async def destroy(
user_id: int,
user_repo: UserRepo = Depends(UserRepo()),
token: TokenPayload = Depends(
ScopedTo("user:create", "super", satisfy="one")),
user: User = Depends(current_user),
):
if user_id == user.id:
abort(403, msg="Cannot deactivate self")
remaining_supers = len(
user_repo.filter(
user_repo.label("is_superuser") == True,
user_repo.label("is_active") == True,
user_repo.label("id") != user_id,
).all().results())
if remaining_supers < 1:
abort(
403,
msg="Cannot deactivate user. No other active super users available."
)
user_repo.clear()
messages = [{"text": "Deactivation Succesful", "type": "success"}]
if not user_repo.exists(id=user_id):
return BaseResponse(messages=messages)
user_repo.deactivate(user_id)
return BaseResponse(messages=messages)
async def store(
form: UserCreateForm,
user_repo: UserRepo = Depends(UserRepo()),
token: TokenPayload = Depends(
ScopedTo("user:create", "super", satisfy="one")),
):
if user_repo.exists(email=form.email):
abort_for_input("email", "Email has already been taken.")
user_repo.clear()
# TODO: data validation against current db & perm checks
data = {
"email": form.email,
"hashed_password": hash_password(form.password),
"is_active": getattr(form, "is_superuser", True),
"is_superuser": getattr(form, "is_superuser", False),
}
item = user_repo.create(data).data()
return UserResponse(user=item)
