From feb798140af684e724acb0cfcaca8626973eccfb Mon Sep 17 00:00:00 2001
From: ks129 <45097959+ks129@users.noreply.github.com>
Date: Tue, 22 Dec 2020 14:23:47 +0200
Subject: Create route for adding new admins

---
 backend/routes/admin.py | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 backend/routes/admin.py

diff --git a/backend/routes/admin.py b/backend/routes/admin.py
new file mode 100644
index 0000000..ef01fbd
--- /dev/null
+++ b/backend/routes/admin.py
@@ -0,0 +1,31 @@
+"""
+Adds new admin user.
+"""
+from spectree import Response
+from starlette.authentication import requires
+from starlette.requests import Request
+from starlette.responses import JSONResponse
+
+from backend.route import Route
+from backend.validation import ErrorMessage, OkayResponse, api
+
+
+class AdminRoute(Route):
+    """Adds new admin user."""
+
+    name = "admin"
+    path = "/admin"
+
+    @requires(["authenticated", "admin"])
+    @api.validate(
+        resp=Response(HTTP_200=OkayResponse, HTTP_400=ErrorMessage),
+        tags=["admin"]
+    )
+    async def post(self, request: Request) -> JSONResponse:
+        """Inserts new administrator user to DB."""
+        data = await request.json()
+        if "id" not in data:
+            return JSONResponse({"error": "missing_id"}, status_code=400)
+
+        await request.state.db.admins.insert_one({"_id": str(data["id"])})
+        return JSONResponse({"status": "ok"})
-- 
cgit v1.2.3


From d30ac683746ecf92267884c2fc1ae654a7203dd4 Mon Sep 17 00:00:00 2001
From: ks129 <45097959+ks129@users.noreply.github.com>
Date: Thu, 24 Dec 2020 08:09:53 +0200
Subject: Use Pydantic validation instead manual validation

---
 backend/routes/admin.py | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/backend/routes/admin.py b/backend/routes/admin.py
index ef01fbd..08e97ce 100644
--- a/backend/routes/admin.py
+++ b/backend/routes/admin.py
@@ -1,6 +1,7 @@
 """
 Adds new admin user.
 """
+from pydantic import BaseModel, Field
 from spectree import Response
 from starlette.authentication import requires
 from starlette.requests import Request
@@ -10,6 +11,10 @@ from backend.route import Route
 from backend.validation import ErrorMessage, OkayResponse, api
 
 
+class AdminModel(BaseModel):
+    id: str = Field(alias="_id")
+
+
 class AdminRoute(Route):
     """Adds new admin user."""
 
@@ -18,14 +23,14 @@ class AdminRoute(Route):
 
     @requires(["authenticated", "admin"])
     @api.validate(
+        json=AdminModel,
         resp=Response(HTTP_200=OkayResponse, HTTP_400=ErrorMessage),
         tags=["admin"]
     )
     async def post(self, request: Request) -> JSONResponse:
         """Inserts new administrator user to DB."""
         data = await request.json()
-        if "id" not in data:
-            return JSONResponse({"error": "missing_id"}, status_code=400)
+        admin = AdminModel(**data)
 
-        await request.state.db.admins.insert_one({"_id": str(data["id"])})
+        await request.state.db.admins.insert_one(admin.dict(by_alias=True))
         return JSONResponse({"status": "ok"})
-- 
cgit v1.2.3


From e0efac856723c6c2517308d76a2be4f27bc113df Mon Sep 17 00:00:00 2001
From: ks129 <45097959+ks129@users.noreply.github.com>
Date: Thu, 24 Dec 2020 08:12:35 +0200
Subject: Check is user already admin before adding

---
 backend/routes/admin.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/backend/routes/admin.py b/backend/routes/admin.py
index 08e97ce..ff329fa 100644
--- a/backend/routes/admin.py
+++ b/backend/routes/admin.py
@@ -32,5 +32,10 @@ class AdminRoute(Route):
         data = await request.json()
         admin = AdminModel(**data)
 
+        if await request.state.db.admins.find_one(
+            {"_id": admin.id}
+        ):
+            return JSONResponse({"error": "already_exists"}, status_code=400)
+
         await request.state.db.admins.insert_one(admin.dict(by_alias=True))
         return JSONResponse({"status": "ok"})
-- 
cgit v1.2.3


From d04f23cc51716d49e10ea7714d6c4e2fc3815c48 Mon Sep 17 00:00:00 2001
From: ks129 <45097959+ks129@users.noreply.github.com>
Date: Thu, 24 Dec 2020 08:13:59 +0200
Subject: Update admin add route docstring

Co-authored-by: Joe Banks <joseph@josephbanks.me>
---
 backend/routes/admin.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/routes/admin.py b/backend/routes/admin.py
index ff329fa..5254f8b 100644
--- a/backend/routes/admin.py
+++ b/backend/routes/admin.py
@@ -28,7 +28,7 @@ class AdminRoute(Route):
         tags=["admin"]
     )
     async def post(self, request: Request) -> JSONResponse:
-        """Inserts new administrator user to DB."""
+        """Grant a user administrator privileges."""
         data = await request.json()
         admin = AdminModel(**data)
 
-- 
cgit v1.2.3