Add new Account Type Admin

* In preparation for having an administration page, a new account type was added.

The type was supplemented by a unit test and the ability to check whether a user is an administrator.

The Open API test was adapted and a simplified export was added to enable further changes more quickly.

[#2](Gallimathias#2)

Author: Gallimathias

backend/alembic/versions/899415b142b1_add_new_admin_account_type.py

@@ -0,0 +1,30 @@
+"""Add new Admin Account Type
+
+Revision ID: 899415b142b1
+Revises: c1ab44651e79
+Create Date: 2026-01-25 15:24:12.211612
+
+"""
+
+import sqlalchemy as sa
+
+from alembic import op
+
+
+# revision identifiers, used by Alembic.
+revision: str | None = '899415b142b1'
+down_revision: str | None = 'c1ab44651e79'
+branch_labels: str | None = None
+depends_on: str | None = None
+
+
+def upgrade() -> None:
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.execute("ALTER TYPE account_type ADD VALUE 'ADMIN'")
+    # ### end Alembic commands ###
+
+
+def downgrade() -> None:
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.execute("ALTER TYPE account_type DROP VALUE 'ADMIN'")
+    # ### end Alembic commands ###

backend/bracket/logic/subscriptions.py

@@ -56,9 +56,13 @@ class Subscription(BaseModel):
     max_rankings=16,
 )
 
+# Just for now until evroon decide what admins are allowed to do
+admin_subscription = regular_subscription
+
 subscription_lookup = {
     UserAccountType.DEMO: demo_subscription,
     UserAccountType.REGULAR: regular_subscription,
+    UserAccountType.ADMIN: admin_subscription,
 }
 
 

backend/bracket/models/db/account.py

@@ -6,3 +6,4 @@
 class UserAccountType(EnumAutoStr):
     REGULAR = auto()
     DEMO = auto()
+    ADMIN = auto()

backend/bracket/routes/auth.py

@@ -12,6 +12,7 @@
 from bracket.database import database
 from bracket.models.db.tournament import Tournament
 from bracket.models.db.user import UserInDB, UserPublic
+from bracket.models.db.account import UserAccountType
 from bracket.schema import tournaments
 from bracket.sql.tournaments import sql_get_tournament_by_endpoint_name
 from bracket.sql.users import get_user, get_user_access_to_club, get_user_access_to_tournament
@@ -97,6 +98,24 @@ async def user_authenticated(token: str = Depends(oauth2_scheme)) -> UserPublic:
 
     return UserPublic.model_validate(user.model_dump())
 
+async def user_is_admin(token: str = Depends(oauth2_scheme)) -> UserPublic:
+    user = await check_jwt_and_get_user(token)
+    if not user:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Could not validate credentials",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+    
+    if user.account_type != UserAccountType.ADMIN:
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail="You do not have enough privileges",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+
+    return UserPublic.model_validate(user.model_dump())
+
 
 async def user_authenticated_for_tournament(
     tournament_id: TournamentId, token: str = Depends(oauth2_scheme)

backend/bracket/utils/db_init.py

@@ -106,7 +106,7 @@ async def create_admin_user() -> UserId:
             email=config.admin_email,
             password_hash=hash_password(config.admin_password),
             created=datetime_utc.now(),
-            account_type=UserAccountType.REGULAR,
+            account_type=UserAccountType.ADMIN,
         )
     )
     return user.id

backend/export_openapi.py

@@ -0,0 +1,10 @@
+import json
+from bracket.app import app 
+from openapi import openapi  # noqa: F401
+
+openapi_data = app.openapi()
+
+with open("openapi/openapi.json", "w", encoding="utf-8") as f:
+    json.dump(openapi_data, f, indent=2, sort_keys=True)
+
+print("✅ openapi.json has been successfully exported!")