Create new services: inventory, recipes, suppliers

services/suppliers/app/api/__init__.py

@@ -0,0 +1 @@
+# services/suppliers/app/api/__init__.py

services/suppliers/app/api/deliveries.py

@@ -0,0 +1,404 @@
+# services/suppliers/app/api/deliveries.py
+"""
+Delivery API endpoints
+"""
+
+from fastapi import APIRouter, Depends, HTTPException, Query, Path
+from typing import List, Optional
+from uuid import UUID
+import structlog
+
+from sqlalchemy.orm import Session
+from app.core.database import get_db
+from app.services.delivery_service import DeliveryService
+from app.schemas.suppliers import (
+    DeliveryCreate, DeliveryUpdate, DeliveryResponse, DeliverySummary,
+    DeliverySearchParams, DeliveryStatusUpdate, DeliveryReceiptConfirmation,
+    DeliveryPerformanceStats, DeliverySummaryStats
+)
+from app.models.suppliers import DeliveryStatus
+from shared.auth.dependencies import get_current_user, require_permissions
+from shared.auth.models import UserInfo
+
+router = APIRouter(prefix="/deliveries", tags=["deliveries"])
+logger = structlog.get_logger()
+
+
+@router.post("/", response_model=DeliveryResponse)
+async def create_delivery(
+    delivery_data: DeliveryCreate,
+    current_user: UserInfo = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Create a new delivery"""
+    require_permissions(current_user, ["deliveries:create"])
+    
+    try:
+        service = DeliveryService(db)
+        delivery = await service.create_delivery(
+            tenant_id=current_user.tenant_id,
+            delivery_data=delivery_data,
+            created_by=current_user.user_id
+        )
+        return DeliveryResponse.from_orm(delivery)
+    except ValueError as e:
+        raise HTTPException(status_code=400, detail=str(e))
+    except Exception as e:
+        logger.error("Error creating delivery", error=str(e))
+        raise HTTPException(status_code=500, detail="Failed to create delivery")
+
+
+@router.get("/", response_model=List[DeliverySummary])
+async def list_deliveries(
+    supplier_id: Optional[UUID] = Query(None, description="Filter by supplier ID"),
+    status: Optional[str] = Query(None, description="Filter by status"),
+    date_from: Optional[str] = Query(None, description="Filter from date (YYYY-MM-DD)"),
+    date_to: Optional[str] = Query(None, description="Filter to date (YYYY-MM-DD)"),
+    search_term: Optional[str] = Query(None, description="Search term"),
+    limit: int = Query(50, ge=1, le=1000, description="Number of results to return"),
+    offset: int = Query(0, ge=0, description="Number of results to skip"),
+    current_user: UserInfo = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """List deliveries with optional filters"""
+    require_permissions(current_user, ["deliveries:read"])
+    
+    try:
+        from datetime import datetime
+        
+        # Parse date filters
+        date_from_parsed = None
+        date_to_parsed = None
+        if date_from:
+            try:
+                date_from_parsed = datetime.fromisoformat(date_from)
+            except ValueError:
+                raise HTTPException(status_code=400, detail="Invalid date_from format")
+        
+        if date_to:
+            try:
+                date_to_parsed = datetime.fromisoformat(date_to)
+            except ValueError:
+                raise HTTPException(status_code=400, detail="Invalid date_to format")
+        
+        # Validate status
+        status_enum = None
+        if status:
+            try:
+                status_enum = DeliveryStatus(status.upper())
+            except ValueError:
+                raise HTTPException(status_code=400, detail="Invalid status")
+        
+        service = DeliveryService(db)
+        search_params = DeliverySearchParams(
+            supplier_id=supplier_id,
+            status=status_enum,
+            date_from=date_from_parsed,
+            date_to=date_to_parsed,
+            search_term=search_term,
+            limit=limit,
+            offset=offset
+        )
+        
+        deliveries = await service.search_deliveries(
+            tenant_id=current_user.tenant_id,
+            search_params=search_params
+        )
+        
+        return [DeliverySummary.from_orm(delivery) for delivery in deliveries]
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error("Error listing deliveries", error=str(e))
+        raise HTTPException(status_code=500, detail="Failed to retrieve deliveries")
+
+
+@router.get("/today", response_model=List[DeliverySummary])
+async def get_todays_deliveries(
+    current_user: UserInfo = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Get deliveries scheduled for today"""
+    require_permissions(current_user, ["deliveries:read"])
+    
+    try:
+        service = DeliveryService(db)
+        deliveries = await service.get_todays_deliveries(current_user.tenant_id)
+        return [DeliverySummary.from_orm(delivery) for delivery in deliveries]
+    except Exception as e:
+        logger.error("Error getting today's deliveries", error=str(e))
+        raise HTTPException(status_code=500, detail="Failed to retrieve today's deliveries")
+
+
+@router.get("/overdue", response_model=List[DeliverySummary])
+async def get_overdue_deliveries(
+    current_user: UserInfo = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Get overdue deliveries"""
+    require_permissions(current_user, ["deliveries:read"])
+    
+    try:
+        service = DeliveryService(db)
+        deliveries = await service.get_overdue_deliveries(current_user.tenant_id)
+        return [DeliverySummary.from_orm(delivery) for delivery in deliveries]
+    except Exception as e:
+        logger.error("Error getting overdue deliveries", error=str(e))
+        raise HTTPException(status_code=500, detail="Failed to retrieve overdue deliveries")
+
+
+@router.get("/scheduled", response_model=List[DeliverySummary])
+async def get_scheduled_deliveries(
+    date_from: Optional[str] = Query(None, description="From date (YYYY-MM-DD)"),
+    date_to: Optional[str] = Query(None, description="To date (YYYY-MM-DD)"),
+    current_user: UserInfo = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Get scheduled deliveries for a date range"""
