From b87a2c1d179181331d8987231e7c7c8ea75e018d Mon Sep 17 00:00:00 2001
From: oguntayo <oguntayohabeebullah@gmail.com>
Date: Sun, 2 Mar 2025 20:36:20 +0100
Subject: [PATCH] feat: added superadmin to deactivate user endpoint

---
 api/v1/routes/user.py                         |  76 ++++++-
 api/v1/schemas/user.py                        |  10 +
 hello.db                                      | Bin 0 -> 184320 bytes
 .../superadmin/test_admin_to_delete_user.py   | 206 ++++++++++++++++++
 4 files changed, 290 insertions(+), 2 deletions(-)
 create mode 100644 hello.db
 create mode 100644 tests/v1/superadmin/test_admin_to_delete_user.py

diff --git a/api/v1/routes/user.py b/api/v1/routes/user.py
index cec064283..fcc7484d7 100644
--- a/api/v1/routes/user.py
+++ b/api/v1/routes/user.py
@@ -7,11 +7,18 @@
 from api.v1.models.user import User
 from api.v1.schemas.user import (
     AllUsersResponse, UserUpdate,
-    AdminCreateUserResponse, AdminCreateUser
+    AdminCreateUserResponse, AdminCreateUser,AdminDeleteUserSchema,
 )
 from api.db.database import get_db
 from api.v1.services.user import user_service
 
+from api.utils.dependencies import get_current_user,get_super_admin
+
+from fastapi.responses import JSONResponse
+
+from api.core.dependencies.google_email import mail_service
+
+
 
 user_router = APIRouter(prefix="/users", tags=["Users"])
 
@@ -209,4 +216,69 @@ def get_user_by_id(
             user, 
             exclude=['password', 'is_superadmin', 'is_deleted', 'is_verified', 'updated_at', 'created_at', 'is_active']
         )
-    )
\ No newline at end of file
+    )
+    
+    
+
+
+@user_router.post('/deactivate', status_code=200)
+async def deactivate_account(
+    request: Request, 
+    schema: AdminDeleteUserSchema, 
+    db: Session = Depends(get_db), 
+    super_admin: User = Depends(user_service.get_current_super_admin)
+):
+    '''Endpoint for super admin to deactivate a user account by user ID'''
+
+    
+    if not super_admin.is_superadmin:
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail="Only super admins can deactivate users"
+        )
+
+    user_to_deactivate = db.query(User).filter(User.id == schema.user_id).first()
+
+    if user_to_deactivate is None:
+        return JSONResponse(
+            status_code=404,
+            content={
+                "status": "error",
+                "status_code": 404,
+                "message": "User not found",
+                "data": {}
+            }
+        )
+
+    if not user_to_deactivate.is_active:
+        return JSONResponse(
+            status_code=400,
+            content={
+                "status": "error",
+                "status_code": 400,
+                "message": "User is already deactivated",
+                "data": {}
+            }
+        )
+
+    user_to_deactivate.is_active = False
+
+    # Send email to user
+    mail_service.send_mail(
+        to=user_to_deactivate.email,
+        subject='Account Deactivation',
+        body=f'Hello {user_to_deactivate.first_name},\n\nYour account has been deactivated successfully.\n\nTo reactivate your account, visit:\n{request.url.hostname}/api/v1/users/accounts/reactivate\n\nThis link will expire in 15 minutes.'
