66 lines
2.3 KiB
Python
66 lines
2.3 KiB
Python
from fastapi import APIRouter, Depends, HTTPException, status
|
||
from services.need_request_service import NeedRequestService
|
||
from models.schemas import NeedRequestCreate, NeedRequestUpdate
|
||
from config.database import get_db
|
||
from services.auth_service import AuthService
|
||
|
||
router = APIRouter()
|
||
|
||
|
||
@router.post("/", status_code=status.HTTP_201_CREATED)
|
||
async def request_need(need: NeedRequestCreate, db=Depends(get_db)):
|
||
|
||
return await NeedRequestService.create_need(need, db)
|
||
|
||
|
||
@router.get("/{need_id}", status_code=status.HTTP_200_OK)
|
||
async def get_need(need_id: int, db=Depends(get_db)):
|
||
|
||
need = await NeedRequestService.get_need_by_id(need_id, db)
|
||
if not need:
|
||
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Need request not found")
|
||
return need
|
||
|
||
|
||
@router.put("/{need_id}", status_code=status.HTTP_200_OK)
|
||
async def update_need(
|
||
need_id: int,
|
||
need_update: NeedRequestUpdate,
|
||
db=Depends(get_db),
|
||
current_user=Depends(AuthService.get_current_user),
|
||
):
|
||
|
||
need = await NeedRequestService.get_need_by_id(need_id, db)
|
||
if not need:
|
||
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Need request not found")
|
||
|
||
# V<>rifie si l'utilisateur est l'auteur ou un administrateur
|
||
if need.requester_email != current_user.email and not await AuthService.admin_required(db=db):
|
||
raise HTTPException(
|
||
status_code=status.HTTP_403_FORBIDDEN,
|
||
detail="You do not have permission to update this need request",
|
||
)
|
||
|
||
return await NeedRequestService.update_need(need_id, need_update, db)
|
||
|
||
|
||
@router.delete("/{need_id}", status_code=status.HTTP_200_OK)
|
||
async def delete_need(
|
||
need_id: int,
|
||
db=Depends(get_db),
|
||
current_user=Depends(AuthService.get_current_user),
|
||
):
|
||
|
||
need = await NeedRequestService.get_need_by_id(need_id, db)
|
||
if not need:
|
||
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Need request not found")
|
||
|
||
# V<>rifie si l'utilisateur est l'auteur ou un administrateur
|
||
if need.requester_email != current_user.email and not await AuthService.admin_required(db=db):
|
||
raise HTTPException(
|
||
status_code=status.HTTP_403_FORBIDDEN,
|
||
detail="You do not have permission to delete this need request",
|
||
)
|
||
|
||
return await NeedRequestService.delete_need(need_id, db)
|