Inicio Explorar Axuda
Rexistro Iniciar sesión
Masterstreet
/
pedidos-express
1
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Árbore: 3c631cf810
Ramas Etiquetas
pedidos-express
/
routes
/
products.py

products.py 8.2 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199 
  1. """
    2. 

  2. Product Routes Module
    3. 

  3. 

  4. This module defines all API endpoints for product management including:
    5. 

  5. - Fetching products (all users)
    6. 

  6. - Creating/editing products (permissions >= 1)
    7. 

  7. - Deleting products (permissions == 2 only)
    8. 

  8. 

  9. Permission levels:
    10. 

  10. - 0: Regular user (read-only access)
    11. 

  11. - 1: Manager (can create/edit products)
    12. 

  12. - 2: Admin (full access including delete)
    13. 

  13. """
    14. 

  14. 

  15. # Standard library imports
    16. 

  16. from math import prod
    17. 

  17. from logging import getLogger
    18. 

  18. from typing import Optional
    19. 

  19. 

  20. # Third-party imports
    21. 

  21. from fastapi import APIRouter, Depends, Query
    22. 

  22. from fastapi.responses import JSONResponse
    23. 

  23. from h11 import Data
    24. 

  24. 

  25. # Local imports
    26. 

  26. from auth.security import get_current_user
    27. 

  27. from models import user
    28. 

  28. from models.items import ProductCreateRequest, ProductEditRequest
    29. 

  29. from services.data_service import DataServiceFactory
    30. 

  30. from config.messages import ErrorResponse, SuccessResponse, UserResponse
    31. 

  31. 

  32. # Initialize logger for this module
    33. 

  33. logger = getLogger(__name__)
    34. 

  34. 

  35. # Initialize data services for products and users
    36. 

  36. product_data_service = DataServiceFactory.get_product_service()
    37. 

  37. user_data_service = DataServiceFactory.get_user_service()
    38. 

  38. 

  39. # Create router instance for product-related endpoints
    40. 

  40. product_router = APIRouter()
    41. 

  41. 

  42. @product_router.get("/")
    43. 

  43. async def get_products(status: Optional[int] = Query(None), current_user = Depends(get_current_user)):
    44. 

  44.     """
    45. 

  45.     Get all products - Available to all authenticated users
    46. 

  46.     
    47. 

  47.     Returns:
    48. 

  48.         JSONResponse: List of all products with success message
    49. 

  49.     """
    50. 

  50.     logger.debug(f"Current user: {current_user.email if current_user else 'Anonymous'}")
    51. 

  51.     logger.info("Fetching all products")
    52. 

  52.     
    53. 

  53.     # Retrieve all products and convert to dictionary format
    54. 

  54.     all_products = list(map(lambda p: p.model_dump(), product_data_service.get_all()))
    55. 

  55. 

  56.     if status is not None:
    57. 

  57.         # Filter products by status if provided
    58. 

  58.         all_products = [product for product in all_products if product['status'] == status]
    59. 

  59. 

  60.     return JSONResponse({"products": all_products, "message": SuccessResponse.PRODUCTS_FETCH_SUCCESS})
    61. 

  61. 

  62. @product_router.get("/{product_id}")
    63. 

  63. async def get_product(product_id: int, current_user = Depends(get_current_user)):
    64. 

  64.     """
    65. 

  65.     Get a specific product by ID - Available to all authenticated users
    66. 

  66.     
    67. 

  67.     Args:
    68. 

  68.         product_id (int): The ID of the product to retrieve
    69. 

  69.         current_user: Authenticated user (dependency injection)
    70. 

  70.         
    71. 

  71.     Returns:
    72. 

  72.         JSONResponse: Product data if found, error message if not found
    73. 

  73.     """
    74. 

  74.     logger.debug(f"Current user: {current_user.email if current_user else 'Anonymous'}")
    75. 

  75.     logger.info(f"Fetching product with ID: {product_id}")
    76. 

  76.     
    77. 

  77.     # Attempt to find product by ID
    78. 

  78.     product = product_data_service.get_by_id(product_id)
    79. 

  79.     if product:
    80. 

  80.         return JSONResponse({"product": product.model_dump(), "message": SuccessResponse.PRODUCTS_FETCH_SUCCESS})
    81. 

  81.     
    82. 

  82.     # Return 404 if product not found
    83. 

  83.     return JSONResponse({"message": UserResponse.USER_NOT_FOUND.format(user_id=product_id)}, status_code=404)
    84. 

  84. 

  85. # MODERATE RISK OPERATIONS - Requires permissions >= 1 (Manager level or above)
    86. 

  86. 

  87. @product_router.patch("/{product_id}/edit")
    88. 

  88. async def edit_product(product_id: int, product: ProductEditRequest, current_user = Depends(get_current_user)):
    89. 

  89.     """
    90. 

  90.     Edit an existing product - Requires manager permissions (level >= 1)
    91. 

  91.     
    92. 

  92.     Args:
    93. 

  93.         product (ProductEditRequest): Product data to update
    94. 

  94.         current_user: Authenticated user (dependency injection)
    95. 

  95.         
    96. 

  96.     Returns:
    97. 

  97.         JSONResponse: Updated product data or permission denied message
    98. 

  98.     """
    99. 

  99.     logger.debug(f"Current user: {current_user.email if current_user else 'Anonymous'}")
    100. 

  100.     logger.info(f"Editing product: {product_id}")
    101. 

  101.     
    102. 

  102.     # Check if user has sufficient permissions (manager level or above)
    103. 

  103.     if user_data_service.permissions(current_user.id) > 0:
    104. 

  104. 

  105.         # Update product with provided data (excluding unset fields)
    106. 

  106.         product_data_service.update(product_id, **product.model_dump(exclude_unset=True))
    107. 

  107.         
    108. 

  108.         # Retrieve updated product to return in response
    109. 

  109.         edited_product = product_data_service.get_by_id(product_id)
    110. 

  110.         if not edited_product:
    111. 

  111.             return JSONResponse({"message": UserResponse.USER_NOT_FOUND.format(user_id=product_id)}, status_code=404)
    112. 

  112.         
    113. 

  113.         logger.info(f"Product {product_id} edited successfully")
    114. 

  114.         return JSONResponse({"message": SuccessResponse.PRODUCT_EDIT_SUCCESS, "product": edited_product.model_dump()})
    115. 

  115.     
    116. 

  116.     # Return 403 if user lacks permissions
    117. 

  117.     return JSONResponse({"message": UserResponse.NOT_PERMITTED}, status_code=403)
    118. 

  118. 

  119. @product_router.post("/create")
    120. 

  120. async def create_product(product: ProductCreateRequest, current_user = Depends(get_current_user)):
    121. 

  121.     """
    122. 

  122.     Create a new product - Requires manager permissions (level >= 1)
    123. 

  123.     
    124. 

  124.     Args:
    125. 

  125.         product (ProductCreateRequest): New product data
    126. 

  126.         current_user: Authenticated user (dependency injection)
    127. 

  127.         
    128. 

  128.     Returns:
    129. 

  129.         JSONResponse: Success message or permission denied message
    130. 

  130.     """
    131. 

  131.     logger.debug(f"Current user: {current_user.email if current_user else 'Anonymous'}")
    132. 

  132.     logger.info("Creating a new product")
    133. 

  133.     
    134. 

  134.     # Check if user has sufficient permissions (manager level or above)
    135. 

  135.     if user_data_service.permissions(current_user.id) > 0:
    136. 

  136.         # Create new product with provided data
    137. 

  137.         product_data_service.create(**product.model_dump(exclude_unset=True))
    138. 

  138.         return JSONResponse({"message": SuccessResponse.PRODUCT_CREATE_SUCCESS, "product": product.model_dump()}, status_code=201)
    139. 

  139.     
    140. 

  140.     # Return 403 if user lacks permissions
    141. 

  141.     return JSONResponse({"message": UserResponse.NOT_PERMITTED}, status_code=403)
    142. 

  142. 

  143. @product_router.patch("/{product_id}/swap-status")
    144. 

  144. async def switch_product_status(product_id: int, current_user = Depends(get_current_user)): 
    145. 

  145.     """
    146. 

  146.     Toggle product status between active/inactive - Requires manager permissions (level >= 1)
    147. 

  147.     
    148. 

  148.     Args:
    149. 

  149.         product_id (int): ID of the product to update
    150. 

  150.         status (int): New status value (0=inactive, 1=active)
    151. 

  151.         current_user: Authenticated user (dependency injection)
    152. 

  152.         
    153. 

  153.     Returns:
    154. 

  154.         JSONResponse: Success message or permission denied message
    155. 

  155.     """
    156. 

  156.     logger.debug(f"Current user: {current_user.email if current_user else 'Anonymous'}")
    157. 

  157.     logger.info(f"Switching status for product with ID: {product_id}")
    158. 

  158.     
    159. 

  159.     # Check if user has sufficient permissions (manager level or above)
    160. 

  160.     if user_data_service.permissions(current_user.id) > 0:
    161. 

  161.         # Update only the status field of the specified product
    162. 

  162.         product = product_data_service.get_by_id(product_id)
    163. 

  163.         if not product:
    164. 

  164.             return JSONResponse({"message": ErrorResponse.PRODDUCT_NOT_FOUND.format(product_id=product_id)}, status_code=404)
    165. 

  165.         status = 0 if product.status == 1 else 1
    166. 

  166.         product_data_service.update(product_id, status=status)
    167. 

  167.         return JSONResponse({"message": SuccessResponse.PRODUCT_EDIT_SUCCESS})
    168. 

  168.     
    169. 

  169.     # Return 403 if user lacks permissions
    170. 

  170.     return JSONResponse({"message": UserResponse.NOT_PERMITTED}, status_code=403)
    171. 

  171. 

  172. # HIGH RISK OPERATIONS - Requires permissions == 2 (Admin level only)
    173. 

  173. 

  174. @product_router.delete("/{product_id}")
    175. 

  175. async def delete_product(product_id: int, current_user = Depends(get_current_user)):
    176. 

  176.     """
    177. 

  177.     Delete a product permanently - Requires admin permissions (level == 2)
    178. 

  178.     
    179. 

  179.     This is a high-risk operation that permanently removes product data.
    180. 

  180.     Only users with admin-level permissions can perform this action.
    181. 

  181.     
    182. 

  182.     Args:
    183. 

  183.         product_id (int): ID of the product to delete
    184. 

  184.         current_user: Authenticated user (dependency injection)
    185. 

  185.         
    186. 

  186.     Returns:
    187. 

  187.         JSONResponse: Success message or permission denied message
    188. 

  188.     """
    189. 

  189.     logger.debug(f"Current user: {current_user.email if current_user else 'Anonymous'}")
    190. 

  190.     logger.info(f"Deleting product with ID: {product_id}")
    191. 

  191.     
    192. 

  192.     # Check if user has admin permissions (exactly level 2)
    193. 

  193.     if user_data_service.permissions(current_user.id) == 2:
    194. 

  194.         # Permanently delete the product
    195. 

  195.         product_data_service.delete(product_id)
    196. 

  196.         return JSONResponse({"message": SuccessResponse.PRODUCT_DELETE_SUCCESS})
    197. 

  197.     
    198. 

  198.     # Return 403 if user lacks admin permissions
    199. 

  199.     return JSONResponse({"message": UserResponse.NOT_PERMITTED}, status_code=403)
    200.