+    )
+
+    db.commit()
+
+    
+    return JSONResponse(
+        status_code=200,
+        content={
+            "status": "success",
+            "status_code": 200,
+            "message": "User account deactivated successfully",
+            "data": {}
+        }
+    )
diff --git a/api/v1/schemas/user.py b/api/v1/schemas/user.py
index 095135e11..2cbd07511 100644
--- a/api/v1/schemas/user.py
+++ b/api/v1/schemas/user.py
@@ -438,3 +438,13 @@ def role_validator(cls, value):
         if value not in ["admin", "user", "guest", "owner"]:
             raise ValueError("Role has to be one of admin, guest, user, or owner")
         return value
+
+
+
+
+class AdminDeleteUserSchema(BaseModel):
+    """Schema for admin for deleting a user account"""
+    
+    user_id: str = Field(..., title="User ID", description="The ID of the user to be deleted")
+
+
diff --git a/hello.db b/hello.db
new file mode 100644
index 0000000000000000000000000000000000000000..ff89a5f2f3d464e5246a1313ae422cd6ccd2ae2c
GIT binary patch
literal 184320
zcmeI)%X8bt0mpGd4^X1@u#+f=V<(0pD-xrq4eil*9FN<|GMj25OR*kloKAy*NLa;~
zFB702y`-{|v_18lzo3`)*v|CUQ~M8eIz6<xG}BYhoj#^B#e$^pAgMYt2Dyi?W)u;-
zi^b~mTS9=b%+Bo%+qLw&)q2@<^~<T#DMd+rOV?AW)LHL)+52vPiS3d0hWAqmz3%n$
zZ0c(demW`|Pya`>nQi{))tqt!5I_I{1Q0*~0R#|0009ILc=iIXPECqVPe1#f=@9`0
z5I_I{1Q0*~0R#|0009K#5y*(4aQ`n)AdCb71Q0*~0R#|0009ILKmdUR1bF_R04iM~
zfB*srAb<b@2q1s}0tg@=nE=oKB@2Y%Ab<b@2q1s}0tg_000IagkbnU9{|TVdB?1T_
zfB*srAb<b@2q1s}0+I=^{$H{{7!CpmAb<b@2q1s}0tg_000IdJ@ccgkRJud}0R#|0
z009ILKmY**5I{gO0q*}L3xweyfB*srAb<b@2q1s}0tg_GfB@_N6F{X)1Q0*~0R#|0
z009ILKmY**BopBIzhr?h90U+R009ILKmY**5I_I{1QHP7{yza!x<mj01Q0*~0R#|0
z009ILKtM79*8fWu2*W`D0R#|0009ILKmY**5I`US0iORSfJ&DLAb<b@2q1s}0tg_0
z00Ia|Ccyo_WPvao1Q0*~0R#|0009ILKmY**5)fehe*&m<i2wo!Ab<b@2q1s}0tg_0
zfMfzZ|CcNfhJyeC2q1s}0tg_000IagfItEQ-2W$lN|y*AfB*srAb<b@2q1s}0tiSZ
z!1{m50%14^Ab<b@2q1s}0tg_000IakAi(qg1W@S`0R#|0009ILKmY**5I_I{$ppCn
zmn;y5g8%{uAb<b@2q1s}0tg_0Kmr2X|0jS-mk1z$00IagfB*srAb<b@2uLQt=l>-O
zgyA5700IagfB*srAb<b@2q2Jv0MGvuK&49r5I_I{1Q0*~0R#|0009If6X5<|vOpLP
z0tg_000IagfB*srAb<b@2?%iip8zUdB7gt_2q1s}0tg_000IagAejK4|CcNfhJyeC
z2q1s}0tg_000IagfItEQJpWGsl`auL009ILKmY**5I_I{1Q3u+fct;R0%14^Ab<b@
z2q1s}0tg_000IakATT-o&(u`<%hdGb^lv7esXtAgJN4PbpHH0~|8?ez@$IpT<Jt6=
z>gVZSs@F$us6(T_AO2#<8UFcjZAeS~Mfqc@<n7KE0tg_000Ia|DDaIbRhykr_Uua0
zdSpK`?wa=<!!C*+(`(!L)!n?lzIikMfgaT9TbsJ5*B9+#_Q}vhTAP_sjt*RNzhsGW
z@jcnvcX##1M!wZLGk(8eIj&u;=<ly?uYG5ATi@K;)i?JxHr~`T<7UNqXw~)I{0ClH
zsJvjh)<L!YxV@8TYZu#F(WZ6FYg{x;SHJ0ve0Tj;UcZ_D_UhiouD-aox4oU;+%-h$
z&hF~1_p+j=My>c&cX@An{nqOC9sS+>9iJeRU6@q0Ycop9M|AF&Y}Yc(hFkTwo1{6R
zGPQq7)h;h6k3-sqUAf<|>$cTm54I<|_y@IKNUb1(vSuRl<7sVSLHT67ok-BY8$_^?
