Added user creation for the admin integrated with keycloak

backend/src/main.py

@@ -16,7 +16,8 @@ from src.models import (
     RequirementLinkHistoryResponse, RequirementGroupHistoryResponse, CurrentRequirementGroupResponse,
     RoleResponse, ProjectMemberResponse, UserRoleUpdateRequest, ROLE_DISPLAY_NAMES,
     CommentResponse, CommentReplyResponse, CommentCreateRequest, ReplyCreateRequest,
-    RequirementStatusResponse, DeletedRequirementResponse
+    RequirementStatusResponse, DeletedRequirementResponse,
+    UserCreateRequest, UserCreateResponse
 )
 from src.controller import AuthController
 from src.config import get_openid, get_settings
@@ -25,8 +26,9 @@ from src.repositories import (
     RoleRepository, GroupRepository, TagRepository, RequirementRepository, 
     PriorityRepository, ProjectRepository, ValidationStatusRepository, ValidationRepository,
     RelationshipTypeRepository, RequirementLinkRepository, CommentRepository, ReplyRepository,
-    RequirementStatusRepository
+    RequirementStatusRepository, UserRepository
 )
+from src.service import KeycloakAdminService
 import logging
 
 # Configure logging
@@ -710,6 +712,83 @@ async def update_member_role(
     )
 
 
+@app.post("/api/projects/{project_id}/users", response_model=UserCreateResponse, status_code=status.HTTP_201_CREATED)
+async def create_project_user(
+    project_id: int,
+    request: Request,
+    user_data: UserCreateRequest,
+    db: AsyncSession = Depends(get_db)
+):
+    """
+    Create a new user directly from the admin panel and add them to the project.
+    Only project admins (role_id=3) can create users.
+    The user will be created in Keycloak with a temporary password that must be changed on first login.
+
+    Args:
+        project_id: The project ID to add the user to
+        user_data: The user data (username, email, password, first_name, last_name, role_id)
+
+    Returns:
+        The created user info.
+    """
+    current_user = await _get_current_user_db(request, db)
+    
+    # Only admins (role_id=3) can create users
+    _require_role(current_user, [3], "create users")
+    
+    await _verify_project_membership(project_id, current_user.id, db)
+    
+    # Validate role exists
+    role_repo = RoleRepository(db)
+    role = await role_repo.get_by_id(user_data.role_id)
+    if not role:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail=f"Invalid role id {user_data.role_id}"
+        )
+    
+    # Create user in Keycloak
+    keycloak_sub = await KeycloakAdminService.create_user(
+        username=user_data.username,
+        email=user_data.email,
+        password=user_data.password,
+        first_name=user_data.first_name,
+        last_name=user_data.last_name
+    )
+    
+    # Build full name from first_name and last_name
+    full_name = None
+    if user_data.first_name or user_data.last_name:
+        full_name = f"{user_data.first_name or ''} {user_data.last_name or ''}".strip()
+    
+    # Create user in local database
+    user_repo = UserRepository(db)
+    new_user = await user_repo.create(
+        sub=keycloak_sub,
+        role_id=user_data.role_id,
+        username=user_data.username,
+        full_name=full_name
+    )
+    
+    # Add user to the project
+    project_repo = ProjectRepository(db)
+    await project_repo.add_member(project_id, new_user.id)
+    
+    await db.commit()
+    
+    logger.info(f"Admin {current_user.id} created new user {new_user.id} ({user_data.username}) for project {project_id}")
+    
+    return UserCreateResponse(
+        id=new_user.id,
+        username=user_data.username,
+        email=user_data.email,
+        full_name=full_name,
+        role_id=user_data.role_id,
+        role_name=role.role_name,
+        role_display_name=ROLE_DISPLAY_NAMES.get(role.role_name, role.role_name.title())
+    )
+
+
 @app.put("/api/projects/{project_id}/relationship-types/{type_id}", response_model=RelationshipTypeResponse)
 async def update_relationship_type(
     project_id: int,