Spaces:
Runtime error
Runtime error
| """ | |
| Admin-only endpoints for managing system-wide operations like tag linking | |
| and deleting core resources like users and devices. | |
| """ | |
| from fastapi import APIRouter, Depends, HTTPException, status | |
| from fastapi.concurrency import run_in_threadpool | |
| from sqlalchemy.orm import Session | |
| from datetime import datetime, timedelta | |
| from src import crud, models | |
| from src.auth import get_current_active_admin_user_from_token, get_current_active_user | |
| from src.database import get_db | |
| router = APIRouter( | |
| prefix="/api/admin", | |
| tags=["Admin"], | |
| dependencies=[Depends(get_current_active_admin_user_from_token)] | |
| ) | |
| async def prepare_device_for_tag_linking( | |
| request: models.PrepareTagLinkRequest, | |
| current_user: models.User = Depends(get_current_active_user), | |
| db: Session = Depends(get_db) | |
| ): | |
| """ | |
| Admin: Initiates a request to link a tag. This creates a temporary, | |
| expiring 'PendingTagLink' record for a device. | |
| """ | |
| device = await run_in_threadpool(crud.get_device_by_id_str, db, request.device_identifier) | |
| if not device or not device.is_active: | |
| raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Device not found or is inactive.") | |
| if request.target_user_type == models.TargetUserType.STUDENT: | |
| target = await run_in_threadpool(crud.get_student_by_student_id, db, request.target_identifier) | |
| else: | |
| target = await run_in_threadpool(crud.get_user_by_username, db, request.target_identifier) | |
| if not target: | |
| raise HTTPException( | |
| status_code=status.HTTP_404_NOT_FOUND, | |
| detail=f"{request.target_user_type.value} '{request.target_identifier}' not found." | |
| ) | |
| expiry_time = datetime.utcnow() + timedelta(minutes=2) | |
| await run_in_threadpool( | |
| crud.create_pending_tag_link, db, request, current_user.id, expiry_time | |
| ) | |
| return { | |
| "message": "Device is ready to link tag.", | |
| "device_id": device.device_id, | |
| "target": request.target_identifier, | |
| "expires_at": expiry_time.isoformat() | |
| } | |
| async def delete_user_endpoint( | |
| username: str, | |
| db: Session = Depends(get_db), | |
| current_admin: models.User = Depends(get_current_active_admin_user_from_token) | |
| ): | |
| """ | |
| Admin: Permanently deletes a user (staff or other admin). | |
| """ | |
| try: | |
| deleted_user = await run_in_threadpool(crud.delete_user, db, username, current_admin) | |
| return {"message": "User deleted successfully", "username": deleted_user.username} | |
| except HTTPException as e: | |
| raise e | |
| async def delete_device_endpoint( | |
| device_id_str: str, | |
| db: Session = Depends(get_db) | |
| ): | |
| """ | |
| Admin: Permanently deletes a registered RFID device and all its logs. | |
| """ | |
| try: | |
| deleted_device = await run_in_threadpool(crud.delete_device, db, device_id_str) | |
| return {"message": "Device deleted successfully", "device_id": deleted_device.device_id} | |
| except HTTPException as e: | |
| raise e | |