
error_details=e.messages,
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@api_v1_bp.route("/users/me", methods=["DELETE"])
|
|
|
|
|
|
@login_required
|
2026-01-16 17:31:20 +10:30
|
|
|
|
@full_access_required
|
2026-01-08 01:00:26 +10:30
|
|
|
|
def delete_me():
|
|
|
|
|
|
"""
|
|
|
|
|
|
Delete current user account (soft delete).
|
|
|
|
|
|
|
|
|
|
|
|
Returns:
|
|
|
|
|
|
200: Account deleted successfully
|
|
|
|
|
|
401: Not authenticated
|
|
|
|
|
|
"""
|
|
|
|
|
|
UserService.delete_user(g.current_user, soft=True)
|
|
|
|
|
|
|
|
|
|
|
|
return api_response(
|
|
|
|
|
|
message="Account deleted successfully",
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@api_v1_bp.route("/users/me/password", methods=["POST"])
|
|
|
|
|
|
@login_required
|
2026-01-16 17:31:20 +10:30
|
|
|
|
@full_access_required
|
2026-01-08 01:00:26 +10:30
|
|
|
|
def change_password():
|
|
|
|
|
|
"""
|
|
|
|
|
|
Change current user password.
|
|
|
|
|
|
|
|
|
|
|
|
Request body:
|
|
|
|
|
|
current_password: Current password
|
|
|
|
|
|
new_password: New password
|
|
|
|
|
|
new_password_confirm: New password confirmation
|
|
|
|
|
|
|
|
|
|
|
|
Returns:
|
|
|
|
|
|
200: Password changed successfully
|
|
|
|
|
|
400: Validation error
|
|
|
|
|
|
401: Not authenticated or invalid current password
|
|
|
|
|
|
"""
|
|
|
|
|
|
try:
|
|
|
|
|
|
# Validate request data
|
|
|
|
|
|
schema = ChangePasswordSchema()
|
|
|
|
|
|
data = schema.load(request.json)
|
|
|
|
|
|
|
|
|
|
|
|
# Verify passwords match
|
|
|
|
|
|
if data["new_password"] != data["new_password_confirm"]:
|
|
|
|
|
|
return api_response(
|
|
|
|
|
|
success=False,
|
|
|
|
|
|
message="New passwords do not match",
|
|
|
|
|
|
status=400,
|
|
|
|
|
|
error_type="VALIDATION_ERROR",
|
|
|
|
|
|
error_details={"new_password_confirm": ["Passwords do not match"]},
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
# Change password
|
|
|
|
|
|
AuthService.change_password(
|
|
|
|
|
|
user=g.current_user,
|
|
|
|
|
|
current_password=data["current_password"],
|
|
|
|
|
|
new_password=data["new_password"],
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
return api_response(
|
|
|
|
|
|
message="Password changed successfully",
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
except ValidationError as e:
|
|
|
|
|
|
return api_response(
|
|
|
|
|
|
success=False,
|
|
|
|
|
|
message="Validation failed",
|
|
|
|
|
|
status=400,
|
|
|
|
|
|
error_type="VALIDATION_ERROR",
|
|
|
|
|
|
error_details=e.messages,
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@api_v1_bp.route("/users/me/organizations", methods=["GET"])
|
|
|
|
|
|
@login_required
|
2026-01-16 17:31:20 +10:30
|
|
|
|
@full_access_required
|
2026-01-08 01:00:26 +10:30
|
|
|
|
def get_my_organizations():
|
|
|
|
|
|
"""
|
|
|
|
|
|
Get all organizations current user is a member of.
|
|
|
|
|
|
|
|
|
|
|
|
Returns:
|
|
|
|
|
|
200: List of organizations
|
|
|
|
|
|
401: Not authenticated
|
|
|
|
|
|
"""
|
|
|
|
|
|
organizations = UserService.get_user_organizations(g.current_user)
|
|
|
|
|
|
|
|
|
|
|
|
return api_response(
|
|
|
|
|
|
data={
|
|
|
|
|
|
"organizations": [org.to_dict() for org in organizations],
|
|
|
|
|
|
"count": len(organizations),
|
|
|
|
|
|
},
|
|
|
|
|
|
message="Organizations retrieved successfully",
|
|
|
|
|
|
)
|
2026-02-28 23:48:07 +05:45
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@api_v1_bp.route("/users/me/principals", methods=["GET"])
|
|
|
|
|
|
@login_required
|
|
|
|
|
|
@full_access_required
|
|
|
|
|
|
def get_my_principals():
|
|
|
|
|
|
"""Return all principals the current user can sign certificates for.
