60 lines
2.3 KiB
Python
60 lines
2.3 KiB
Python
from fastapi import APIRouter, Depends
|
|
from sqlalchemy.exc import SQLAlchemyError
|
|
from sqlalchemy.orm import Session
|
|
|
|
from app.db.session import get_db
|
|
from app.repositories.permissions_repo import PermissionsRepository
|
|
from app.repositories.users_repo import UsersRepository
|
|
from app.schemas.auth import KeycloakPrincipal, MeSummaryResponse
|
|
from app.schemas.permissions import PermissionSnapshotResponse
|
|
from app.security.idp_jwt import require_authenticated_principal
|
|
from app.services.permission_service import PermissionService
|
|
|
|
router = APIRouter(prefix="/me", tags=["me"])
|
|
|
|
|
|
@router.get("", response_model=MeSummaryResponse)
|
|
def get_me(
|
|
principal: KeycloakPrincipal = Depends(require_authenticated_principal),
|
|
db: Session = Depends(get_db),
|
|
) -> MeSummaryResponse:
|
|
try:
|
|
users_repo = UsersRepository(db)
|
|
user = users_repo.upsert_by_sub(
|
|
user_sub=principal.sub,
|
|
username=principal.preferred_username,
|
|
email=principal.email,
|
|
display_name=principal.name or principal.preferred_username,
|
|
is_active=True,
|
|
)
|
|
return MeSummaryResponse(sub=user.user_sub, email=user.email, display_name=user.display_name)
|
|
except SQLAlchemyError:
|
|
# DB schema compatibility fallback for local bring-up.
|
|
return MeSummaryResponse(
|
|
sub=principal.sub,
|
|
email=principal.email,
|
|
display_name=principal.name or principal.preferred_username,
|
|
)
|
|
|
|
|
|
@router.get("/permissions/snapshot", response_model=PermissionSnapshotResponse)
|
|
def get_my_permission_snapshot(
|
|
principal: KeycloakPrincipal = Depends(require_authenticated_principal),
|
|
db: Session = Depends(get_db),
|
|
) -> PermissionSnapshotResponse:
|
|
try:
|
|
users_repo = UsersRepository(db)
|
|
perms_repo = PermissionsRepository(db)
|
|
|
|
user = users_repo.upsert_by_sub(
|
|
user_sub=principal.sub,
|
|
username=principal.preferred_username,
|
|
email=principal.email,
|
|
display_name=principal.name or principal.preferred_username,
|
|
is_active=True,
|
|
)
|
|
permissions = perms_repo.list_by_user(user.id, user.user_sub)
|
|
return PermissionService.build_snapshot(user_sub=principal.sub, permissions=permissions)
|
|
except SQLAlchemyError:
|
|
return PermissionSnapshotResponse(user_sub=principal.sub, permissions=[])
|