feat: add /api/admin/users/search endpoint

- Add endpoint to search users by email (case-insensitive) - Limit results to 10 for autocomplete purposes - Require VIEW_ALL_EXCHANGES permission (admin only) - Add tests for search functionality and access control
2025-12-23 10:55:44 +01:00 · 2025-12-23 10:55:44 +01:00 · ef01a970d5
commit ef01a970d5
parent 27896ed136
2 changed files with 89 additions and 1 deletions
--- a/backend/routes/exchange.py
+++ b/backend/routes/exchange.py
@ -813,5 +813,39 @@ async def admin_cancel_trade(
    return _to_admin_exchange_response(exchange)


+# =============================================================================
+# Admin User Search Endpoint
+# =============================================================================
+
+admin_users_router = APIRouter(prefix="/api/admin/users", tags=["admin-users"])
+
+
+class UserSearchResult(BaseModel):
+    """Result item for user search."""
+
+    id: int
+    email: str
+
+
+@admin_users_router.get("/search", response_model=list[UserSearchResult])
+async def search_users(
+    q: str = Query(..., min_length=1, description="Search query for user email"),
+    db: AsyncSession = Depends(get_db),
+    _current_user: User = Depends(require_permission(Permission.VIEW_ALL_EXCHANGES)),
+) -> list[UserSearchResult]:
+    """
+    Search users by email for autocomplete.
+
+    Returns users whose email contains the search query (case-insensitive).
+    Limited to 10 results for autocomplete purposes.
+    """
+    result = await db.execute(
+        select(User).where(User.email.ilike(f"%{q}%")).order_by(User.email).limit(10)
+    )
+    users = result.scalars().all()
+
+    return [UserSearchResult(id=u.id, email=u.email) for u in users]
+
+
 # All routers from this module for easy registration
-routers = [router, trades_router, admin_trades_router]
+routers = [router, trades_router, admin_trades_router, admin_users_router]