ziDwj4>5G|ht8Ch(uFQ8ErIJxG%U0LgvgJ7Dfz=tLWT9QnsM@WC6G96(43S>2dFtL+
zTD!8O94hS`eJjJY%C(X=n?#balJR(!vHDh;vC?LqJ8D{6T2emwzMp5TNo+G6$uw3e
zQgv;&)Fqqt&^uFeAJ@9)+}_1-T+?kh?YXdcC42myTc}n_cEwtd@GW~it!lTIdZizO
zGjg$lvG+$+ZFyEHw<myEvs(^clEH==k3FbrB_0$s!`>fGYqPV;r_+AeL2dAABoc8@
zF47fS2lZ;B)=ndGdW;4YsVbR{YZQK974BKZr#^SqEvHtkIF{ks-nn3N?^b?$eNALt
zv|R7p;rNqD!t5`PsM<TTy|NEPja=}0^f0UVZ^I|e)2dmr%KLV~cwp5X?=M<xb10fo
zw5<rLwVP3Cl-p4)UcQu#WU{ukxwE^yy1u!q$GSIa_X>LC&rqnpY$khs=%mRV?<^N9
z81^nx#>AxxpZ}Nef{h^|fB*srAb<b@2q1s}0tg`Rj0IT#|BOND4gmxZKmY**5I_I{
z1Q0*~0SN^r$9|MLpZY~=>hDv(nz}Rbhl$T8K05X9%zrb#%ls^JdHn6Me~tY_{oB~J
z^gq<{=!kkl)kc0h^w*Ie4;?AXLvMRK_VMfEH`3bbigGy9UXkNk^|E7_m7-CoR*JS*
zb|}_mbt_(uuhQw(sI^|FTUB%APG&K!t*j_VSNxSb-P(04TZ*g{>DD4xwbfcRDOS{Y
zzmscKTv=DxypvV6@2&J&VbkrmG;-Za-~4Dn)pGMnBS_UO8)a|ljkoN^Pcztjqcg>z
z@;JSq$WQHPc0R4m&nusewo(h~T`PFK7)vRr5$W_?3R$muYwfzNbuC&>p>EgwwXhuv
zUTb#2ZPYEJQSZL|(jQoOS)P~>cg=#eU#;FVyajjn+Q;<QURAthUk7z>#POO(?nB%4
z)H^C9Tc~;Ebya(JzV~Db!Vr@v*vj6xsA_YXa;H6cL>yw)_&*oo)1_T2R@M5in{VsW
zvuRD!l%tRR3F24y|G5~M60IFhm<#d9{cId#zhReLyQ1IN+S<skZu+G%Ep8SA+S^>e
zy_eS)#XR>`mu2Tv?Yh=04`0H#<o|d*``Z6+n)92^Kh)FO^_+4z*-ooguNE5xZ&hM*
z{daSLbZ6mQJjc!^tv7#XMKj^aSJGN8ryS+|ggaYxmRyKr-&ud+NkOW2SC@F#E~wgf
zbG_p2{AG<xon^1Bz4{e9$#r(3dzTOXI>hSvw03n_IUEh9hW)@SJT_|8l3i#|jA+p-
zozo)P;CNC*i~T9_&2y@@v)r2?x{KkBJz8@9@WIPzZFyNay3m?a(fWA%bFujpZ7pU~
z`0ssWk*HL&DU<#1tg3x|PPu=aly?<oJ7R^bIPunkt(QCU3F_L>1SNhdD=(?q`drUc
zg4W)Q3^vZLXivLaF0|WAhd+EVt<B9TN7tGW20eyaY0=<<HXRpj@`e^Z1^Ay1@J{jj
zGttkfRO<(3#dgg0Rdi(g#dwsF+E$p6GC$6%FP!xGi%5IpQe<=H>hn*(Yc8_u3r9oG
z`JayYbj^=7QW@EJJ`!!D>crE#|4D)91z54+xY5rq#joDN7YC86{6;0Vr&z;(d`&5$
zGmAxU9scphFGP`4=Y;U|@@>57_2HT5S)yV+bV`=E78PfS(AIPDsTHbgO{`E!^DJ@t
zq_=yhwUG;LoOyC)y7_ju{dp0p3cWlXnG>Okj<@?_?ya|?tNFtbi%Wjt5<aU-7hERG
z^Z!2n0|tje009ILKmY**5I_I{1Q0-AKmy$V4+x&aB7gt_2q1s}0tg_000Iag&_@CO
z|9^eN=1>SAfB*srAb<b@2q1s}0tgI9fam`Mg6FUZAb<b@2q1s}0tg_000Ic~QGomZ
zK4Nny1Q0*~0R#|0009ILKmY**1|-1!|A62*ECL81fB*srAb<b@2q1s}0(}(V^Z$Ls
z=1>SAfB*srAb<b@2q1s}0tgI9fam`Mg6FUZAb<b@2q1s}0tg_000Ic~QGomZK4Nny
z1Q0*~0R#|0009ILKmY**1|-1x{{g{sSOgG2009ILKmY**5I_I{1o|kz^Z!0#b0`E5
uKmY**5I_I{1Q0*~0R#pl!2SP#;5jS;2q1s}0tg_000IagfB*u06!;$|Dx%o{

literal 0
HcmV?d00001

diff --git a/tests/v1/superadmin/test_admin_to_delete_user.py b/tests/v1/superadmin/test_admin_to_delete_user.py
new file mode 100644
index 000000000..e1ec85521
--- /dev/null
+++ b/tests/v1/superadmin/test_admin_to_delete_user.py
@@ -0,0 +1,206 @@
