68 lines
2.6 KiB
Python
68 lines
2.6 KiB
Python
from fastapi import APIRouter, Depends, HTTPException, status
|
|
from fastapi.security import OAuth2PasswordBearer
|
|
from services.need_request_service import NeedRequestService
|
|
from models.schemas import NeedRequestCreate, NeedRequestUpdate
|
|
from config.database import get_db
|
|
from services.auth_service import AuthService
|
|
|
|
router = APIRouter()
|
|
|
|
# Configuration pour OAuth2
|
|
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/api/v1/auth/token")
|
|
|
|
@router.post("/", status_code=status.HTTP_201_CREATED)
|
|
async def request_need(need: NeedRequestCreate):
|
|
async with get_db() as db:
|
|
return await NeedRequestService.create_need(need, db)
|
|
|
|
@router.get("/", status_code=status.HTTP_200_OK)
|
|
async def get_all_reports():
|
|
async with get_db() as db:
|
|
return await NeedRequestService.get_all_needs(db)
|
|
|
|
@router.get("/{need_id}", status_code=status.HTTP_200_OK)
|
|
async def get_need(need_id: int):
|
|
async with get_db() as db:
|
|
need = await NeedRequestService.get_need(need_id, db)
|
|
if not need:
|
|
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Need request not found")
|
|
return need
|
|
|
|
@router.put("/{need_id}", status_code=status.HTTP_200_OK)
|
|
async def update_need(
|
|
need_id: int,
|
|
need_update: NeedRequestUpdate,
|
|
token: str = Depends(oauth2_scheme)
|
|
):
|
|
async with get_db() as db:
|
|
need = await NeedRequestService.get_need(need_id, db)
|
|
if not need:
|
|
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Need request not found")
|
|
|
|
# Vérifie si l'utilisateur est l'auteur ou un administrateur
|
|
if NeedRequestService.verify_requester_or_admin(need_id, token, db):
|
|
raise HTTPException(
|
|
status_code=status.HTTP_403_FORBIDDEN,
|
|
detail="You do not have permission to update this need request",
|
|
)
|
|
|
|
return await NeedRequestService.update_need(need_id, need_update, db)
|
|
|
|
@router.delete("/{need_id}", status_code=status.HTTP_200_OK)
|
|
async def delete_need(
|
|
need_id: int,
|
|
token: str = Depends(oauth2_scheme)
|
|
):
|
|
async with get_db() as db:
|
|
need = await NeedRequestService.get_need(need_id, db)
|
|
if not need:
|
|
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Need request not found")
|
|
|
|
# Vérifie si l'utilisateur est l'auteur ou un administrateur
|
|
if NeedRequestService.verify_requester_or_admin(need_id, token, db):
|
|
raise HTTPException(
|
|
status_code=status.HTTP_403_FORBIDDEN,
|
|
detail="You do not have permission to delete this need request",
|
|
)
|
|
|
|
return await NeedRequestService.delete_need(need_id, db) |