feat(backend): invite system + user management
- InviteToken model with unique token for each invite
- POST /users/invite - create invite by email with role (admin/mecanic)
- POST /auth/accept-invite - accept invite, set password, return JWT
- GET /users - list all users in tenant
- DELETE /users/{id} - deactivate user (cannot deactivate owner)
- Alembic migration for invites table
- 25 passing tests (auth + sync + orders + pdf + portal + invoices + users)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -1,9 +1,12 @@
|
||||
from fastapi import APIRouter, Depends, HTTPException
|
||||
from sqlalchemy import select
|
||||
from sqlalchemy.ext.asyncio import AsyncSession
|
||||
|
||||
from app.auth import schemas, service
|
||||
from app.db.session import get_db
|
||||
from app.deps import get_current_user
|
||||
from app.users.schemas import AcceptInviteRequest
|
||||
from app.users.service import accept_invite
|
||||
|
||||
router = APIRouter()
|
||||
|
||||
@@ -56,3 +59,22 @@ async def me(
|
||||
plan=tenant.plan,
|
||||
rol=user.rol,
|
||||
)
|
||||
|
||||
|
||||
@router.post("/accept-invite", response_model=schemas.TokenResponse)
|
||||
async def accept_invite_endpoint(
|
||||
data: AcceptInviteRequest, db: AsyncSession = Depends(get_db)
|
||||
):
|
||||
try:
|
||||
user = await accept_invite(db, data.token, data.password)
|
||||
from app.db.models.tenant import Tenant
|
||||
|
||||
r = await db.execute(select(Tenant).where(Tenant.id == user.tenant_id))
|
||||
tenant = r.scalar_one()
|
||||
return schemas.TokenResponse(
|
||||
access_token=service.create_token(user.id, tenant.id, tenant.plan),
|
||||
tenant_id=tenant.id,
|
||||
plan=tenant.plan,
|
||||
)
|
||||
except ValueError as e:
|
||||
raise HTTPException(status_code=422, detail=str(e))
|
||||
|
||||
Reference in New Issue
Block a user