+import pytest
+from fastapi.testclient import TestClient
+from unittest.mock import MagicMock
+from main import app
+from api.v1.models.user import User
+from api.v1.schemas.user import AdminDeleteUserSchema
+from api.db.database import get_db
+from api.v1.services.user import user_service
+from api.core.dependencies.google_email import mail_service
+from datetime import datetime, timezone
+from uuid_extensions import uuid7
+from fastapi import status
+
+client = TestClient(app)
+
+@pytest.fixture
+def db_session_mock():
+    db_session = MagicMock()
+    yield db_session
+
+@pytest.fixture(autouse=True)
+def override_get_db(db_session_mock):
+    def get_db_override():
+        yield db_session_mock
+
+    app.dependency_overrides[get_db] = get_db_override
+    yield
+    app.dependency_overrides = {}
+
+@pytest.fixture
+def super_admin_user():
+    return User(
+        id=str(uuid7()),
+        email="superadmin@gmail.com",
+        password=user_service.hash_password("Superpassword@123"),
+        first_name="Super",
+        last_name="Admin",
+        is_active=True,
+        is_superadmin=True,
+        created_at=datetime.now(timezone.utc),
+        updated_at=datetime.now(timezone.utc),
+    )
+
+@pytest.fixture
+def regular_user():
+    return User(
+        id=str(uuid7()),
+        email="testuser@gmail.com",
+        password=user_service.hash_password("Testpassword@123"),
+        first_name="Test",
+        last_name="User",
+        is_active=True,
+        is_superadmin=True,
+        created_at=datetime.now(timezone.utc),
+        updated_at=datetime.now(timezone.utc),
+    )
+
+@pytest.fixture
+def mock_get_current_user():
+    """Fixture to create a mock current user"""
+    with patch(
+        "api.v1.services.user.UserService.get_current_user", autospec=True
+    ) as mock_get_current_user:
+        yield mock_get_current_user
+
+from unittest.mock import patch, MagicMock
+
+
+@pytest.fixture
+def mock_db_session():
+    """Fixture to create a mock database session."
+
+    Yields:
+        MagicMock: mock database
+    """
+
+    with patch("api.v1.services.user.get_db", autospec=True) as mock_get_db:
+        mock_db = MagicMock()
+        app.dependency_overrides[get_db] = lambda: mock_db
+        yield mock_db
+    app.dependency_overrides = {}
+
+@pytest.fixture
+def mock_mail_service():
+    """Fixture to mock the mail service."""
