57 lines
1.9 KiB
Python
57 lines
1.9 KiB
Python
from flask import Blueprint, request, jsonify
|
|
from ..db import get_db_connection, release_db_connection
|
|
from ..middleware import token_required
|
|
import bcrypt
|
|
|
|
team_blueprint = Blueprint('team', __name__)
|
|
|
|
@team_blueprint.route('/team/members', methods=['GET'])
|
|
@token_required
|
|
def list_team_members(user_info):
|
|
if user_info['role'] != 'admin':
|
|
return jsonify({"error": "Admin access required"}), 403
|
|
|
|
conn = get_db_connection()
|
|
cur = conn.cursor()
|
|
cur.execute("SELECT id, username, role, created_at FROM users WHERE parent_id = %s", (user_info['user_id'],))
|
|
rows = cur.fetchall()
|
|
release_db_connection(conn)
|
|
|
|
return jsonify([{
|
|
"id": r[0],
|
|
"username": r[1],
|
|
"role": r[2],
|
|
"created_at": r[3].isoformat()
|
|
} for r in rows])
|
|
|
|
@team_blueprint.route('/team/members', methods=['POST'])
|
|
@token_required
|
|
def add_team_member(user_info):
|
|
if user_info['role'] != 'admin':
|
|
return jsonify({"error": "Admin access required"}), 403
|
|
|
|
data = request.json
|
|
username = data.get('username')
|
|
password = data.get('password')
|
|
role = data.get('role', 'manager') # manager, viewer
|
|
|
|
if not username or not password:
|
|
return jsonify({"error": "Username and password required"}), 400
|
|
|
|
hashed_password = bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt()).decode('utf-8')
|
|
|
|
conn = get_db_connection()
|
|
cur = conn.cursor()
|
|
try:
|
|
cur.execute(
|
|
"INSERT INTO users (username, password_hash, role, parent_id) VALUES (%s, %s, %s, %s) RETURNING id",
|
|
(username, hashed_password, role, user_info['user_id'])
|
|
)
|
|
new_id = cur.fetchone()[0]
|
|
conn.commit()
|
|
return jsonify({"id": new_id, "message": "Team member added"}), 201
|
|
except Exception as e:
|
|
return jsonify({"error": "User already exists"}), 400
|
|
finally:
|
|
release_db_connection(conn)
|