backend/app/api/editor.py

from fastapi import APIRouter, Depends, HTTPException, Query
from sqlalchemy import or_, select
from sqlalchemy.orm import Session, joinedload

from app.api.deps import AuthSession, get_auth_session
from app.db.session import get_db
from app.models.mix import Mix
from app.models.product import Product
from app.schemas.editor import EditorMixUpdate, EditorProductRow, EditorProductUpdate
from app.services.client_access_service import has_access_level

router = APIRouter(prefix="/api/editor", tags=["editor"])


def _serialize_row(product: Product) -> dict:
    return {
        "id": product.id,
        "tenant_id": product.tenant_id,
        "client_name": product.client_name,
        "item_id": product.item_id,
        "name": product.name,
        "mix_id": product.mix_id,
        "mix_client_name": product.mix.client_name if product.mix else "",
        "mix_name": product.mix.name if product.mix else "",
        "sale_type": product.sale_type,
        "unit_of_measure": product.unit_of_measure,
        "visible": product.visible,
        "product_notes": product.notes,
        "mix_notes": product.mix.notes if product.mix else None,
    }


def _require_editor_session(
    session: AuthSession = Depends(get_auth_session),
    db: Session = Depends(get_db),
) -> AuthSession:
    if session.role == "internal":
        permissions = session.module_permissions or {}
        if not has_access_level(permissions.get("client_access"), "manage"):
            raise HTTPException(status_code=403, detail="Lean access is required")
        if not has_access_level(permissions.get("products"), "edit"):
            raise HTTPException(status_code=403, detail="products edit access is required")
        if not has_access_level(permissions.get("mix_master"), "edit"):
            raise HTTPException(status_code=403, detail="mix_master edit access is required")
        if not session.tenant_id:
            raise HTTPException(status_code=403, detail="Internal user context is missing")
        return session

    raise HTTPException(status_code=403, detail="Lean access is required")


@router.get("/products", response_model=list[EditorProductRow])
def list_editor_products(
    q: str | None = Query(default=None, max_length=255),
    client_name: str | None = Query(default=None, max_length=255),
    limit: int = Query(default=500, ge=1, le=1000),
    session: AuthSession = Depends(_require_editor_session),
    db: Session = Depends(get_db),
):
    statement = (
        select(Product)
        .where(Product.tenant_id == session.tenant_id)
        .options(joinedload(Product.mix))
        .join(Product.mix)
        .order_by(Product.client_name, Product.name, Product.id)
        .limit(limit)
    )

    if client_name:
        statement = statement.where(Product.client_name == client_name)

    if q:
        term = f"%{q.strip()}%"
        statement = statement.where(
            or_(
                Product.client_name.ilike(term),
                Product.name.ilike(term),
                Product.item_id.ilike(term),
                Product.unit_of_measure.ilike(term),
                Mix.name.ilike(term),
            )
        )

    return [_serialize_row(product) for product in db.scalars(statement).all()]


@router.patch("/products/{product_id}", response_model=EditorProductRow)
def update_editor_product(
    product_id: int,
    payload: EditorProductUpdate,
    session: AuthSession = Depends(_require_editor_session),
    db: Session = Depends(get_db),
):
    product = db.scalar(
        select(Product)
        .where(Product.id == product_id, Product.tenant_id == session.tenant_id)
        .options(joinedload(Product.mix))
    )
    if product is None:
        raise HTTPException(status_code=404, detail="Product not found")

    if payload.mix_id is not None:
        mix = db.scalar(select(Mix).where(Mix.id == payload.mix_id, Mix.tenant_id == session.tenant_id))
        if mix is None:
            raise HTTPException(status_code=404, detail="Mix not found")

    for field, value in payload.model_dump(exclude_unset=True).items():
        setattr(product, field, value)

    db.commit()
    db.refresh(product)
    return _serialize_row(product)


@router.patch("/mixes/{mix_id}", response_model=list[EditorProductRow])
def update_editor_mix(
    mix_id: int,
    payload: EditorMixUpdate,
    session: AuthSession = Depends(_require_editor_session),
    db: Session = Depends(get_db),
):
    mix = db.scalar(select(Mix).where(Mix.id == mix_id, Mix.tenant_id == session.tenant_id))
    if mix is None:
        raise HTTPException(status_code=404, detail="Mix not found")

    for field, value in payload.model_dump(exclude_unset=True).items():
        setattr(mix, field, value)

    db.commit()

    products = db.scalars(
        select(Product)
        .where(Product.tenant_id == session.tenant_id, Product.mix_id == mix_id)
        .options(joinedload(Product.mix))
        .order_by(Product.client_name, Product.name, Product.id)
    ).all()
    return [_serialize_row(product) for product in products]
v0.1.11 - Editor 2026-06-03 00:17:12 +12:00			`from fastapi import APIRouter, Depends, HTTPException, Query`
			`from sqlalchemy import or_, select`
			`from sqlalchemy.orm import Session, joinedload`

