Fix new services implementation 2

2025-08-14 13:26:59 +02:00
parent 262b3dc9c4
commit 0951547e92
39 changed files with 1203 additions and 917 deletions
--- a/services/inventory/app/api/ingredients.py
+++ b/services/inventory/app/api/ingredients.py
@@ -5,7 +5,7 @@ API endpoints for ingredient management

 from typing import List, Optional
 from uuid import UUID
-from fastapi import APIRouter, Depends, HTTPException, Query, status
+from fastapi import APIRouter, Depends, HTTPException, Query, Path, status
 from sqlalchemy.ext.asyncio import AsyncSession

 from app.core.database import get_db
@@ -17,10 +17,9 @@ from app.schemas.inventory import (
    InventoryFilter,
    PaginatedResponse
 )
-from shared.auth.decorators import get_current_user_dep
-from shared.auth.tenant_access import verify_tenant_access_dep
+from shared.auth.decorators import get_current_user_dep, get_current_tenant_id_dep

-router = APIRouter(prefix="/ingredients", tags=["ingredients"])
+router = APIRouter(tags=["ingredients"])

 # Helper function to extract user ID from user object
 def get_current_user_id(current_user: dict = Depends(get_current_user_dep)) -> UUID:
@@ -34,15 +33,31 @@ def get_current_user_id(current_user: dict = Depends(get_current_user_dep)) -> U
    return UUID(user_id)


-@router.post("/", response_model=IngredientResponse)
+@router.post("/tenants/{tenant_id}/ingredients", response_model=IngredientResponse)
 async def create_ingredient(
    ingredient_data: IngredientCreate,
-    tenant_id: UUID = Depends(verify_tenant_access_dep),
-    user_id: UUID = Depends(get_current_user_id),
+    tenant_id: UUID = Path(..., description="Tenant ID"),
+    current_tenant: str = Depends(get_current_tenant_id_dep),
+    current_user: dict = Depends(get_current_user_dep),
    db: AsyncSession = Depends(get_db)
 ):
    """Create a new ingredient"""
    try:
+        # Verify tenant access
+        if str(tenant_id) != current_tenant:
+            raise HTTPException(status_code=403, detail="Access denied to this tenant")
+        
+        # Extract user ID - handle service tokens that don't have UUID user_ids
+        raw_user_id = current_user.get('user_id')
+        if current_user.get('type') == 'service':
+            # For service tokens, user_id might not be a UUID, so set to None
+            user_id = None
+        else:
+            try:
+                user_id = UUID(raw_user_id)
+            except (ValueError, TypeError):
+                user_id = None
+        
        service = InventoryService()
        ingredient = await service.create_ingredient(ingredient_data, tenant_id, user_id)
        return ingredient
@@ -58,14 +73,20 @@ async def create_ingredient(
        )


-@router.get("/{ingredient_id}", response_model=IngredientResponse)
+@router.get("/tenants/{tenant_id}/ingredients/{ingredient_id}", response_model=IngredientResponse)
 async def get_ingredient(
    ingredient_id: UUID,
-    tenant_id: UUID = Depends(verify_tenant_access_dep),
+    tenant_id: UUID = Path(..., description="Tenant ID"),
+    current_tenant: str = Depends(get_current_tenant_id_dep),
+    current_user: dict = Depends(get_current_user_dep),
    db: AsyncSession = Depends(get_db)
 ):
    """Get ingredient by ID"""
    try:
+        # Verify tenant access
+        if str(tenant_id) != current_tenant:
+            raise HTTPException(status_code=403, detail="Access denied to this tenant")
+            
        service = InventoryService()
        ingredient = await service.get_ingredient(ingredient_id, tenant_id)
        
@@ -85,15 +106,21 @@ async def get_ingredient(
        )


-@router.put("/{ingredient_id}", response_model=IngredientResponse)
+@router.put("/tenants/{tenant_id}/ingredients/{ingredient_id}", response_model=IngredientResponse)
 async def update_ingredient(
    ingredient_id: UUID,
    ingredient_data: IngredientUpdate,
-    tenant_id: UUID = Depends(verify_tenant_access_dep),
+    tenant_id: UUID = Path(..., description="Tenant ID"),
+    current_tenant: str = Depends(get_current_tenant_id_dep),
+    current_user: dict = Depends(get_current_user_dep),
    db: AsyncSession = Depends(get_db)
 ):
    """Update ingredient"""
    try:
+        # Verify tenant access
+        if str(tenant_id) != current_tenant:
+            raise HTTPException(status_code=403, detail="Access denied to this tenant")
+            
        service = InventoryService()
        ingredient = await service.update_ingredient(ingredient_id, ingredient_data, tenant_id)
        
@@ -118,8 +145,9 @@ async def update_ingredient(
        )


-@router.get("/", response_model=List[IngredientResponse])
+@router.get("/tenants/{tenant_id}/ingredients", response_model=List[IngredientResponse])
 async def list_ingredients(
+    tenant_id: UUID = Path(..., description="Tenant ID"),
    skip: int = Query(0, ge=0, description="Number of records to skip"),
    limit: int = Query(100, ge=1, le=1000, description="Number of records to return"),
    category: Optional[str] = Query(None, description="Filter by category"),
@@ -127,11 +155,16 @@ async def list_ingredients(
    is_low_stock: Optional[bool] = Query(None, description="Filter by low stock status"),
    needs_reorder: Optional[bool] = Query(None, description="Filter by reorder needed"),
    search: Optional[str] = Query(None, description="Search in name, SKU, or barcode"),
-    tenant_id: UUID = Depends(verify_tenant_access_dep),
+    current_tenant: str = Depends(get_current_tenant_id_dep),
+    current_user: dict = Depends(get_current_user_dep),
    db: AsyncSession = Depends(get_db)
 ):
    """List ingredients with filtering"""
    try:
+        # Verify tenant access
+        if str(tenant_id) != current_tenant:
+            raise HTTPException(status_code=403, detail="Access denied to this tenant")
+            
        service = InventoryService()
        
        # Build filters
@@ -156,14 +189,20 @@ async def list_ingredients(
        )


-@router.delete("/{ingredient_id}", status_code=status.HTTP_204_NO_CONTENT)
+@router.delete("/tenants/{tenant_id}/ingredients/{ingredient_id}", status_code=status.HTTP_204_NO_CONTENT)
 async def delete_ingredient(
    ingredient_id: UUID,
-    tenant_id: UUID = Depends(verify_tenant_access_dep),
+    tenant_id: UUID = Path(..., description="Tenant ID"),
+    current_tenant: str = Depends(get_current_tenant_id_dep),
+    current_user: dict = Depends(get_current_user_dep),
    db: AsyncSession = Depends(get_db)
 ):
    """Soft delete ingredient (mark as inactive)"""
    try:
+        # Verify tenant access
+        if str(tenant_id) != current_tenant:
+            raise HTTPException(status_code=403, detail="Access denied to this tenant")
+            
        service = InventoryService()
        ingredient = await service.update_ingredient(
            ingredient_id,
@@ -187,15 +226,21 @@ async def delete_ingredient(
        )


-@router.get("/{ingredient_id}/stock", response_model=List[dict])
+@router.get("/tenants/{tenant_id}/ingredients/{ingredient_id}/stock", response_model=List[dict])
 async def get_ingredient_stock(
    ingredient_id: UUID,
+    tenant_id: UUID = Path(..., description="Tenant ID"),
    include_unavailable: bool = Query(False, description="Include unavailable stock"),
-    tenant_id: UUID = Depends(verify_tenant_access_dep),
+    current_tenant: str = Depends(get_current_tenant_id_dep),
+    current_user: dict = Depends(get_current_user_dep),
    db: AsyncSession = Depends(get_db)
 ):
    """Get stock entries for an ingredient"""
    try:
+        # Verify tenant access
+        if str(tenant_id) != current_tenant:
+            raise HTTPException(status_code=403, detail="Access denied to this tenant")
+            
        service = InventoryService()
        stock_entries = await service.get_stock_by_ingredient(
            ingredient_id, tenant_id, include_unavailable