add new ui

backend/routers/auditories.py

@@ -1,10 +1,11 @@
 from fastapi import APIRouter, Depends
 from sqlalchemy.orm import Session
 from .. import models, schemas, database
+from ..security import require_roles
 
 auditories = APIRouter(prefix="/auditories", tags=["auditories"])
 
-@auditories.post("/", response_model=schemas.AuditoryRead)
+@auditories.post("/", response_model=schemas.AuditoryRead, dependencies=[Depends(require_roles(["admin", "editor"]))])
 def create_auditory(item: schemas.AuditoryCreate, db: Session = Depends(database.get_db)):
     obj = models.Auditory(**item.dict())
     db.add(obj)

backend/routers/auth.py

@@ -0,0 +1,63 @@
+from datetime import timedelta
+
+from fastapi import APIRouter, Depends, HTTPException, status
+from fastapi.security import OAuth2PasswordRequestForm
+from sqlalchemy.orm import Session
+
+from .. import schemas, database
+from ..security import authenticate_user, create_access_token, get_password_hash, require_roles
+from ..models import User
+
+
+auth = APIRouter(prefix="/auth", tags=["auth"])
+
+
+@auth.post("/token", response_model=schemas.Token)
+def login_for_access_token(
+    form_data: OAuth2PasswordRequestForm = Depends(),
+    db: Session = Depends(database.get_db),
+):
+    user = authenticate_user(db, form_data.username, form_data.password)
+    if not user:
+        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Incorrect username or password")
+    access_token_expires = timedelta(minutes=60)
+    access_token = create_access_token(data={"sub": user.username, "role": user.role}, expires_delta=access_token_expires)
+    return {"access_token": access_token, "token_type": "bearer"}
+
+
+@auth.post("/users", response_model=schemas.UserRead, dependencies=[Depends(require_roles(["admin"]))])
+def create_user(item: schemas.UserCreate, db: Session = Depends(database.get_db)):
+    if db.query(User).filter(User.username == item.username).first():
+        raise HTTPException(status_code=400, detail="Username already exists")
+    obj = User(username=item.username, password_hash=get_password_hash(item.password), role=item.role)
+    db.add(obj)
+    db.commit()
+    db.refresh(obj)
+    return obj
+
+
+@auth.post("/users/admin", response_model=schemas.UserRead, dependencies=[Depends(require_roles(["admin"]))])
+def create_admin_user(item: schemas.UserCreate, db: Session = Depends(database.get_db)):
+    if db.query(User).filter(User.username == item.username).first():
+        raise HTTPException(status_code=400, detail="Username already exists")
+    obj = User(username=item.username, password_hash=get_password_hash(item.password), role="admin")
+    db.add(obj)
+    db.commit()
+    db.refresh(obj)
+    return obj
+
+
+@auth.get("/users", response_model=list[schemas.UserRead], dependencies=[Depends(require_roles(["admin"]))])
+def list_users(db: Session = Depends(database.get_db)):
+    return db.query(User).all()
+
+
+@auth.patch("/users/{user_id}/role", response_model=schemas.UserRead, dependencies=[Depends(require_roles(["admin"]))])
+def update_user_role(user_id: int, payload: schemas.UserRoleUpdate, db: Session = Depends(database.get_db)):
+    user = db.query(User).filter(User.id == user_id).first()
+    if not user:
+        raise HTTPException(status_code=404, detail="User not found")
+    user.role = payload.role
+    db.commit()
+    db.refresh(user)
+    return user

backend/routers/components.py

@@ -1,11 +1,12 @@
 from fastapi import APIRouter, Depends
 from sqlalchemy.orm import Session
 from .. import models, schemas, database
+from ..security import require_roles
 
 
 components = APIRouter(prefix="/components", tags=["components"])
 
-@components.post("/", response_model=schemas.ComponentRead)
+@components.post("/", response_model=schemas.ComponentRead, dependencies=[Depends(require_roles(["admin", "editor"]))])
 def create_component(item: schemas.ComponentCreate, db: Session = Depends(database.get_db)):
     obj = models.Component(**item.dict())
     db.add(obj)

backend/routers/equipment_types.py

@@ -1,10 +1,11 @@
 from fastapi import APIRouter, Depends
 from sqlalchemy.orm import Session
 from .. import models, schemas, database
+from ..security import require_roles
 
 equipment_types = APIRouter(prefix="/equipment-types", tags=["equipment_types"])
 