|
|
|
|
|
|
|
|
|
|
|
|
For each organization the user belongs to, returns:
|
|
|
|
|
|
- Their effective principals (direct membership + via department)
|
|
|
|
|
|
- Their role in that org (so the frontend can offer admin-mode selection)
|
|
|
|
|
|
- All principals in the org (admin/owner only — so they can pick any)
|
|
|
|
|
|
|
|
|
|
|
|
Returns:
|
|
|
|
|
|
200: {
|
|
|
|
|
|
orgs: [{
|
|
|
|
|
|
org_id, org_name, role,
|
|
|
|
|
|
my_principals: [{id, name, description}],
|
|
|
|
|
|
all_principals: [{id, name, description}] # populated for admin/owner only
|
|
|
|
|
|
}]
|
|
|
|
|
|
}
|
|
|
|
|
|
"""
|
|
|
|
|
|
from gatehouse_app.models.organization_member import OrganizationMember
|
|
|
|
|
|
from gatehouse_app.models.principal import Principal, PrincipalMembership
|
|
|
|
|
|
from gatehouse_app.models.department import DepartmentMembership, DepartmentPrincipal
|
|
|
|
|
|
from gatehouse_app.utils.constants import OrganizationRole
|
|
|
|
|
|
|
|
|
|
|
|
user = g.current_user
|
|
|
|
|
|
user_id = user.id
|
|
|
|
|
|
|
|
|
|
|
|
# Get all org memberships
|
|
|
|
|
|
memberships = OrganizationMember.query.filter_by(
|
|
|
|
|
|
user_id=user_id,
|
|
|
|
|
|
).all()
|
|
|
|
|
|
|
|
|
|
|
|
orgs_result = []
|
|
|
|
|
|
for membership in memberships:
|
|
|
|
|
|
org = membership.organization
|
|
|
|
|
|
if not org or org.deleted_at is not None:
|
|
|
|
|
|
continue
|
|
|
|
|
|
|
|
|
|
|
|
role = membership.role
|
|
|
|
|
|
is_admin = role in (OrganizationRole.ADMIN, OrganizationRole.OWNER)
|
|
|
|
|
|
|
|
|
|
|
|
# Collect the user's effective principals for this org
|
|
|
|
|
|
effective_principal_ids = set()
|
|
|
|
|
|
|
|
|
|
|
|
# Direct memberships
|
|
|
|
|
|
direct = PrincipalMembership.query.filter_by(
|
|
|
|
|
|
user_id=user_id,
|
|
|
|
|
|
deleted_at=None,
|
|
|
|
|
|
).all()
|
|
|
|
|
|
for pm in direct:
|
|
|
|
|
|
if pm.principal and pm.principal.organization_id == org.id and pm.principal.deleted_at is None:
|
|
|
|
|
|
effective_principal_ids.add(pm.principal_id)
|
|
|
|
|
|
|
|
|
|
|
|
# Via department
|
|
|
|
|
|
dept_memberships = DepartmentMembership.query.filter_by(
|
|
|
|
|
|
user_id=user_id,
|
|
|
|
|
|
deleted_at=None,
|
|
|
|
|
|
).all()
|
|
|
|
|
|
for dm in dept_memberships:
|
|
|
|
|
|
if dm.department and dm.department.organization_id == org.id and dm.department.deleted_at is None:
|
|
|
|
|
|
dept_principals = DepartmentPrincipal.query.filter_by(
|
|
|
|
|
|
department_id=dm.department_id,
|
|
|
|
|
|
deleted_at=None,
|
|
|
|
|
|
).all()
|
|
|
|
|
|
for dp in dept_principals:
|
|
|
|
|
|
if dp.principal and dp.principal.deleted_at is None:
|
|
|
|
|
|
effective_principal_ids.add(dp.principal_id)
|
|
|
|
|
|
|
|
|
|
|
|
# Fetch principal objects
|
|
|
|
|
|
my_principals = []
|
|
|
|
|
|
if effective_principal_ids:
|
|
|
|
|
|
my_p = Principal.query.filter(
|
|
|
|
|
|
Principal.id.in_(list(effective_principal_ids)),
|
|
|
|
|
|
Principal.deleted_at == None,
|
|
|
|
|
|
).all()
|
|
|
|
|
|
my_principals = [{"id": p.id, "name": p.name, "description": p.description} for p in my_p]
|
|
|
|
|
|
|
|
|
|
|
|
