feat(moderation): add chat bans list endpoint with admin access checks

2026-03-08 21:21:43 +03:00
parent 5909503012
commit 90320ffd5d
7 changed files with 114 additions and 1 deletions
--- a/app/chats/repository.py
+++ b/app/chats/repository.py
@@ -434,3 +434,10 @@ async def remove_chat_ban(db: AsyncSession, *, chat_id: int, user_id: int) -> No
    ban = await get_chat_ban(db, chat_id=chat_id, user_id=user_id)
    if ban:
        await db.delete(ban)
+
+
+async def list_chat_bans(db: AsyncSession, *, chat_id: int) -> list[ChatBan]:
+    result = await db.execute(
+        select(ChatBan).where(ChatBan.chat_id == chat_id).order_by(ChatBan.created_at.desc(), ChatBan.id.desc())
+    )
+    return list(result.scalars().all())
--- a/app/chats/router.py
+++ b/app/chats/router.py
@@ -3,6 +3,7 @@ from sqlalchemy.ext.asyncio import AsyncSession

 from app.auth.service import get_current_user
 from app.chats.schemas import (
+    ChatBanRead,
    ChatCreateRequest,
    ChatDetailRead,
    ChatDiscoverRead,
@@ -38,6 +39,7 @@ from app.chats.service import (
    leave_chat_for_user,
    pin_chat_message_for_user,
    remove_chat_member_for_user,
+    list_chat_bans_for_user,
    serialize_chat_for_user,
    serialize_chats_for_user,
    set_chat_archived_for_user,
@@ -226,6 +228,15 @@ async def ban_chat_member(
    await realtime_gateway.publish_chat_updated(chat_id=chat_id)


+@router.get("/{chat_id}/bans", response_model=list[ChatBanRead])
+async def list_chat_bans(
+    chat_id: int,
+    db: AsyncSession = Depends(get_db),
+    current_user: User = Depends(get_current_user),
+) -> list[ChatBanRead]:
+    return await list_chat_bans_for_user(db, chat_id=chat_id, actor_user_id=current_user.id)
+
+
@router.delete("/{chat_id}/bans/{user_id}", status_code=status.HTTP_204_NO_CONTENT)
 async def unban_chat_member(
    chat_id: int,
--- a/app/chats/schemas.py
+++ b/app/chats/schemas.py
@@ -111,3 +111,10 @@ class ChatInviteLinkRead(BaseModel):

 class ChatJoinByInviteRequest(BaseModel):
    token: str = Field(min_length=8, max_length=64)
+
+
+class ChatBanRead(BaseModel):
+    chat_id: int
+    user_id: int
+    banned_by_user_id: int
+    created_at: datetime
--- a/app/chats/service.py
+++ b/app/chats/service.py
@@ -7,6 +7,7 @@ from sqlalchemy.ext.asyncio import AsyncSession
 from app.chats import repository
 from app.chats.models import Chat, ChatMember, ChatMemberRole, ChatType
 from app.chats.schemas import (
+    ChatBanRead,
    ChatCreateRequest,
    ChatDeleteRequest,
    ChatDiscoverRead,
@@ -471,6 +472,28 @@ async def unban_chat_member_for_user(
    await db.commit()


+async def list_chat_bans_for_user(
+    db: AsyncSession,
+    *,
+    chat_id: int,
+    actor_user_id: int,
+) -> list[ChatBanRead]:
+    chat, actor_membership = await _get_chat_and_membership(db, chat_id=chat_id, user_id=actor_user_id)
+    _ensure_group_or_channel(chat.type)
+    if actor_membership.role not in {ChatMemberRole.OWNER, ChatMemberRole.ADMIN}:
+        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Insufficient permissions")
+    bans = await repository.list_chat_bans(db, chat_id=chat_id)
+    return [
+        ChatBanRead(
+            chat_id=ban.chat_id,
+            user_id=ban.user_id,
+            banned_by_user_id=ban.banned_by_user_id,
+            created_at=ban.created_at,
+        )
+        for ban in bans
+    ]
+
+
 async def leave_chat_for_user(db: AsyncSession, *, chat_id: int, user_id: int) -> None:
    chat, membership = await _get_chat_and_membership(db, chat_id=chat_id, user_id=user_id)
    _ensure_group_or_channel(chat.type)