""" User management API endpoints """ from typing import List, Optional from uuid import UUID from fastapi import APIRouter, Depends, HTTPException, Query, status from app.api.v1.dependencies.auth import get_current_user, require_permission from app.api.v1.dependencies.pagination import PaginationParams from app.core.exceptions.user import UserNotFoundError, UserAlreadyExistsError from app.domain.entities.user import User, UserRole, UserStatus from app.domain.services.user_service import UserService from app.schemas.base import MessageResponse, PaginatedResponse from app.schemas.user import ( UserCreate, UserUpdate, UserResponse, UserListResponse, UserStatusUpdate, UserRoleUpdate ) router = APIRouter(prefix="/users", tags=["Users"]) @router.post("/", response_model=UserResponse, status_code=status.HTTP_201_CREATED) async def create_user( user_create: UserCreate, user_service: UserService = Depends(), current_user: User = Depends(require_permission("user:create")) ): """Create a new user""" try: user = await user_service.create_user(user_create) return UserResponse.from_entity(user) except UserAlreadyExistsError as e: raise HTTPException( status_code=status.HTTP_409_CONFLICT, detail=str(e) ) @router.get("/", response_model=PaginatedResponse[UserListResponse]) async def list_users( pagination: PaginationParams = Depends(), status_filter: Optional[UserStatus] = Query(None, alias="status"), role_filter: Optional[UserRole] = Query(None, alias="role"), search: Optional[str] = Query(None, description="Search by name or email"), user_service: UserService = Depends(), current_user: User = Depends(require_permission("user:read")) ): """List users with pagination and filtering""" users, total = await user_service.list_users( skip=pagination.skip, limit=pagination.limit, status_filter=status_filter, role_filter=role_filter, search=search ) return PaginatedResponse( items=[UserListResponse.from_entity(user) for user in users], total=total, page=pagination.page, size=pagination.size, pages=(total + pagination.size - 1) // pagination.size ) @router.get("/{user_id}", response_model=UserResponse) async def get_user( user_id: UUID, user_service: UserService = Depends(), current_user: User = Depends(require_permission("user:read")) ): """Get user by ID""" try: user = await user_service.get_user_by_id(user_id) return UserResponse.from_entity(user) except UserNotFoundError as e: raise HTTPException( status_code=status.HTTP_404_NOT_FOUND, detail=str(e) ) @router.put("/{user_id}", response_model=UserResponse) async def update_user( user_id: UUID, user_update: UserUpdate, user_service: UserService = Depends(), current_user: User = Depends(require_permission("user:update")) ): """Update user""" try: user = await user_service.update_user(user_id, user_update) return UserResponse.from_entity(user) except UserNotFoundError as e: raise HTTPException( status_code=status.HTTP_404_NOT_FOUND, detail=str(e) ) @router.delete("/{user_id}", response_model=MessageResponse) async def delete_user( user_id: UUID, user_service: UserService = Depends(), current_user: User = Depends(require_permission("user:delete")) ): """Delete user""" try: await user_service.delete_user(user_id) return MessageResponse(message="User deleted successfully") except UserNotFoundError as e: raise HTTPException( status_code=status.HTTP_404_NOT_FOUND, detail=str(e) ) @router.patch("/{user_id}/status", response_model=UserResponse) async def update_user_status( user_id: UUID, status_update: UserStatusUpdate, user_service: UserService = Depends(), current_user: User = Depends(require_permission("user:update")) ): """Update user status""" try: user = await user_service.update_user_status(user_id, status_update.status) return UserResponse.from_entity(user) except UserNotFoundError as e: raise HTTPException( status_code=status.HTTP_404_NOT_FOUND, detail=str(e) ) @router.patch("/{user_id}/roles", response_model=UserResponse) async def update_user_roles( user_id: UUID, role_update: UserRoleUpdate, user_service: UserService = Depends(), current_user: User = Depends(require_permission("user:update")) ): """Update user roles""" try: user = await user_service.update_user_roles(user_id, role_update.roles) return UserResponse.from_entity(user) except UserNotFoundError as e: raise HTTPException( status_code=status.HTTP_404_NOT_FOUND, detail=str(e) ) @router.post("/{user_id}/activate", response_model=MessageResponse) async def activate_user( user_id: UUID, user_service: UserService = Depends(), current_user: User = Depends(require_permission("user:update")) ): """Activate user account""" try: await user_service.activate_user(user_id) return MessageResponse(message="User activated successfully") except UserNotFoundError as e: raise HTTPException( status_code=status.HTTP_404_NOT_FOUND, detail=str(e) ) @router.post("/{user_id}/deactivate", response_model=MessageResponse) async def deactivate_user( user_id: UUID, user_service: UserService = Depends(), current_user: User = Depends(require_permission("user:update")) ): """Deactivate user account""" try: await user_service.deactivate_user(user_id) return MessageResponse(message="User deactivated successfully") except UserNotFoundError as e: raise HTTPException( status_code=status.HTTP_404_NOT_FOUND, detail=str(e) ) @router.post("/{user_id}/suspend", response_model=MessageResponse) async def suspend_user( user_id: UUID, user_service: UserService = Depends(), current_user: User = Depends(require_permission("user:update")) ): """Suspend user account""" try: await user_service.suspend_user(user_id) return MessageResponse(message="User suspended successfully") except UserNotFoundError as e: raise HTTPException( status_code=status.HTTP_404_NOT_FOUND, detail=str(e) ) @router.get("/{user_id}/permissions", response_model=List[str]) async def get_user_permissions( user_id: UUID, user_service: UserService = Depends(), current_user: User = Depends(require_permission("user:read")) ): """Get user permissions""" try: permissions = await user_service.get_user_permissions(user_id) return permissions except UserNotFoundError as e: raise HTTPException( status_code=status.HTTP_404_NOT_FOUND, detail=str(e) )