async def post(
form: UserCreateForm,
user_repo: UserRepo = Depends(UserRepo),
token: TokenPayload = Depends(ScopedTo("user:create", "super")),
):
# TODO: data validation against current db & perm checks
data = {
"email": form.email,
"hashed_password": hash_password(form.password),
"is_active": True,
"is_superuser": False,
}
item = user_repo.create(data).data()
return UserResponse(user=item)
async def store(
form: UserCreateForm,
user_repo: UserRepo = Depends(UserRepo()),
token: TokenPayload = Depends(
ScopedTo("user:create", "super", satisfy="one")),
):
if user_repo.exists(email=form.email):
abort_for_input("email", "Email has already been taken.")
user_repo.clear()
# TODO: data validation against current db & perm checks
data = {
"email": form.email,
"hashed_password": hash_password(form.password),
"is_active": getattr(form, "is_superuser", True),
"is_superuser": getattr(form, "is_superuser", False),
}
item = user_repo.create(data).data()
return UserResponse(user=item)