+    require_permissions(current_user, ["deliveries:read"])
+    
+    try:
+        from datetime import datetime
+        
+        date_from_parsed = None
+        date_to_parsed = None
+        
+        if date_from:
+            try:
+                date_from_parsed = datetime.fromisoformat(date_from)
+            except ValueError:
+                raise HTTPException(status_code=400, detail="Invalid date_from format")
+        
+        if date_to:
+            try:
+                date_to_parsed = datetime.fromisoformat(date_to)
+            except ValueError:
+                raise HTTPException(status_code=400, detail="Invalid date_to format")
+        
+        service = DeliveryService(db)
+        deliveries = await service.get_scheduled_deliveries(
+            tenant_id=current_user.tenant_id,
+            date_from=date_from_parsed,
+            date_to=date_to_parsed
+        )
+        return [DeliverySummary.from_orm(delivery) for delivery in deliveries]
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error("Error getting scheduled deliveries", error=str(e))
+        raise HTTPException(status_code=500, detail="Failed to retrieve scheduled deliveries")
+
+
+@router.get("/performance-stats", response_model=DeliveryPerformanceStats)
+async def get_delivery_performance_stats(
+    days_back: int = Query(30, ge=1, le=365, description="Number of days to analyze"),
+    supplier_id: Optional[UUID] = Query(None, description="Filter by supplier ID"),
+    current_user: UserInfo = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Get delivery performance statistics"""
+    require_permissions(current_user, ["deliveries:read"])
+    
+    try:
+        service = DeliveryService(db)
+        stats = await service.get_delivery_performance_stats(
+            tenant_id=current_user.tenant_id,
+            days_back=days_back,
+            supplier_id=supplier_id
+        )
+        return DeliveryPerformanceStats(**stats)
+    except Exception as e:
+        logger.error("Error getting delivery performance stats", error=str(e))
+        raise HTTPException(status_code=500, detail="Failed to retrieve delivery performance statistics")
+
+
+@router.get("/summary-stats", response_model=DeliverySummaryStats)
+async def get_delivery_summary_stats(
+    current_user: UserInfo = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Get delivery summary statistics for dashboard"""
+    require_permissions(current_user, ["deliveries:read"])
+    
+    try:
+        service = DeliveryService(db)
+        stats = await service.get_upcoming_deliveries_summary(current_user.tenant_id)
+        return DeliverySummaryStats(**stats)
+    except Exception as e:
+        logger.error("Error getting delivery summary stats", error=str(e))
+        raise HTTPException(status_code=500, detail="Failed to retrieve delivery summary statistics")
+
+
+@router.get("/{delivery_id}", response_model=DeliveryResponse)
+async def get_delivery(
+    delivery_id: UUID = Path(..., description="Delivery ID"),
+    current_user: UserInfo = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Get delivery by ID with items"""
+    require_permissions(current_user, ["deliveries:read"])
+    
+    try:
+        service = DeliveryService(db)
+        delivery = await service.get_delivery(delivery_id)
+        
+        if not delivery:
+            raise HTTPException(status_code=404, detail="Delivery not found")
+        
+        # Check tenant access
+        if delivery.tenant_id != current_user.tenant_id:
+            raise HTTPException(status_code=403, detail="Access denied")
+        
+        return DeliveryResponse.from_orm(delivery)
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error("Error getting delivery", delivery_id=str(delivery_id), error=str(e))
+        raise HTTPException(status_code=500, detail="Failed to retrieve delivery")
+
+
+@router.put("/{delivery_id}", response_model=DeliveryResponse)
+async def update_delivery(
+    delivery_data: DeliveryUpdate,
+    delivery_id: UUID = Path(..., description="Delivery ID"),
+    current_user: UserInfo = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Update delivery information"""
+    require_permissions(current_user, ["deliveries:update"])
+    
+    try:
+        service = DeliveryService(db)
+        
+        # Check delivery exists and belongs to tenant
+        existing_delivery = await service.get_delivery(delivery_id)
+        if not existing_delivery:
+            raise HTTPException(status_code=404, detail="Delivery not found")
+        if existing_delivery.tenant_id != current_user.tenant_id:
+            raise HTTPException(status_code=403, detail="Access denied")
+        
+        delivery = await service.update_delivery(
+            delivery_id=delivery_id,
+            delivery_data=delivery_data,
+            updated_by=current_user.user_id
+        )
+        
+        if not delivery:
+            raise HTTPException(status_code=404, detail="Delivery not found")
+        
+        return DeliveryResponse.from_orm(delivery)
+    except HTTPException:
+        raise
+    except ValueError as e:
+        raise HTTPException(status_code=400, detail=str(e))
+    except Exception as e:
+        logger.error("Error updating delivery", delivery_id=str(delivery_id), error=str(e))
+        raise HTTPException(status_code=500, detail="Failed to update delivery")
+
+
+@router.patch("/{delivery_id}/status", response_model=DeliveryResponse)
+async def update_delivery_status(
+    status_data: DeliveryStatusUpdate,
+    delivery_id: UUID = Path(..., description="Delivery ID"),
+    current_user: UserInfo = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Update delivery status"""
+    require_permissions(current_user, ["deliveries:update"])
+    
+    try:
+        service = DeliveryService(db)
+        
+        # Check delivery exists and belongs to tenant
+        existing_delivery = await service.get_delivery(delivery_id)
+        if not existing_delivery:
+            raise HTTPException(status_code=404, detail="Delivery not found")
+        if existing_delivery.tenant_id != current_user.tenant_id:
+            raise HTTPException(status_code=403, detail="Access denied")