# For admins/owners: also return all principals in the org
|
|
|
|
|
|
all_principals = []
|
|
|
|
|
|
if is_admin:
|
|
|
|
|
|
all_p = Principal.query.filter_by(
|
|
|
|
|
|
organization_id=org.id,
|
|
|
|
|
|
deleted_at=None,
|
|
|
|
|
|
).all()
|
|
|
|
|
|
all_principals = [{"id": p.id, "name": p.name, "description": p.description} for p in all_p]
|
|
|
|
|
|
|
|
|
|
|
|
orgs_result.append({
|
|
|
|
|
|
"org_id": org.id,
|
|
|
|
|
|
"org_name": org.name,
|
|
|
|
|
|
"role": role.value if hasattr(role, "value") else role,
|
|
|
|
|
|
"is_admin": is_admin,
|
|
|
|
|
|
"my_principals": my_principals,
|
|
|
|
|
|
"all_principals": all_principals,
|
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
|
|
return api_response(
|
|
|
|
|
|
data={"orgs": orgs_result},
|
|
|
|
|
|
message="Principals retrieved successfully",
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@api_v1_bp.route("/admin/users", methods=["GET"])
|
|
|
|
|
|
@login_required
|
|
|
|
|
|
def admin_list_users():
|
|
|
|
|
|
"""List all users the caller has admin rights to see.
|
|
|
|
|
|
|
|
|
|
|
|
The caller must be an OWNER or ADMIN of at least one organization.
|
|
|
|
|
|
Returns users that share an organization with the caller and where the
|
|
|
|
|
|
caller holds admin/owner role in that organization.
|
|
|
|
|
|
|
|
|
|
|
|
Query params:
|
|
|
|
|
|
q – optional search string (matched against name/email)
|
|
|
|
|
|
page – page number (default 1)
|
|
|
|
|
|
per_page – page size (default 50, max 200)
|
|
|
|
|
|
"""
|
|
|
|
|
|
from gatehouse_app.models.organization_member import OrganizationMember
|
|
|
|
|
|
from gatehouse_app.models.user import User as _User
|
|
|
|
|
|
from gatehouse_app.extensions import db as _db
|
|
|
|
|
|
from sqlalchemy import or_
|
|
|
|
|
|
|
|
|
|
|
|
caller = g.current_user
|
|
|
|
|
|
|
|
|
|
|
|
# Find orgs where caller is admin/owner
|
|
|
|
|
|
admin_memberships = OrganizationMember.query.filter(
|
|
|
|
|
|
OrganizationMember.user_id == caller.id,
|
|
|
|
|
|
OrganizationMember.role.in_(["OWNER", "ADMIN"]),
|
|
|
|
|
|
OrganizationMember.deleted_at == None,
|
|
|
|
|
|
).all()
|
|
|
|
|
|
|
|
|
|
|
|
if not admin_memberships:
|
|
|
|
|
|
return api_response(
|
|
|
|
|
|
success=False,
|
|
|
|
|
|
message="Admin or owner role required",
|
|
|
|
|
|
status=403,
|
|
|
|
|
|
error_type="AUTHORIZATION_ERROR",
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
admin_org_ids = [m.organization_id for m in admin_memberships]
|
|
|
|
|
|
|
|
|
|
|
|
# Collect user IDs in those orgs
|
|
|
|
|
|
member_rows = OrganizationMember.query.filter(
|
|
|
|
|
|
OrganizationMember.organization_id.in_(admin_org_ids),
|
|
|
|
|
|
OrganizationMember.deleted_at == None,
|
|
|
|
|
|
).all()
|
|
|
|
|
|
visible_user_ids = list({row.user_id for row in member_rows})
|
|
|
|
|
|
|
|
|
|
|
|
# Optional search
|
|
|
|
|
|
q = request.args.get("q", "").strip()
|
|
|
|
|
|
try:
|
|
|
|
|
|
page = max(1, int(request.args.get("page", 1)))
|
|
|
|
|
|
per_page = min(200, max(1, int(request.args.get("per_page", 50))))
|
|
|
|
|
|
except ValueError:
|
|
|
|
|
|
page, per_page = 1, 50