-@equipment_types.post("/", response_model=schemas.EquipmentTypeRead)
+@equipment_types.post("/", response_model=schemas.EquipmentTypeRead, dependencies=[Depends(require_roles(["admin", "editor"]))])
 def create_equipment_type(item: schemas.EquipmentTypeCreate, db: Session = Depends(database.get_db)):
     obj = models.EquipmentType(**item.dict())
     db.add(obj)

backend/routers/oboruds.py

@@ -2,10 +2,11 @@ from fastapi import APIRouter, Depends, HTTPException
 from typing import Optional
 from sqlalchemy.orm import Session
 from .. import models, schemas, database
+from ..security import require_roles
 
 oboruds = APIRouter(prefix="/oboruds", tags=["oboruds"])
 
-@oboruds.post("/", response_model=schemas.OborudRead)
+@oboruds.post("/", response_model=schemas.OborudRead, dependencies=[Depends(require_roles(["admin", "editor"]))])
 def create_oborud(item: schemas.OborudCreate, db: Session = Depends(database.get_db)):
     obj = models.Oboruds(**item.dict())
     db.add(obj)
@@ -26,3 +27,16 @@ def get_oborud(oborud_id: int, db: Session = Depends(database.get_db)):
     if not obj:
         raise HTTPException(status_code=404, detail="Oborud not found")
     return obj
+
+
+@oboruds.patch("/{oborud_id}", response_model=schemas.OborudRead, dependencies=[Depends(require_roles(["admin", "editor"]))])
+def update_oborud(oborud_id: int, payload: schemas.OborudUpdate, db: Session = Depends(database.get_db)):
+    obj = db.query(models.Oboruds).filter(models.Oboruds.id == oborud_id).first()
+    if not obj:
+        raise HTTPException(status_code=404, detail="Oborud not found")
+    data = payload.dict(exclude_unset=True)
+    for k, v in data.items():
+        setattr(obj, k, v)
+    db.commit()
+    db.refresh(obj)
+    return obj

backend/routers/owners.py

@@ -0,0 +1,22 @@
+from fastapi import APIRouter, Depends
+from sqlalchemy.orm import Session
+from .. import models, schemas, database
+from ..security import require_roles
+
+
+owners = APIRouter(prefix="/owners", tags=["owners"])
+
+
+@owners.post("/", response_model=schemas.OwnerRead, dependencies=[Depends(require_roles(["admin", "editor"]))])
+def create_owner(item: schemas.OwnerCreate, db: Session = Depends(database.get_db)):
+    obj = models.Owner(**item.dict())
+    db.add(obj)
+    db.commit()
+    db.refresh(obj)
+    return obj
+
+
+@owners.get("/", response_model=list[schemas.OwnerRead])
+def list_owners(db: Session = Depends(database.get_db)):
+    return db.query(models.Owner).all()
+

backend/routers/rashodniki.py

@@ -1,10 +1,11 @@
 from fastapi import APIRouter, Depends
 from sqlalchemy.orm import Session
 from .. import models, schemas, database
+from ..security import require_roles
 
 consumables = APIRouter(prefix="/consumables", tags=["consumables"])
 
-@consumables.post("/", response_model=schemas.ConsumableRead)
+@consumables.post("/", response_model=schemas.ConsumableRead, dependencies=[Depends(require_roles(["admin", "editor"]))])
 def create_consumable(item: schemas.ConsumableCreate, db: Session = Depends(database.get_db)):
     obj = models.Consumable(**item.dict())
     db.add(obj)

backend/routers/zametki.py

@@ -1,10 +1,11 @@
 from fastapi import APIRouter, Depends
 from sqlalchemy.orm import Session
 from .. import models, schemas, database
+from ..security import require_roles
 
 zametki = APIRouter(prefix="/zametki", tags=["zametki"])
 
-@zametki.post("/", response_model=schemas.ZametkaRead)
+@zametki.post("/", response_model=schemas.ZametkaRead, dependencies=[Depends(require_roles(["admin", "editor"]))])
 def create_zametka(item: schemas.ZametkaCreate, db: Session = Depends(database.get_db)):
     obj = models.Zametki(**item.dict())
     db.add(obj)