chore(): small infrastructure refactoring, improves and fixes

src/backend/api/v1/users/endpoints.py

@@ -23,13 +23,12 @@ from apps.users.services import (
     user_update,
 )
 
-router = Router(tags=["users"])
+router = Router(tags=["users"], auth=jwt_bearer)
 
 
 @router.get(
     "",
     response={HTTPStatus.OK: UserListOut},
-    auth=jwt_bearer,
     summary="List users",
     description=(
         "Return a filtered, paginated list of platform users. Admin only."
@@ -56,7 +55,6 @@ def list_users(
 @router.post(
     "",
     response={HTTPStatus.CREATED: UserOut},
-    auth=jwt_bearer,
     summary="Create user",
     description=(
         "Create a new platform user with the specified role. Admin only."
@@ -75,7 +73,6 @@ def create_user(
 @router.get(
     "/{user_id}",
     response={HTTPStatus.OK: UserOut},
-    auth=jwt_bearer,
     summary="Get user",
     description="Retrieve a single user by their UUID. Admin only.",
 )
@@ -91,7 +88,6 @@ def get_user(
 @router.patch(
     "/{user_id}",
     response={HTTPStatus.OK: UserOut},
-    auth=jwt_bearer,
     summary="Update user",
     description=(
         "Partially update an existing user. "
@@ -113,7 +109,6 @@ def update_user(
 @router.delete(
     "/{user_id}",
     response={HTTPStatus.NO_CONTENT: None},
-    auth=jwt_bearer,
     summary="Delete user",
     description="Permanently delete a user. Admin only.",
 )
@@ -124,9 +119,7 @@ def delete_user(
 ) -> tuple[HTTPStatus, None]:
     user = get_object_or_404(User, pk=user_id)
 
-    current_user = getattr(request, "auth", None)
-    if not isinstance(current_user, User):
-        raise ValidationError({"user": "Authentication required."})
+    current_user = request.user
     if str(user.pk) == str(current_user.pk):
         raise ValidationError({"user": "You cannot delete your own account."})
 
@@ -138,7 +131,6 @@ def delete_user(
 @router.post(
     "/{user_id}/role",
     response={HTTPStatus.OK: UserOut},
-    auth=jwt_bearer,
     summary="Assign role",
     description="Change the platform role of an existing user. Admin only.",
 )
@@ -150,5 +142,9 @@ def assign_role(
 ) -> tuple[HTTPStatus, UserOut]:
     user = get_object_or_404(User, pk=user_id)
 
+    current_user = request.user
+    if str(user.pk) == str(current_user.pk):
+        raise ValidationError({"user": "You cannot change your own role."})
+
     updated_user = user_assign_role(user=user, role=payload.role)
     return HTTPStatus.OK, UserOut.model_validate(updated_user)

src/backend/api/v1/users/schemas.py

@@ -33,7 +33,6 @@ class UserCreateIn(ModelSchema):
 
 
 class UserUpdateIn(ModelSchema):
-    username: str | None = None
     email: str | None = None
     first_name: str | None = None
     last_name: str | None = None
@@ -41,7 +40,6 @@ class UserUpdateIn(ModelSchema):
     class Meta:
         model = User
         fields: ClassVar[tuple[str, ...]] = (
-            User.username.field.name,
             User.email.field.name,
             User.first_name.field.name,
             User.last_name.field.name,

src/backend/api/v1/users/tests/test_crud_read_update.py

@@ -34,13 +34,13 @@ class UsersAPIReadUpdateTest(BaseUsersAPITest):
             reverse(
                 "api-1:update_user", kwargs={"user_id": str(self.viewer.pk)}
             ),
-            data=json.dumps({"username": "renamed_viewer"}),
+            data=json.dumps({"email": "updated@email.com"}),
             content_type="application/json",
             HTTP_AUTHORIZATION=self.admin_auth,
         )
         self.assertEqual(resp.status_code, 200)
         data = resp.json()
-        self.assertEqual(data["username"], "renamed_viewer")
+        self.assertEqual(data["email"], "updated@email.com")
 
     def test_update_user_partial(self) -> None:
         original_role = self.viewer.role