satupeta-main/app/services/user_service.py

from typing import Dict, List, Tuple, Union, override

from fastapi import HTTPException, status
from uuid6 import UUID

from app.core.exceptions import NotFoundException
from app.core.security import get_password_hash
from app.models import UserModel
from app.repositories import UserRepository
from app.repositories.role_repository import RoleRepository
from app.schemas.user_schema import UserSchema

from . import BaseService


class UserService(BaseService[UserModel, UserRepository]):
    access_control_level = {
        "data_viewer": {"data_viewer"},
        "data_manager": {"data_manager", "data_viewer"},
        "data_validator": {"data_validator", "data_manager", "data_viewer"},
        "administrator": {
            "administrator",
            "data_validator",
            "data_manager",
            "data_viewer",
        },
    }

    def __init__(self, repository: UserRepository, role_repository: RoleRepository):
        super().__init__(UserModel, repository)
        self.role_repository = role_repository
        self.forbidden_exception = HTTPException(
            status_code=status.HTTP_403_FORBIDDEN,
            detail="You are not authorized to access this resource",
        )

    async def find_by_username(self, username: str) -> UserModel | None:
        user = await self.repository.find_by_username(username)
        if not user:
            raise NotFoundException("User not found")
        return user

    async def find_by_email(self, email: str) -> UserModel | None:
        user = await self.repository.find_by_email(email)
        if not user:
            raise NotFoundException("User not found")
        return user

    @override
    async def find_all(
        self,
        user: UserSchema,
        filters: Union[str, list[str]] = None,
        sort: Union[str, list[str]] = None,
        search: str = "",
        group_by: str = None,
        limit: int = 100,
        offset: int = 0,
        relationships: List[str] = None,
        searchable_columns: List[str] = None,
    ) -> Tuple[List[UserModel], int]:
        if user.role.name not in self.access_control_level["administrator"]:
            raise self.forbidden_exception

        role_instances = await self.role_repository.get_list_by_names(self.access_control_level[user.role.name])
        temp_filters = []
        for role in role_instances:
            temp_filters.append(f"role_id={role.id}")

        filters.append(temp_filters)
        return await super().find_all(
            filters,
            sort,
            search,
            group_by,
            limit,
            offset,
            relationships,
            searchable_columns,
        )

    async def find_by_id(self, id: UUID, user: UserSchema = None) -> UserSchema | None:

        user_instance = await self.repository.find_by_id(id)
        if not user_instance:
            raise NotFoundException("User not found")

        if user is not None:
            if user.role.name not in self.access_control_level["administrator"]:
                raise self.forbidden_exception
            if user_instance.role.name not in self.access_control_level[user.role.name]:
                raise self.forbidden_exception

        return user_instance

    async def create(self, user_data: Dict, user: UserSchema) -> UserModel:
        role_instance = await self.role_repository.find_by_id(user.role.id)

        if not role_instance:
            raise NotFoundException("Role not found")
        role_name = role_instance.name

        if role_name not in ["administrator", "data_validator"]:
            raise self.forbidden_exception

        if await self.repository.find_by_username(user_data["username"]):
            raise HTTPException(
                status_code=status.HTTP_400_BAD_REQUEST,
                detail="Username already exists",
            )
        if await self.repository.find_by_email(user_data["email"]):
            raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Email already exists")

        user_data["password"] = get_password_hash(user_data["password"])
        return await self.repository.create(user_data)

    async def update(self, id: UUID, user_data: Dict, user: UserSchema) -> UserModel:
        if user.role.name not in self.access_control_level["administrator"]:
            raise self.forbidden_exception

        user_instance = await self.find_by_id(id)
        if not user_instance:
            raise NotFoundException("User not found")

        if user_instance.role.name not in self.access_control_level[user.role.name]:
            raise self.forbidden_exception

        if "username" in user_data and await self.repository.find_by_username(user_data["username"]):
            raise HTTPException(
                status_code=status.HTTP_400_BAD_REQUEST,
                detail="Username already exists",
            )
        if "email" in user_data and await self.repository.find_by_email(user_data["email"]):
            raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Email already exists")

        if "password" in user_data:
            user_data["password"] = get_password_hash(user_data["password"])

        return await self.repository.update(id, user_data)

    async def bulk_update_activation(self, user_ids: List[UUID], is_active: bool, user: UserSchema) -> None:
        if user.role.name not in self.access_control_level["administrator"]:
            raise self.forbidden_exception

        existing_user_ids = await self.repository.find_all_ids(user_ids)
        for user_id in user_ids:
            if user_id not in existing_user_ids:
                raise NotFoundException(f"User with id {user_id} not found")

        await self.repository.bulk_update_activation(user_ids, is_active)
Initial commit on BE 2026-01-27 02:11:58 +00:00			`from typing import Dict, List, Tuple, Union, override`

			`from fastapi import HTTPException, status`
			`from uuid6 import UUID`

			`from app.core.exceptions import NotFoundException`
			`from app.core.security import get_password_hash`
			`from app.models import UserModel`
			`from app.repositories import UserRepository`
			`from app.repositories.role_repository import RoleRepository`
			`from app.schemas.user_schema import UserSchema`