|
|
|
|
|
|
|
|
|
|
|
|
query = _User.query.filter(
|
|
|
|
|
|
_User.id.in_(visible_user_ids),
|
|
|
|
|
|
_User.deleted_at == None,
|
|
|
|
|
|
)
|
|
|
|
|
|
if q:
|
|
|
|
|
|
like = f"%{q}%"
|
|
|
|
|
|
query = query.filter(or_(_User.email.ilike(like), _User.full_name.ilike(like)))
|
|
|
|
|
|
|
|
|
|
|
|
total = query.count()
|
|
|
|
|
|
users = query.order_by(_User.email).offset((page - 1) * per_page).limit(per_page).all()
|
|
|
|
|
|
|
|
|
|
|
|
member_lookup: dict = {}
|
|
|
|
|
|
for row in member_rows:
|
|
|
|
|
|
if row.user_id not in member_lookup:
|
|
|
|
|
|
member_lookup[row.user_id] = {
|
|
|
|
|
|
"organization_id": row.organization_id,
|
|
|
|
|
|
"role": row.role.value if hasattr(row.role, "value") else row.role,
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
users_data = []
|
|
|
|
|
|
for u in users:
|
|
|
|
|
|
d = u.to_dict()
|
|
|
|
|
|
m = member_lookup.get(u.id, {})
|
|
|
|
|
|
d["org_role"] = m.get("role", "member")
|
|
|
|
|
|
d["org_id"] = m.get("organization_id")
|
|
|
|
|
|
users_data.append(d)
|
|
|
|
|
|
|
|
|
|
|
|
return api_response(
|
|
|
|
|
|
data={
|
|
|
|
|
|
"users": users_data,
|
|
|
|
|
|
"count": total,
|
|
|
|
|
|
"page": page,
|
|
|
|
|
|
"per_page": per_page,
|
|
|
|
|
|
"pages": (total + per_page - 1) // per_page,
|
|
|
|
|
|
},
|
|
|
|
|
|
message="Users retrieved successfully",
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@api_v1_bp.route("/admin/users/<user_id>", methods=["GET"])
|
|
|
|
|
|
@login_required
|
|
|
|
|
|
def admin_get_user(user_id):
|
|
|
|
|
|
"""Get a single user's profile (admin view with SSH keys)."""
|
|
|
|
|
|
from gatehouse_app.models.organization_member import OrganizationMember
|
|
|
|
|
|
from gatehouse_app.models.user import User as _User
|
|
|
|
|
|
from gatehouse_app.models.ssh_key import SSHKey
|
|
|
|
|
|
|
|
|
|
|
|
caller = g.current_user
|
|
|
|
|
|
|
|
|
|
|
|
target = _User.query.filter_by(id=user_id, deleted_at=None).first()
|
|
|
|
|
|
if not target:
|
|
|
|
|
|
return api_response(success=False, message="User not found", status=404, error_type="NOT_FOUND")
|
|
|
|
|
|
|
|
|
|
|
|
# Verify caller has admin access to a shared org
|
|
|
|
|
|
target_org_ids = {m.organization_id for m in target.organization_memberships if m.deleted_at is None}
|
|
|
|
|
|
has_access = OrganizationMember.query.filter(
|
|
|
|
|
|
OrganizationMember.user_id == caller.id,
|
|
|
|
|
|
OrganizationMember.organization_id.in_(target_org_ids),
|
|
|
|
|
|
OrganizationMember.role.in_(["OWNER", "ADMIN"]),
|
|
|
|
|
|
OrganizationMember.deleted_at == None,
|
|
|
|
|
|
).first() is not None
|
|
|
|
|
|
|
|
|
|
|
|
if not has_access:
|
|
|
|
|
|
return api_response(success=False, message="Access denied", status=403, error_type="AUTHORIZATION_ERROR")
|
|
|
|
|
|
|
|
|
|
|
|
ssh_keys = SSHKey.query.filter_by(user_id=user_id, deleted_at=None).all()
|
|
|
|
|
|
|
|
|
|
|
|
return api_response(
|
|
|
|
|
|
data={
|
|
|
|
|
|
"user": target.to_dict(),
|
|
|
|
|
|
"ssh_keys": [k.to_dict() for k in ssh_keys],
|
|
|
|
|
|
},
|
|
|
|
|
|
message="User retrieved",
|
|
|
|
|
|
)
|