			`from app.api.deps import AuthSession, get_auth_session`
			`from app.db.session import get_db`
			`from app.models.mix import Mix`
			`from app.models.product import Product`
			`from app.schemas.editor import EditorMixUpdate, EditorProductRow, EditorProductUpdate`
			`from app.services.client_access_service import has_access_level`

			`router = APIRouter(prefix="/api/editor", tags=["editor"])`


			`def _serialize_row(product: Product) -> dict:`
			`return {`
			`"id": product.id,`
			`"tenant_id": product.tenant_id,`
			`"client_name": product.client_name,`
			`"item_id": product.item_id,`
			`"name": product.name,`
			`"mix_id": product.mix_id,`
			`"mix_client_name": product.mix.client_name if product.mix else "",`
			`"mix_name": product.mix.name if product.mix else "",`
			`"sale_type": product.sale_type,`
			`"unit_of_measure": product.unit_of_measure,`
			`"visible": product.visible,`
			`"product_notes": product.notes,`
			`"mix_notes": product.mix.notes if product.mix else None,`
			`}`


			`def _require_editor_session(`
			`session: AuthSession = Depends(get_auth_session),`
			`db: Session = Depends(get_db),`
			`) -> AuthSession:`
			`if session.role == "internal":`
			`permissions = session.module_permissions or {}`
			`if not has_access_level(permissions.get("client_access"), "manage"):`
			`raise HTTPException(status_code=403, detail="Lean access is required")`
			`if not has_access_level(permissions.get("products"), "edit"):`
			`raise HTTPException(status_code=403, detail="products edit access is required")`
			`if not has_access_level(permissions.get("mix_master"), "edit"):`
			`raise HTTPException(status_code=403, detail="mix_master edit access is required")`
			`if not session.tenant_id:`
			`raise HTTPException(status_code=403, detail="Internal user context is missing")`
			`return session`

			`raise HTTPException(status_code=403, detail="Lean access is required")`


			`@router.get("/products", response_model=list[EditorProductRow])`
			`def list_editor_products(`
			`q: str \| None = Query(default=None, max_length=255),`
			`client_name: str \| None = Query(default=None, max_length=255),`
			`limit: int = Query(default=500, ge=1, le=1000),`
			`session: AuthSession = Depends(_require_editor_session),`
			`db: Session = Depends(get_db),`
			`):`
			`statement = (`
			`select(Product)`
			`.where(Product.tenant_id == session.tenant_id)`
			`.options(joinedload(Product.mix))`
			`.join(Product.mix)`
			`.order_by(Product.client_name, Product.name, Product.id)`
			`.limit(limit)`
			`)`

			`if client_name:`
			`statement = statement.where(Product.client_name == client_name)`

			`if q:`
			`term = f"%{q.strip()}%"`
			`statement = statement.where(`
			`or_(`
			`Product.client_name.ilike(term),`
			`Product.name.ilike(term),`
			`Product.item_id.ilike(term),`
			`Product.unit_of_measure.ilike(term),`
			`Mix.name.ilike(term),`
			`)`
			`)`

			`return [_serialize_row(product) for product in db.scalars(statement).all()]`


			`@router.patch("/products/{product_id}", response_model=EditorProductRow)`
			`def update_editor_product(`
			`product_id: int,`
			`payload: EditorProductUpdate,`
			`session: AuthSession = Depends(_require_editor_session),`
			`db: Session = Depends(get_db),`
			`):`
			`product = db.scalar(`
			`select(Product)`
			`.where(Product.id == product_id, Product.tenant_id == session.tenant_id)`
			`.options(joinedload(Product.mix))`
			`)`
			`if product is None:`
			`raise HTTPException(status_code=404, detail="Product not found")`

			`if payload.mix_id is not None:`
			`mix = db.scalar(select(Mix).where(Mix.id == payload.mix_id, Mix.tenant_id == session.tenant_id))`
			`if mix is None:`
			`raise HTTPException(status_code=404, detail="Mix not found")`

			`for field, value in payload.model_dump(exclude_unset=True).items():`
			`setattr(product, field, value)`

			`db.commit()`
			`db.refresh(product)`
			`return _serialize_row(product)`


			`@router.patch("/mixes/{mix_id}", response_model=list[EditorProductRow])`
			`def update_editor_mix(`
			`mix_id: int,`
			`payload: EditorMixUpdate,`
			`session: AuthSession = Depends(_require_editor_session),`
			`db: Session = Depends(get_db),`
			`):`
			`mix = db.scalar(select(Mix).where(Mix.id == mix_id, Mix.tenant_id == session.tenant_id))`
			`if mix is None:`
			`raise HTTPException(status_code=404, detail="Mix not found")`

			`for field, value in payload.model_dump(exclude_unset=True).items():`
			`setattr(mix, field, value)`

			`db.commit()`

			`products = db.scalars(`
			`select(Product)`
			`.where(Product.tenant_id == session.tenant_id, Product.mix_id == mix_id)`
			`.options(joinedload(Product.mix))`
			`.order_by(Product.client_name, Product.name, Product.id)`
			`).all()`
			`return [_serialize_row(product) for product in products]`