user roles

2025-06-10 12:42:48 +02:00
parent 583f1c9d32
commit 0f1dc51949
2 changed files with 43 additions and 4 deletions
--- a/routes/admin_api.py
+++ b/routes/admin_api.py
@@ -282,6 +282,9 @@ def get_contacts(current_user):
        'company': user.company,
        'position': user.position,
        'is_active': user.is_active,
+        'is_admin': user.is_admin,
+        'is_manager': user.is_manager,
+        'role': 'admin' if user.is_admin else 'manager' if user.is_manager else 'user',
        'created_at': user.created_at.isoformat()
    } for user in users])

@@ -301,6 +304,9 @@ def get_contact(current_user, user_id):
        'company': user.company,
        'position': user.position,
        'is_active': user.is_active,
+        'is_admin': user.is_admin,
+        'is_manager': user.is_manager,
+        'role': 'admin' if user.is_admin else 'manager' if user.is_manager else 'user',
        'created_at': user.created_at.isoformat()
    })

@@ -309,20 +315,26 @@ def get_contact(current_user, user_id):
@token_required
 def create_contact(current_user):
    data = request.get_json()
-    required_fields = ['username', 'email', 'last_name']
+    required_fields = ['username', 'email', 'last_name', 'role']
    if not all(field in data for field in required_fields):
        return jsonify({'message': 'Missing required fields'}), 400
    
    if User.query.filter_by(email=data['email']).first():
        return jsonify({'message': 'Email already exists'}), 400
    
+    # Validate role
+    if data['role'] not in ['admin', 'manager', 'user']:
+        return jsonify({'message': 'Invalid role'}), 400
+    
    user = User(
        username=data['username'],
        email=data['email'],
        last_name=data['last_name'],
        phone=data.get('phone'),
        company=data.get('company'),
-        position=data.get('position')
+        position=data.get('position'),
+        is_admin=data['role'] == 'admin',
+        is_manager=data['role'] == 'manager'
    )
    user.set_password(data.get('password', 'changeme'))
    
@@ -344,6 +356,13 @@ def update_contact(current_user, user_id):
            return jsonify({'message': 'Email already exists'}), 400
        user.email = data['email']
    
+    # Update role if provided
+    if 'role' in data:
+        if data['role'] not in ['admin', 'manager', 'user']:
+            return jsonify({'message': 'Invalid role'}), 400
+        user.is_admin = data['role'] == 'admin'
+        user.is_manager = data['role'] == 'manager'
+    
    user.username = data.get('username', user.username)
    user.last_name = data.get('last_name', user.last_name)
    user.phone = data.get('phone', user.phone)