feat: add user editing and deletion functionality for admins

2024-09-02 11:12:18 +02:00 · 2024-09-02 11:12:18 +02:00 · 1a90920cd3
commit 1a90920cd3
parent fb301ab9a7
1 changed files with 24 additions and 0 deletions
--- a/game_collection/user_management.py
+++ b/game_collection/user_management.py
@ -70,3 +70,27 @@ def get_users():
        'role': user.role,
        'last_login': user.last_login
    } for user in users])
+
+@user_bp.route('/users/<int:user_id>', methods=['PUT'])
+def edit_user(user_id):
+    if not authenticate() or g.user.role != 'admin':
+        return jsonify({'message': 'Unauthorized access! Only admins can edit users.'}), 401
+    data = request.json
+    user = User.query.get(user_id)
+    if not user:
+        return jsonify({'message': 'User not found!'}), 404
+    user.username = data.get('username', user.username)
+    user.role = data.get('role', user.role)
+    db.session.commit()
+    return jsonify({'message': 'User updated!'}), 200
+
+@user_bp.route('/users/<int:user_id>', methods=['DELETE'])
+def delete_user(user_id):
+    if not authenticate() or g.user.role != 'admin':
+        return jsonify({'message': 'Unauthorized access! Only admins can delete users.'}), 401
+    user = User.query.get(user_id)
+    if not user:
+        return jsonify({'message': 'User not found!'}), 404
+    db.session.delete(user)
+    db.session.commit()
+    return jsonify({'message': 'User deleted!'}), 200