+        
+        delivery = await service.update_delivery_status(
+            delivery_id=delivery_id,
+            status=status_data.status,
+            updated_by=current_user.user_id,
+            notes=status_data.notes,
+            update_timestamps=status_data.update_timestamps
+        )
+        
+        if not delivery:
+            raise HTTPException(status_code=404, detail="Delivery not found")
+        
+        return DeliveryResponse.from_orm(delivery)
+    except HTTPException:
+        raise
+    except ValueError as e:
+        raise HTTPException(status_code=400, detail=str(e))
+    except Exception as e:
+        logger.error("Error updating delivery status", delivery_id=str(delivery_id), error=str(e))
+        raise HTTPException(status_code=500, detail="Failed to update delivery status")
+
+
+@router.post("/{delivery_id}/receive", response_model=DeliveryResponse)
+async def receive_delivery(
+    receipt_data: DeliveryReceiptConfirmation,
+    delivery_id: UUID = Path(..., description="Delivery ID"),
+    current_user: UserInfo = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Mark delivery as received with inspection details"""
+    require_permissions(current_user, ["deliveries:receive"])
+    
+    try:
+        service = DeliveryService(db)
+        
+        # Check delivery exists and belongs to tenant
+        existing_delivery = await service.get_delivery(delivery_id)
+        if not existing_delivery:
+            raise HTTPException(status_code=404, detail="Delivery not found")
+        if existing_delivery.tenant_id != current_user.tenant_id:
+            raise HTTPException(status_code=403, detail="Access denied")
+        
+        delivery = await service.mark_as_received(
+            delivery_id=delivery_id,
+            received_by=current_user.user_id,
+            inspection_passed=receipt_data.inspection_passed,
+            inspection_notes=receipt_data.inspection_notes,
+            quality_issues=receipt_data.quality_issues,
+            notes=receipt_data.notes
+        )
+        
+        if not delivery:
+            raise HTTPException(status_code=404, detail="Delivery not found")
+        
+        return DeliveryResponse.from_orm(delivery)
+    except HTTPException:
+        raise
+    except ValueError as e:
+        raise HTTPException(status_code=400, detail=str(e))
+    except Exception as e:
+        logger.error("Error receiving delivery", delivery_id=str(delivery_id), error=str(e))
+        raise HTTPException(status_code=500, detail="Failed to receive delivery")
+
+
+@router.get("/purchase-order/{po_id}", response_model=List[DeliverySummary])
+async def get_deliveries_by_purchase_order(
+    po_id: UUID = Path(..., description="Purchase order ID"),
+    current_user: UserInfo = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Get all deliveries for a purchase order"""
+    require_permissions(current_user, ["deliveries:read"])
+    
+    try:
+        service = DeliveryService(db)
+        deliveries = await service.get_deliveries_by_purchase_order(po_id)
+        
+        # Check tenant access for first delivery (all should belong to same tenant)
+        if deliveries and deliveries[0].tenant_id != current_user.tenant_id:
+            raise HTTPException(status_code=403, detail="Access denied")
+        
+        return [DeliverySummary.from_orm(delivery) for delivery in deliveries]
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error("Error getting deliveries by purchase order", po_id=str(po_id), error=str(e))
+        raise HTTPException(status_code=500, detail="Failed to retrieve deliveries for purchase order")

services/suppliers/app/api/purchase_orders.py

@@ -0,0 +1,510 @@
+# services/suppliers/app/api/purchase_orders.py
+"""
+Purchase Order API endpoints
+"""
+
+from fastapi import APIRouter, Depends, HTTPException, Query, Path
+from typing import List, Optional
+from uuid import UUID
+import structlog
+
+from sqlalchemy.orm import Session
+from app.core.database import get_db
+from app.services.purchase_order_service import PurchaseOrderService
+from app.schemas.suppliers import (
+    PurchaseOrderCreate, PurchaseOrderUpdate, PurchaseOrderResponse, PurchaseOrderSummary,
+    PurchaseOrderSearchParams, PurchaseOrderStatusUpdate, PurchaseOrderApproval,
+    PurchaseOrderStatistics
+)
+from app.models.suppliers import PurchaseOrderStatus
+from shared.auth.dependencies import get_current_user, require_permissions
+from shared.auth.models import UserInfo
+
+router = APIRouter(prefix="/purchase-orders", tags=["purchase-orders"])
+logger = structlog.get_logger()
+
+
+@router.post("/", response_model=PurchaseOrderResponse)
+async def create_purchase_order(
+    po_data: PurchaseOrderCreate,
+    current_user: UserInfo = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Create a new purchase order"""
+    require_permissions(current_user, ["purchase_orders:create"])
+    
+    try:
+        service = PurchaseOrderService(db)
+        purchase_order = await service.create_purchase_order(
+            tenant_id=current_user.tenant_id,
+            po_data=po_data,
+            created_by=current_user.user_id
+        )
+        return PurchaseOrderResponse.from_orm(purchase_order)
+    except ValueError as e:
+        raise HTTPException(status_code=400, detail=str(e))
+    except Exception as e:
+        logger.error("Error creating purchase order", error=str(e))
+        raise HTTPException(status_code=500, detail="Failed to create purchase order")
+
+
+@router.get("/", response_model=List[PurchaseOrderSummary])
+async def list_purchase_orders(
+    supplier_id: Optional[UUID] = Query(None, description="Filter by supplier ID"),
+    status: Optional[str] = Query(None, description="Filter by status"),
+    priority: Optional[str] = Query(None, description="Filter by priority"),
+    date_from: Optional[str] = Query(None, description="Filter from date (YYYY-MM-DD)"),
+    date_to: Optional[str] = Query(None, description="Filter to date (YYYY-MM-DD)"),
+    search_term: Optional[str] = Query(None, description="Search term"),
+    limit: int = Query(50, ge=1, le=1000, description="Number of results to return"),
+    offset: int = Query(0, ge=0, description="Number of results to skip"),
+    current_user: UserInfo = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """List purchase orders with optional filters"""
+    require_permissions(current_user, ["purchase_orders:read"])
+    
+    try:
+        from datetime import datetime
+        
+        # Parse date filters
+        date_from_parsed = None
+        date_to_parsed = None
+        if date_from:
+            try:
+                date_from_parsed = datetime.fromisoformat(date_from)
+            except ValueError:
+                raise HTTPException(status_code=400, detail="Invalid date_from format")
+        
+        if date_to:
+            try:
+                date_to_parsed = datetime.fromisoformat(date_to)
+            except ValueError:
+                raise HTTPException(status_code=400, detail="Invalid date_to format")
+        
+        # Validate status
+        status_enum = None
+        if status:
+            try:
+                status_enum = PurchaseOrderStatus(status.upper())
+            except ValueError:
+                raise HTTPException(status_code=400, detail="Invalid status")
+        
+        service = PurchaseOrderService(db)
+        search_params = PurchaseOrderSearchParams(
+            supplier_id=supplier_id,
+            status=status_enum,
+            priority=priority,
+            date_from=date_from_parsed,
+            date_to=date_to_parsed,
+            search_term=search_term,
+            limit=limit,
+            offset=offset
+        )
+        
+        orders = await service.search_purchase_orders(
+            tenant_id=current_user.tenant_id,
+            search_params=search_params
+        )
+        
+        return [PurchaseOrderSummary.from_orm(order) for order in orders]
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error("Error listing purchase orders", error=str(e))
+        raise HTTPException(status_code=500, detail="Failed to retrieve purchase orders")
+
+
+@router.get("/statistics", response_model=PurchaseOrderStatistics)
+async def get_purchase_order_statistics(
+    current_user: UserInfo = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Get purchase order statistics for dashboard"""
+    require_permissions(current_user, ["purchase_orders:read"])
+    
+    try:
+        service = PurchaseOrderService(db)
+        stats = await service.get_purchase_order_statistics(current_user.tenant_id)
+        return PurchaseOrderStatistics(**stats)
+    except Exception as e:
+        logger.error("Error getting purchase order statistics", error=str(e))
+        raise HTTPException(status_code=500, detail="Failed to retrieve statistics")
+
+
+@router.get("/pending-approval", response_model=List[PurchaseOrderSummary])
+async def get_orders_requiring_approval(
+    current_user: UserInfo = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Get purchase orders requiring approval"""
+    require_permissions(current_user, ["purchase_orders:approve"])
+    
+    try:
+        service = PurchaseOrderService(db)
+        orders = await service.get_orders_requiring_approval(current_user.tenant_id)
+        return [PurchaseOrderSummary.from_orm(order) for order in orders]
+    except Exception as e:
+        logger.error("Error getting orders requiring approval", error=str(e))
+        raise HTTPException(status_code=500, detail="Failed to retrieve orders requiring approval")
+
+
+@router.get("/overdue", response_model=List[PurchaseOrderSummary])
+async def get_overdue_orders(
+    current_user: UserInfo = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Get overdue purchase orders"""
+    require_permissions(current_user, ["purchase_orders:read"])
+    
+    try:
+        service = PurchaseOrderService(db)
+        orders = await service.get_overdue_orders(current_user.tenant_id)
+        return [PurchaseOrderSummary.from_orm(order) for order in orders]
+    except Exception as e:
+        logger.error("Error getting overdue orders", error=str(e))
+        raise HTTPException(status_code=500, detail="Failed to retrieve overdue orders")
+
+
+@router.get("/{po_id}", response_model=PurchaseOrderResponse)
+async def get_purchase_order(
+    po_id: UUID = Path(..., description="Purchase order ID"),
+    current_user: UserInfo = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Get purchase order by ID with items"""
+    require_permissions(current_user, ["purchase_orders:read"])
+    
+    try:
+        service = PurchaseOrderService(db)
+        purchase_order = await service.get_purchase_order(po_id)
+        
+        if not purchase_order:
+            raise HTTPException(status_code=404, detail="Purchase order not found")
+        
+        # Check tenant access
+        if purchase_order.tenant_id != current_user.tenant_id:
+            raise HTTPException(status_code=403, detail="Access denied")
+        
+        return PurchaseOrderResponse.from_orm(purchase_order)
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error("Error getting purchase order", po_id=str(po_id), error=str(e))
+        raise HTTPException(status_code=500, detail="Failed to retrieve purchase order")
+
+
+@router.put("/{po_id}", response_model=PurchaseOrderResponse)
+async def update_purchase_order(
+    po_data: PurchaseOrderUpdate,
+    po_id: UUID = Path(..., description="Purchase order ID"),
+    current_user: UserInfo = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Update purchase order information"""
+    require_permissions(current_user, ["purchase_orders:update"])
+    
+    try:
+        service = PurchaseOrderService(db)
+        
+        # Check order exists and belongs to tenant
+        existing_order = await service.get_purchase_order(po_id)
+        if not existing_order:
+            raise HTTPException(status_code=404, detail="Purchase order not found")
+        if existing_order.tenant_id != current_user.tenant_id:
+            raise HTTPException(status_code=403, detail="Access denied")
+        
+        purchase_order = await service.update_purchase_order(
+            po_id=po_id,
+            po_data=po_data,
+            updated_by=current_user.user_id
+        )
+        
+        if not purchase_order:
+            raise HTTPException(status_code=404, detail="Purchase order not found")
+        
+        return PurchaseOrderResponse.from_orm(purchase_order)
+    except HTTPException:
+        raise
+    except ValueError as e:
+        raise HTTPException(status_code=400, detail=str(e))
+    except Exception as e:
+        logger.error("Error updating purchase order", po_id=str(po_id), error=str(e))
+        raise HTTPException(status_code=500, detail="Failed to update purchase order")
+
+
+@router.patch("/{po_id}/status", response_model=PurchaseOrderResponse)
+async def update_purchase_order_status(
+    status_data: PurchaseOrderStatusUpdate,
+    po_id: UUID = Path(..., description="Purchase order ID"),
+    current_user: UserInfo = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Update purchase order status"""
+    require_permissions(current_user, ["purchase_orders:update"])
+    
+    try:
+        service = PurchaseOrderService(db)
+        
+        # Check order exists and belongs to tenant
+        existing_order = await service.get_purchase_order(po_id)
+        if not existing_order:
+            raise HTTPException(status_code=404, detail="Purchase order not found")
+        if existing_order.tenant_id != current_user.tenant_id:
+            raise HTTPException(status_code=403, detail="Access denied")
+        
+        purchase_order = await service.update_order_status(
+            po_id=po_id,
+            status=status_data.status,
+            updated_by=current_user.user_id,
+            notes=status_data.notes
+        )
+        
+        if not purchase_order:
+            raise HTTPException(status_code=404, detail="Purchase order not found")
+        
+        return PurchaseOrderResponse.from_orm(purchase_order)
+    except HTTPException:
+        raise
+    except ValueError as e:
+        raise HTTPException(status_code=400, detail=str(e))
+    except Exception as e:
+        logger.error("Error updating purchase order status", po_id=str(po_id), error=str(e))
+        raise HTTPException(status_code=500, detail="Failed to update purchase order status")
+
+
+@router.post("/{po_id}/approve", response_model=PurchaseOrderResponse)
+async def approve_purchase_order(
+    approval_data: PurchaseOrderApproval,
+    po_id: UUID = Path(..., description="Purchase order ID"),
+    current_user: UserInfo = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Approve or reject a purchase order"""
+    require_permissions(current_user, ["purchase_orders:approve"])
+    
+    try:
+        service = PurchaseOrderService(db)
+        
+        # Check order exists and belongs to tenant
+        existing_order = await service.get_purchase_order(po_id)
+        if not existing_order:
+            raise HTTPException(status_code=404, detail="Purchase order not found")
+        if existing_order.tenant_id != current_user.tenant_id:
+            raise HTTPException(status_code=403, detail="Access denied")
+        
+        if approval_data.action == "approve":
+            purchase_order = await service.approve_purchase_order(
+                po_id=po_id,
+                approved_by=current_user.user_id,
+                approval_notes=approval_data.notes
+            )
+        elif approval_data.action == "reject":
+            if not approval_data.notes:
+                raise HTTPException(status_code=400, detail="Rejection reason is required")
+            purchase_order = await service.reject_purchase_order(
+                po_id=po_id,
+                rejection_reason=approval_data.notes,
+                rejected_by=current_user.user_id
+            )
+        else:
+            raise HTTPException(status_code=400, detail="Invalid action")
+        
+        if not purchase_order:
+            raise HTTPException(
+                status_code=400, 
+                detail="Purchase order is not in pending approval status"
+            )
+        
+        return PurchaseOrderResponse.from_orm(purchase_order)
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error("Error processing purchase order approval", po_id=str(po_id), error=str(e))
+        raise HTTPException(status_code=500, detail="Failed to process purchase order approval")
+
+
+@router.post("/{po_id}/send-to-supplier", response_model=PurchaseOrderResponse)
+async def send_to_supplier(
+    po_id: UUID = Path(..., description="Purchase order ID"),
+    send_email: bool = Query(True, description="Send email notification to supplier"),
+    current_user: UserInfo = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Send purchase order to supplier"""
+    require_permissions(current_user, ["purchase_orders:send"])
+    
+    try:
+        service = PurchaseOrderService(db)
+        
+        # Check order exists and belongs to tenant
+        existing_order = await service.get_purchase_order(po_id)
+        if not existing_order:
+            raise HTTPException(status_code=404, detail="Purchase order not found")
+        if existing_order.tenant_id != current_user.tenant_id:
+            raise HTTPException(status_code=403, detail="Access denied")
+        
+        purchase_order = await service.send_to_supplier(
+            po_id=po_id,
+            sent_by=current_user.user_id,
+            send_email=send_email
+        )
+        
+        if not purchase_order:
+            raise HTTPException(status_code=404, detail="Purchase order not found")
+        
+        return PurchaseOrderResponse.from_orm(purchase_order)
+    except HTTPException:
+        raise
+    except ValueError as e:
+        raise HTTPException(status_code=400, detail=str(e))
+    except Exception as e:
+        logger.error("Error sending purchase order to supplier", po_id=str(po_id), error=str(e))
+        raise HTTPException(status_code=500, detail="Failed to send purchase order to supplier")
+
+
+@router.post("/{po_id}/confirm-supplier-receipt", response_model=PurchaseOrderResponse)
+async def confirm_supplier_receipt(
+    po_id: UUID = Path(..., description="Purchase order ID"),
+    supplier_reference: Optional[str] = Query(None, description="Supplier's order reference"),
+    current_user: UserInfo = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Confirm supplier has received and accepted the order"""
+    require_permissions(current_user, ["purchase_orders:update"])
+    
+    try:
+        service = PurchaseOrderService(db)
+        
+        # Check order exists and belongs to tenant
+        existing_order = await service.get_purchase_order(po_id)
+        if not existing_order:
+            raise HTTPException(status_code=404, detail="Purchase order not found")
+        if existing_order.tenant_id != current_user.tenant_id:
+            raise HTTPException(status_code=403, detail="Access denied")
+        
+        purchase_order = await service.confirm_supplier_receipt(
+            po_id=po_id,
+            supplier_reference=supplier_reference,
+            confirmed_by=current_user.user_id
+        )
+        
+        if not purchase_order:
+            raise HTTPException(status_code=404, detail="Purchase order not found")
+        
+        return PurchaseOrderResponse.from_orm(purchase_order)
+    except HTTPException:
+        raise
+    except ValueError as e:
+        raise HTTPException(status_code=400, detail=str(e))
+    except Exception as e:
+        logger.error("Error confirming supplier receipt", po_id=str(po_id), error=str(e))
+        raise HTTPException(status_code=500, detail="Failed to confirm supplier receipt")
+
+
+@router.post("/{po_id}/cancel", response_model=PurchaseOrderResponse)
+async def cancel_purchase_order(
+    po_id: UUID = Path(..., description="Purchase order ID"),
+    cancellation_reason: str = Query(..., description="Reason for cancellation"),
+    current_user: UserInfo = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Cancel a purchase order"""
+    require_permissions(current_user, ["purchase_orders:cancel"])
+    
+    try:
+        service = PurchaseOrderService(db)
+        
+        # Check order exists and belongs to tenant
+        existing_order = await service.get_purchase_order(po_id)
+        if not existing_order:
+            raise HTTPException(status_code=404, detail="Purchase order not found")
+        if existing_order.tenant_id != current_user.tenant_id:
+            raise HTTPException(status_code=403, detail="Access denied")
+        
+        purchase_order = await service.cancel_purchase_order(
+            po_id=po_id,
+            cancellation_reason=cancellation_reason,
+            cancelled_by=current_user.user_id
+        )
+        
+        if not purchase_order:
+            raise HTTPException(status_code=404, detail="Purchase order not found")
+        
+        return PurchaseOrderResponse.from_orm(purchase_order)
+    except HTTPException:
+        raise
+    except ValueError as e:
+        raise HTTPException(status_code=400, detail=str(e))
+    except Exception as e:
+        logger.error("Error cancelling purchase order", po_id=str(po_id), error=str(e))
+        raise HTTPException(status_code=500, detail="Failed to cancel purchase order")
+
+
+@router.get("/supplier/{supplier_id}", response_model=List[PurchaseOrderSummary])
+async def get_orders_by_supplier(
+    supplier_id: UUID = Path(..., description="Supplier ID"),
+    limit: int = Query(20, ge=1, le=100, description="Number of orders to return"),
+    current_user: UserInfo = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Get recent purchase orders for a specific supplier"""
+    require_permissions(current_user, ["purchase_orders:read"])
+    
+    try:
+        service = PurchaseOrderService(db)
+        orders = await service.get_orders_by_supplier(
+            tenant_id=current_user.tenant_id,
+            supplier_id=supplier_id,
+            limit=limit
+        )
+        return [PurchaseOrderSummary.from_orm(order) for order in orders]
+    except Exception as e:
+        logger.error("Error getting orders by supplier", supplier_id=str(supplier_id), error=str(e))
+        raise HTTPException(status_code=500, detail="Failed to retrieve orders by supplier")
+
+
+@router.get("/ingredients/{ingredient_id}/history")
+async def get_ingredient_purchase_history(
+    ingredient_id: UUID = Path(..., description="Ingredient ID"),
+    days_back: int = Query(90, ge=1, le=365, description="Number of days to look back"),
+    current_user: UserInfo = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Get purchase history for a specific ingredient"""
+    require_permissions(current_user, ["purchase_orders:read"])
+    
+    try:
+        service = PurchaseOrderService(db)
+        history = await service.get_ingredient_purchase_history(
+            tenant_id=current_user.tenant_id,
+            ingredient_id=ingredient_id,
+            days_back=days_back
+        )
+        return history
+    except Exception as e:
+        logger.error("Error getting ingredient purchase history", ingredient_id=str(ingredient_id), error=str(e))
+        raise HTTPException(status_code=500, detail="Failed to retrieve ingredient purchase history")
+
+
+@router.get("/ingredients/top-purchased")
+async def get_top_purchased_ingredients(
+    days_back: int = Query(30, ge=1, le=365, description="Number of days to look back"),
+    limit: int = Query(10, ge=1, le=50, description="Number of top ingredients to return"),
+    current_user: UserInfo = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Get most purchased ingredients by value"""
+    require_permissions(current_user, ["purchase_orders:read"])
+    
+    try:
+        service = PurchaseOrderService(db)
+        ingredients = await service.get_top_purchased_ingredients(
+            tenant_id=current_user.tenant_id,
+            days_back=days_back,
+            limit=limit
+        )
+        return ingredients
+    except Exception as e:
+        logger.error("Error getting top purchased ingredients", error=str(e))
+        raise HTTPException(status_code=500, detail="Failed to retrieve top purchased ingredients")

services/suppliers/app/api/suppliers.py

@@ -0,0 +1,324 @@
+# services/suppliers/app/api/suppliers.py
+"""
+Supplier API endpoints
+"""
+
+from fastapi import APIRouter, Depends, HTTPException, Query, Path
+from typing import List, Optional
+from uuid import UUID
+import structlog
+
+from sqlalchemy.orm import Session
+from app.core.database import get_db
+from app.services.supplier_service import SupplierService
+from app.schemas.suppliers import (
+    SupplierCreate, SupplierUpdate, SupplierResponse, SupplierSummary,
+    SupplierSearchParams, SupplierApproval, SupplierStatistics
+)
+from shared.auth.dependencies import get_current_user, require_permissions
+from shared.auth.models import UserInfo
+
+router = APIRouter(prefix="/suppliers", tags=["suppliers"])
+logger = structlog.get_logger()
+
+
+@router.post("/", response_model=SupplierResponse)
+async def create_supplier(
+    supplier_data: SupplierCreate,
+    current_user: UserInfo = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Create a new supplier"""
+    require_permissions(current_user, ["suppliers:create"])
+    
+    try:
+        service = SupplierService(db)
+        supplier = await service.create_supplier(
+            tenant_id=current_user.tenant_id,
+            supplier_data=supplier_data,
+            created_by=current_user.user_id
+        )
+        return SupplierResponse.from_orm(supplier)
+    except ValueError as e:
+        raise HTTPException(status_code=400, detail=str(e))
+    except Exception as e:
+        logger.error("Error creating supplier", error=str(e))
+        raise HTTPException(status_code=500, detail="Failed to create supplier")
+
+
+@router.get("/", response_model=List[SupplierSummary])
+async def list_suppliers(
+    search_term: Optional[str] = Query(None, description="Search term"),
+    supplier_type: Optional[str] = Query(None, description="Supplier type filter"),
+    status: Optional[str] = Query(None, description="Status filter"),
+    limit: int = Query(50, ge=1, le=1000, description="Number of results to return"),
+    offset: int = Query(0, ge=0, description="Number of results to skip"),
+    current_user: UserInfo = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """List suppliers with optional filters"""
+    require_permissions(current_user, ["suppliers:read"])
+    
+    try:
+        service = SupplierService(db)
+        search_params = SupplierSearchParams(
+            search_term=search_term,
+            supplier_type=supplier_type,
+            status=status,
+            limit=limit,
+            offset=offset
+        )
+        suppliers = await service.search_suppliers(
+            tenant_id=current_user.tenant_id,
+            search_params=search_params
+        )
+        return [SupplierSummary.from_orm(supplier) for supplier in suppliers]
+    except Exception as e:
+        logger.error("Error listing suppliers", error=str(e))
+        raise HTTPException(status_code=500, detail="Failed to retrieve suppliers")
+
+
+@router.get("/statistics", response_model=SupplierStatistics)
+async def get_supplier_statistics(
+    current_user: UserInfo = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Get supplier statistics for dashboard"""
+    require_permissions(current_user, ["suppliers:read"])
+    
+    try:
+        service = SupplierService(db)
+        stats = await service.get_supplier_statistics(current_user.tenant_id)
+        return SupplierStatistics(**stats)
+    except Exception as e:
+        logger.error("Error getting supplier statistics", error=str(e))
+        raise HTTPException(status_code=500, detail="Failed to retrieve statistics")
+
+
+@router.get("/active", response_model=List[SupplierSummary])
+async def get_active_suppliers(
+    current_user: UserInfo = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Get all active suppliers"""
+    require_permissions(current_user, ["suppliers:read"])
+    
+    try:
+        service = SupplierService(db)
+        suppliers = await service.get_active_suppliers(current_user.tenant_id)
+        return [SupplierSummary.from_orm(supplier) for supplier in suppliers]
+    except Exception as e:
+        logger.error("Error getting active suppliers", error=str(e))
+        raise HTTPException(status_code=500, detail="Failed to retrieve active suppliers")
+
+
+@router.get("/top", response_model=List[SupplierSummary])
+async def get_top_suppliers(
+    limit: int = Query(10, ge=1, le=50, description="Number of top suppliers to return"),
+    current_user: UserInfo = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Get top performing suppliers"""
+    require_permissions(current_user, ["suppliers:read"])
+    
+    try:
+        service = SupplierService(db)
+        suppliers = await service.get_top_suppliers(current_user.tenant_id, limit)
+        return [SupplierSummary.from_orm(supplier) for supplier in suppliers]
+    except Exception as e:
+        logger.error("Error getting top suppliers", error=str(e))
+        raise HTTPException(status_code=500, detail="Failed to retrieve top suppliers")
+
+
+@router.get("/pending-review", response_model=List[SupplierSummary])
+async def get_suppliers_needing_review(
+    days_since_last_order: int = Query(30, ge=1, le=365, description="Days since last order"),
+    current_user: UserInfo = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Get suppliers that may need performance review"""
+    require_permissions(current_user, ["suppliers:read"])
+    
+    try:
+        service = SupplierService(db)
+        suppliers = await service.get_suppliers_needing_review(
+            current_user.tenant_id, days_since_last_order
+        )
+        return [SupplierSummary.from_orm(supplier) for supplier in suppliers]
+    except Exception as e:
+        logger.error("Error getting suppliers needing review", error=str(e))
+        raise HTTPException(status_code=500, detail="Failed to retrieve suppliers needing review")
+
+
+@router.get("/{supplier_id}", response_model=SupplierResponse)
+async def get_supplier(
+    supplier_id: UUID = Path(..., description="Supplier ID"),
+    current_user: UserInfo = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Get supplier by ID"""
+    require_permissions(current_user, ["suppliers:read"])
+    
+    try:
+        service = SupplierService(db)
+        supplier = await service.get_supplier(supplier_id)
+        
+        if not supplier:
+            raise HTTPException(status_code=404, detail="Supplier not found")
+        
+        # Check tenant access
+        if supplier.tenant_id != current_user.tenant_id:
+            raise HTTPException(status_code=403, detail="Access denied")
+        
+        return SupplierResponse.from_orm(supplier)
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error("Error getting supplier", supplier_id=str(supplier_id), error=str(e))
+        raise HTTPException(status_code=500, detail="Failed to retrieve supplier")
+
+
+@router.put("/{supplier_id}", response_model=SupplierResponse)
+async def update_supplier(
+    supplier_data: SupplierUpdate,
+    supplier_id: UUID = Path(..., description="Supplier ID"),
+    current_user: UserInfo = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Update supplier information"""
+    require_permissions(current_user, ["suppliers:update"])
+    
+    try:
+        service = SupplierService(db)
+        
+        # Check supplier exists and belongs to tenant
+        existing_supplier = await service.get_supplier(supplier_id)
+        if not existing_supplier:
+            raise HTTPException(status_code=404, detail="Supplier not found")
+        if existing_supplier.tenant_id != current_user.tenant_id:
+            raise HTTPException(status_code=403, detail="Access denied")
+        
+        supplier = await service.update_supplier(
+            supplier_id=supplier_id,
+            supplier_data=supplier_data,
+            updated_by=current_user.user_id
+        )
+        
+        if not supplier:
+            raise HTTPException(status_code=404, detail="Supplier not found")
+        
+        return SupplierResponse.from_orm(supplier)
+    except HTTPException:
+        raise
+    except ValueError as e:
+        raise HTTPException(status_code=400, detail=str(e))
+    except Exception as e:
+        logger.error("Error updating supplier", supplier_id=str(supplier_id), error=str(e))
+        raise HTTPException(status_code=500, detail="Failed to update supplier")
+
+
+@router.delete("/{supplier_id}")
+async def delete_supplier(
+    supplier_id: UUID = Path(..., description="Supplier ID"),
+    current_user: UserInfo = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Delete supplier (soft delete)"""
+    require_permissions(current_user, ["suppliers:delete"])
+    
+    try:
+        service = SupplierService(db)
+        
+        # Check supplier exists and belongs to tenant
+        existing_supplier = await service.get_supplier(supplier_id)
+        if not existing_supplier:
+            raise HTTPException(status_code=404, detail="Supplier not found")
+        if existing_supplier.tenant_id != current_user.tenant_id:
+            raise HTTPException(status_code=403, detail="Access denied")
+        
+        success = await service.delete_supplier(supplier_id)
+        if not success:
+            raise HTTPException(status_code=404, detail="Supplier not found")
+        
+        return {"message": "Supplier deleted successfully"}
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error("Error deleting supplier", supplier_id=str(supplier_id), error=str(e))
+        raise HTTPException(status_code=500, detail="Failed to delete supplier")
+
+
+@router.post("/{supplier_id}/approve", response_model=SupplierResponse)
+async def approve_supplier(
+    approval_data: SupplierApproval,
+    supplier_id: UUID = Path(..., description="Supplier ID"),
+    current_user: UserInfo = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Approve or reject a pending supplier"""
+    require_permissions(current_user, ["suppliers:approve"])
+    
+    try:
+        service = SupplierService(db)
+        
+        # Check supplier exists and belongs to tenant
+        existing_supplier = await service.get_supplier(supplier_id)
+        if not existing_supplier:
+            raise HTTPException(status_code=404, detail="Supplier not found")
+        if existing_supplier.tenant_id != current_user.tenant_id:
+            raise HTTPException(status_code=403, detail="Access denied")
+        
+        if approval_data.action == "approve":
+            supplier = await service.approve_supplier(
+                supplier_id=supplier_id,
+                approved_by=current_user.user_id,
+                notes=approval_data.notes
+            )
+        elif approval_data.action == "reject":
+            if not approval_data.notes:
+                raise HTTPException(status_code=400, detail="Rejection reason is required")
+            supplier = await service.reject_supplier(
+                supplier_id=supplier_id,
+                rejection_reason=approval_data.notes,
+                rejected_by=current_user.user_id
+            )
+        else:
+            raise HTTPException(status_code=400, detail="Invalid action")
+        
+        if not supplier:
+            raise HTTPException(status_code=400, detail="Supplier is not in pending approval status")
+        
+        return SupplierResponse.from_orm(supplier)
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error("Error processing supplier approval", supplier_id=str(supplier_id), error=str(e))
+        raise HTTPException(status_code=500, detail="Failed to process supplier approval")
+
+
+@router.get("/types/{supplier_type}", response_model=List[SupplierSummary])
+async def get_suppliers_by_type(
+    supplier_type: str = Path(..., description="Supplier type"),
+    current_user: UserInfo = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Get suppliers by type"""
+    require_permissions(current_user, ["suppliers:read"])
+    
+    try:
+        from app.models.suppliers import SupplierType
+        
+        # Validate supplier type
+        try:
+            type_enum = SupplierType(supplier_type.upper())
+        except ValueError:
+            raise HTTPException(status_code=400, detail="Invalid supplier type")
+        
+        service = SupplierService(db)
+        suppliers = await service.get_suppliers_by_type(current_user.tenant_id, type_enum)
+        return [SupplierSummary.from_orm(supplier) for supplier in suppliers]
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error("Error getting suppliers by type", supplier_type=supplier_type, error=str(e))
+        raise HTTPException(status_code=500, detail="Failed to retrieve suppliers by type")