From 1d53c33d073394d25d9706c649c887812c835d61 Mon Sep 17 00:00:00 2001
From: michael <michael@modernfreedom.com>
Date: Fri, 5 Dec 2025 07:24:58 -0600
Subject: [PATCH] Fix route order for POST /api/admin/users endpoint
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Move POST /api/admin/users before PUT /api/admin/users/{email}
to fix "Method Not Allowed" error when creating users.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 main.py | 44 ++++++++++++++++++++++----------------------
 1 file changed, 22 insertions(+), 22 deletions(-)

diff --git a/main.py b/main.py
index 138d3a5..cba5b10 100644
--- a/main.py
+++ b/main.py
@@ -945,28 +945,6 @@ async def get_all_users(current_user: dict = Depends(require_admin)):
         ) for user in users
     ]
 
-@app.put("/api/admin/users/{email}", response_model=models.UserResponse)
-async def update_user(email: str, user_update: models.UserUpdate, current_user: dict = Depends(require_admin)):
-    # Get the user by email first
-    existing_user = await crud.get_user_by_email(email)
-    if not existing_user:
-        raise HTTPException(status_code=404, detail="User not found")
-    
-    # Update the user
-    update_data = user_update.model_dump(exclude_unset=True)
-    updated_user = await crud.update_user(str(existing_user["_id"]), update_data)
-    
-    if not updated_user:
-        raise HTTPException(status_code=500, detail="Failed to update user")
-    
-    return models.UserResponse(
-        email=updated_user["email"],
-        full_name=updated_user.get("full_name"),
-        is_active=updated_user["is_active"],
-        is_admin=updated_user["is_admin"],
-        auth_provider=updated_user.get("auth_provider", "local")
-    )
-
 @app.post("/api/admin/users", response_model=models.UserResponse)
 async def admin_create_user(
     user_data: models.AdminUserCreate,
@@ -990,6 +968,28 @@ async def admin_create_user(
     except ValueError as e:
         raise HTTPException(status_code=400, detail=str(e))
 
+@app.put("/api/admin/users/{email}", response_model=models.UserResponse)
+async def update_user(email: str, user_update: models.UserUpdate, current_user: dict = Depends(require_admin)):
+    # Get the user by email first
+    existing_user = await crud.get_user_by_email(email)
+    if not existing_user:
+        raise HTTPException(status_code=404, detail="User not found")
+
+    # Update the user
+    update_data = user_update.model_dump(exclude_unset=True)
+    updated_user = await crud.update_user(str(existing_user["_id"]), update_data)
+
+    if not updated_user:
+        raise HTTPException(status_code=500, detail="Failed to update user")
+
+    return models.UserResponse(
+        email=updated_user["email"],
+        full_name=updated_user.get("full_name"),
+        is_active=updated_user["is_active"],
+        is_admin=updated_user["is_admin"],
+        auth_provider=updated_user.get("auth_provider", "local")
+    )
+
 @app.post("/api/admin/users/{email}/reset-password")
 async def admin_reset_password(
     email: str,