feat: Реализовано изменение пароля и данных пользователя

2025-06-02 20:38:10 +05:00 · 2025-06-02 20:38:10 +05:00 · d5fb35e266
commit d5fb35e266
parent f2c7f7c2da
4 changed files with 69 additions and 9 deletions
--- a/api/app/controllers/users_router.py
+++ b/api/app/controllers/users_router.py
@ -26,7 +26,7 @@ async def get_authenticated_user_data(
    return await users_service.get_by_id(user.id)


-@router.get(
+@router.post(
    '/change-password/',
    response_model=Optional[UserEntity],
    summary='Change password for user',
@ -38,4 +38,20 @@ async def get_authenticated_user_data(
        user=Depends(get_current_user),
 ):
    users_service = UsersService(db)
-    return await users_service.get_by_id(data.user_id, data.new_password, user.id)
+    return await users_service.change_password(data, user.id)
+
+
+@router.put(
+    '/{user_id}/',
+    response_model=Optional[UserEntity],
+    summary='Change first_name, last_name or patronymic',
+    description='Change first_name, last_name or patronymic for user',
+)
+async def change_user(
+        user_id: int,
+        data: UserEntity,
+        db: AsyncSession = Depends(get_db),
+        user=Depends(get_current_user),
+):
+    users_service = UsersService(db)
+    return await users_service.update_user(data, user_id, user.id)
--- a/api/app/domain/entities/change_password.py
+++ b/api/app/domain/entities/change_password.py
@ -2,5 +2,7 @@ from pydantic import BaseModel


 class ChangePasswordEntity(BaseModel):
+    current_password: str
    user_id: int
    new_password: str
+    confirm_password: str
--- a/api/app/domain/entities/user.py
+++ b/api/app/domain/entities/user.py
@ -4,10 +4,10 @@ from pydantic import BaseModel


 class UserEntity(BaseModel):
-    id: int
+    id: Optional[int] = None
    first_name: str
    last_name: str
-    patronymic: Optional[str]
+    patronymic: Optional[str] = None
    login: str

-    role_id: int
+    role_id: Optional[int] = None
--- a/api/app/infrastructure/users_service.py
+++ b/api/app/infrastructure/users_service.py
@ -6,6 +6,7 @@ from sqlalchemy.ext.asyncio import AsyncSession

 from app.application.roles_repository import RolesRepository
 from app.application.users_repository import UsersRepository
+from app.domain.entities.change_password import ChangePasswordEntity
 from app.domain.entities.register import RegisterEntity
 from app.domain.entities.user import UserEntity
 from app.domain.models import User
@ -26,8 +27,8 @@ class UsersService:

        return self.model_to_entity(user)

-    async def change_password(self, user_id: int, new_password: str, current_user_id: int) -> Optional[UserEntity]:
-        user = await self.users_repository.get_by_id(user_id)
+    async def change_password(self, data: ChangePasswordEntity, current_user_id: int) -> Optional[UserEntity]:
+        user = await self.users_repository.get_by_id(data.user_id)
        if not user:
            raise HTTPException(
                status_code=status.HTTP_400_BAD_REQUEST,
@ -35,7 +36,7 @@ class UsersService:
            )

        current_user = await self.users_repository.get_by_id(current_user_id)
-        if not user:
+        if not current_user:
            raise HTTPException(
                status_code=status.HTTP_400_BAD_REQUEST,
                detail='User was not found',
@ -47,7 +48,19 @@ class UsersService:
                detail='Permission denied',
            )

-        user.set_password(new_password)
+        if not user.check_password(data.current_password):
+            raise HTTPException(
+                status_code=status.HTTP_403_FORBIDDEN,
+                detail='Permission denied',
+            )
+
+        if data.new_password != data.confirm_password:
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail='Password not matched',
+            )
+
+        user.set_password(data.confirm_password)

        user = await self.users_repository.update(user)

@ -94,6 +107,35 @@ class UsersService:
            role_id=created_user.role_id,
        )

+    async def update_user(self, user: UserEntity, user_id: int, current_user_id: int) -> Optional[UserEntity]:
+        user_model = await self.users_repository.get_by_id(user_id)
+        if not user_model:
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail='User was not found',
+            )
+
+        current_user = await self.users_repository.get_by_id(current_user_id)
+        if not current_user:
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail='User was not found',
+            )
+
+        if user.id != current_user.id and current_user.role.title != 'Администратор':
+            raise HTTPException(
+                status_code=status.HTTP_403_FORBIDDEN,
+                detail='Permission denied',
+            )
+
+        user_model.first_name = user.first_name
+        user_model.last_name = user.last_name
+        user_model.patronymic = user.patronymic
+
+        user_model = await self.users_repository.update(user_model)
+
+        return self.model_to_entity(user_model)
+
    @staticmethod
    def is_strong_password(password: str) -> bool:
        if len(password) < 8: