73 lines
2.5 KiB
Python
73 lines
2.5 KiB
Python
from fastapi import APIRouter, Depends, HTTPException, status
|
||
from fastapi.security import OAuth2PasswordBearer
|
||
from services.need_request_service import NeedRequestService
|
||
from models.schemas import NeedRequestCreate, NeedRequestUpdate
|
||
from config.database import get_db
|
||
from services.auth_service import AuthService
|
||
|
||
router = APIRouter()
|
||
|
||
# Configuration pour OAuth2
|
||
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/api/v1/auth/token")
|
||
|
||
@router.post("/", status_code=status.HTTP_201_CREATED)
|
||
async def request_need(need: NeedRequestCreate, db=Depends(get_db)):
|
||
|
||
return await NeedRequestService.create_need(need, db)
|
||
|
||
@router.get("/", status_code=status.HTTP_200_OK)
|
||
async def get_all_reports(db=Depends(get_db)):
|
||
return await NeedRequestService.get_all_needs(db)
|
||
|
||
@router.get("/{need_id}", status_code=status.HTTP_200_OK)
|
||
async def get_need(need_id: int, db=Depends(get_db)):
|
||
|
||
need = await NeedRequestService.get_need(need_id, db)
|
||
if not need:
|
||
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Need request not found")
|
||
return need
|
||
|
||
|
||
@router.put("/{need_id}", status_code=status.HTTP_200_OK)
|
||
async def update_need(
|
||
need_id: int,
|
||
need_update: NeedRequestUpdate,
|
||
token: str = Depends(oauth2_scheme),
|
||
db=Depends(get_db),
|
||
):
|
||
|
||
need = await NeedRequestService.get_need(need_id, db)
|
||
if not need:
|
||
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Need request not found")
|
||
|
||
# V<>rifie si l'utilisateur est l'auteur ou un administrateur
|
||
if NeedRequestService.verify_requester_or_admin(need_id, token, db):
|
||
raise HTTPException(
|
||
status_code=status.HTTP_403_FORBIDDEN,
|
||
detail="You do not have permission to update this need request",
|
||
)
|
||
|
||
return await NeedRequestService.update_need(need_id, need_update, db)
|
||
|
||
|
||
@router.delete("/{need_id}", status_code=status.HTTP_200_OK)
|
||
async def delete_need(
|
||
need_id: int,
|
||
token: str = Depends(oauth2_scheme),
|
||
db=Depends(get_db),
|
||
|
||
):
|
||
|
||
need = await NeedRequestService.get_need(need_id, db)
|
||
if not need:
|
||
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Need request not found")
|
||
|
||
# V<>rifie si l'utilisateur est l'auteur ou un administrateur
|
||
if NeedRequestService.verify_requester_or_admin(need_id, token, db):
|
||
raise HTTPException(
|
||
status_code=status.HTTP_403_FORBIDDEN,
|
||
detail="You do not have permission to delete this need request",
|
||
)
|
||
|
||
return await NeedRequestService.delete_need(need_id, db)
|