+    with patch("api.core.dependencies.google_email.mail_service.send_mail", autospec=True) as mock_service:
+        yield mock_service
+
+def test_deactivate_account_success(mock_db_session, mock_mail_service):
+    """Test successful deactivation of a user account by a super admin"""
+    mock_id = "mock_user_id"
+    dummy_mock_user = User(
+        id=mock_id,
+        email="dummyuser1@gmail.com",
+        password=user_service.hash_password("Testpassword@123"),
+        first_name="Mr",
+        last_name="Dummy",
+        is_active=True,
+        is_superadmin=True,
+        created_at=datetime.now(timezone.utc),
+        updated_at=datetime.now(timezone.utc),
+    )
+
+    app.dependency_overrides[user_service.get_current_super_admin] = lambda: dummy_mock_user
+
+
+
+    user = User(
+        id=str(uuid7()),
+        email="testuser@gmail.com",
+        password=user_service.hash_password("Testpassword@123"),
+        first_name="Test",
+        last_name="User",
+        is_active=True,
+        is_superadmin=True,
+        created_at=datetime.now(timezone.utc),
+        updated_at=datetime.now(timezone.utc),
+    )
+    
+
+    response = client.post(
+        "/api/v1/users/deactivate",
+        json={"user_id": user.id, "token": "testtoken"},
+        headers={"Authorization": "Bearer testtoken"},
+    )
+    response_json = response.json()
+    
+    
+    mock_mail_service.assert_called_once()
+
+
+    assert response.status_code == status.HTTP_200_OK
+    assert response_json.get("status_code") == status.HTTP_200_OK
+    assert response_json.get("message") == "User account deactivated successfully"
+
+
+def test_deactivate_account_user_not_found(mock_db_session):
+    """Test deactivation failure when the user ID does not exist"""
+    app.dependency_overrides[user_service.get_current_super_admin] = lambda: User(is_superadmin=True)
+
+    mock_db_session.query().filter().first.return_value = None
+
+    response = client.post(
+        "/api/v1/users/deactivate",
+        json={"user_id": "non_existent_user_id", "token": "testtoken"},
+        headers={"Authorization": "Bearer testtoken"},
+    )
+
+    assert response.status_code == status.HTTP_404_NOT_FOUND
+    assert response.json()["message"] == "User not found"
+def test_deactivate_account_already_deactivated(mock_db_session):
+    """Test that an already deactivated user cannot be deactivated again"""
+    user = User(
+        id="deactivated_user_id",
+        email="inactiveuser@gmail.com",
+        password=user_service.hash_password("Testpassword@123"),
+        first_name="Inactive",
+        last_name="User",
+        is_active=False,  
+        is_superadmin=False,
+        created_at=datetime.now(timezone.utc),
+        updated_at=datetime.now(timezone.utc),
+    )
+
+    app.dependency_overrides[user_service.get_current_super_admin] = lambda: User(is_superadmin=True)
+    
+    
+    mock_db_session.query().filter().first.return_value = user
+
+    response = client.post(
+        "/api/v1/users/deactivate",
+        json={"user_id": "deactivated_user_id", "token": "testtoken"},
+        headers={"Authorization": "Bearer testtoken"},
+    )
+
+    assert response.status_code == status.HTTP_400_BAD_REQUEST
+    assert response.json()["message"] == "User is already deactivated"
+
+
+def test_deactivate_account_unauthorized(mock_db_session):
+    """Test that a non-super-admin cannot deactivate a user account"""
+    mock_id = "mock_user_id"
+    non_admin_user = User(
+        id=mock_id,
+        email="regularuser@gmail.com",
+        password=user_service.hash_password("Testpassword@123"),
+        first_name="Regular",
+        last_name="User",
+        is_active=True,
+        is_superadmin=False,  
+        created_at=datetime.now(timezone.utc),
+        updated_at=datetime.now(timezone.utc),
+    )
+
+    
+    app.dependency_overrides[user_service.get_current_super_admin] = lambda: non_admin_user
+
+    response = client.post(
+        "/api/v1/users/deactivate",
+        json={"user_id": "some_user_id", "token": "testtoken"},
+        headers={"Authorization": "Bearer testtoken"},
+    )
+
+    
+    assert response.status_code == status.HTTP_403_FORBIDDEN
+    assert response.json()["message"] == "Only super admins can deactivate users"