			`from . import BaseService`


			`class UserService(BaseService[UserModel, UserRepository]):`
			`access_control_level = {`
			`"data_viewer": {"data_viewer"},`
			`"data_manager": {"data_manager", "data_viewer"},`
			`"data_validator": {"data_validator", "data_manager", "data_viewer"},`
			`"administrator": {`
			`"administrator",`
			`"data_validator",`
			`"data_manager",`
			`"data_viewer",`
			`},`
			`}`

			`def __init__(self, repository: UserRepository, role_repository: RoleRepository):`
			`super().__init__(UserModel, repository)`
			`self.role_repository = role_repository`
			`self.forbidden_exception = HTTPException(`
			`status_code=status.HTTP_403_FORBIDDEN,`
			`detail="You are not authorized to access this resource",`
			`)`

			`async def find_by_username(self, username: str) -> UserModel \| None:`
			`user = await self.repository.find_by_username(username)`
			`if not user:`
			`raise NotFoundException("User not found")`
			`return user`

			`async def find_by_email(self, email: str) -> UserModel \| None:`
			`user = await self.repository.find_by_email(email)`
			`if not user:`
			`raise NotFoundException("User not found")`
			`return user`

			`@override`
			`async def find_all(`
			`self,`
			`user: UserSchema,`
			`filters: Union[str, list[str]] = None,`
			`sort: Union[str, list[str]] = None,`
			`search: str = "",`
			`group_by: str = None,`
			`limit: int = 100,`
			`offset: int = 0,`
			`relationships: List[str] = None,`
			`searchable_columns: List[str] = None,`
			`) -> Tuple[List[UserModel], int]:`
			`if user.role.name not in self.access_control_level["administrator"]:`
			`raise self.forbidden_exception`

			`role_instances = await self.role_repository.get_list_by_names(self.access_control_level[user.role.name])`
			`temp_filters = []`
			`for role in role_instances:`
			`temp_filters.append(f"role_id={role.id}")`

			`filters.append(temp_filters)`
			`return await super().find_all(`
			`filters,`
			`sort,`
			`search,`
			`group_by,`
			`limit,`
			`offset,`
			`relationships,`
			`searchable_columns,`
			`)`

			`async def find_by_id(self, id: UUID, user: UserSchema = None) -> UserSchema \| None:`

			`user_instance = await self.repository.find_by_id(id)`
			`if not user_instance:`
			`raise NotFoundException("User not found")`

			`if user is not None:`
			`if user.role.name not in self.access_control_level["administrator"]:`
			`raise self.forbidden_exception`
			`if user_instance.role.name not in self.access_control_level[user.role.name]:`
			`raise self.forbidden_exception`

			`return user_instance`

			`async def create(self, user_data: Dict, user: UserSchema) -> UserModel:`
			`role_instance = await self.role_repository.find_by_id(user.role.id)`

			`if not role_instance:`
			`raise NotFoundException("Role not found")`
			`role_name = role_instance.name`

			`if role_name not in ["administrator", "data_validator"]:`
			`raise self.forbidden_exception`

			`if await self.repository.find_by_username(user_data["username"]):`
			`raise HTTPException(`
			`status_code=status.HTTP_400_BAD_REQUEST,`
			`detail="Username already exists",`
			`)`
			`if await self.repository.find_by_email(user_data["email"]):`
			`raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Email already exists")`

			`user_data["password"] = get_password_hash(user_data["password"])`
			`return await self.repository.create(user_data)`

			`async def update(self, id: UUID, user_data: Dict, user: UserSchema) -> UserModel:`
			`if user.role.name not in self.access_control_level["administrator"]:`
			`raise self.forbidden_exception`

			`user_instance = await self.find_by_id(id)`
			`if not user_instance:`
			`raise NotFoundException("User not found")`

			`if user_instance.role.name not in self.access_control_level[user.role.name]:`
			`raise self.forbidden_exception`

			`if "username" in user_data and await self.repository.find_by_username(user_data["username"]):`
			`raise HTTPException(`
			`status_code=status.HTTP_400_BAD_REQUEST,`
			`detail="Username already exists",`
			`)`
			`if "email" in user_data and await self.repository.find_by_email(user_data["email"]):`
			`raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Email already exists")`

			`if "password" in user_data:`
			`user_data["password"] = get_password_hash(user_data["password"])`

			`return await self.repository.update(id, user_data)`

			`async def bulk_update_activation(self, user_ids: List[UUID], is_active: bool, user: UserSchema) -> None:`
			`if user.role.name not in self.access_control_level["administrator"]:`
			`raise self.forbidden_exception`

			`existing_user_ids = await self.repository.find_all_ids(user_ids)`
			`for user_id in user_ids:`
			`if user_id not in existing_user_ids:`
			`raise NotFoundException(f"User with id {user_id} not found")`

			`await self.repository.bulk_update_activation(user_ids, is_active)`