feat: implement complete CMT backend with API endpoints and test suite

- Add 7 core API endpoints: users, transactions, partners, products, inventory, payments, credit - Implement role-based authentication (admin/write/read-only access) - Add comprehensive database models with proper relationships - Include full test coverage for all endpoints and business logic - Set up Alembic migrations and Docker configuration - Configure FastAPI app with CORS and database integration
2025-09-14 21:04:07 +02:00
parent 49c813778b
commit c086f64363
48 changed files with 6992 additions and 126 deletions
@@ -0,0 +1,197 @@
+from fastapi import APIRouter, Depends, HTTPException, status
+from sqlmodel import Session, select
+from app.core.db import get_session
+from app.core.auth import require_any_access, require_write_access, require_admin
+from app.schemas.models import Transaction_details, Partner, Product
+from app.schemas.schemas import (
+    TransactionDetailsCreate, 
+    TransactionDetailsUpdate, 
+    TransactionDetailsResponse, 
+    UserResponse
+)
+from typing import List
+
+router = APIRouter(prefix="/transaction-details", tags=["transaction-details"])
+
+# Create Transaction Details
+@router.post("/", response_model=TransactionDetailsResponse, status_code=status.HTTP_201_CREATED)
+def create_transaction_details(
+    transaction_details: TransactionDetailsCreate, 
+    session: Session = Depends(get_session),
+    current_user: UserResponse = Depends(require_write_access)
+):
+    """Create new transaction details (requires write access)."""
+    # Validate partner exists
+    partner = session.get(Partner, transaction_details.partner_id)
+    if not partner:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Partner not found"
+        )
+    
+    # Validate product exists
+    product = session.get(Product, transaction_details.product_id)
+    if not product:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Product not found"
+        )
+    
+    # Create transaction details with audit fields
+    transaction_details_data = transaction_details.model_dump()
+    transaction_details_data["created_by"] = current_user.id
+    transaction_details_data["updated_by"] = current_user.id
+    
+    db_transaction_details = Transaction_details(**transaction_details_data)
+    
+    session.add(db_transaction_details)
+    session.commit()
+    session.refresh(db_transaction_details)
+    return db_transaction_details
+
+# Read all Transaction Details
+@router.get("/", response_model=List[TransactionDetailsResponse])
+def read_transaction_details(
+    skip: int = 0, 
+    limit: int = 100, 
+    session: Session = Depends(get_session),
+    current_user: UserResponse = Depends(require_any_access)
+):
+    """Get all transaction details (requires authentication)."""
+    transaction_details = session.exec(
+        select(Transaction_details).offset(skip).limit(limit)
+    ).all()
+    return transaction_details
+
+# Read Transaction Details by partner
+@router.get("/partner/{partner_id}", response_model=List[TransactionDetailsResponse])
+def read_transaction_details_by_partner(
+    partner_id: int,
+    skip: int = 0, 
+    limit: int = 100, 
+    session: Session = Depends(get_session),
+    current_user: UserResponse = Depends(require_any_access)
+):
+    """Get transaction details for a specific partner (requires authentication)."""
+    # Validate partner exists
+    partner = session.get(Partner, partner_id)
+    if not partner:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="Partner not found"
+        )
+    
+    statement = select(Transaction_details).where(
+        Transaction_details.partner_id == partner_id
+    ).offset(skip).limit(limit)
+    
+    transaction_details = session.exec(statement).all()
+    return transaction_details
+
+# Read Transaction Details by product
+@router.get("/product/{product_id}", response_model=List[TransactionDetailsResponse])
+def read_transaction_details_by_product(
+    product_id: int,
+    skip: int = 0, 
+    limit: int = 100, 
+    session: Session = Depends(get_session),
+    current_user: UserResponse = Depends(require_any_access)
+):
+    """Get transaction details for a specific product (requires authentication)."""
+    # Validate product exists
+    product = session.get(Product, product_id)
+    if not product:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="Product not found"
+        )
+    
+    statement = select(Transaction_details).where(
+        Transaction_details.product_id == product_id
+    ).offset(skip).limit(limit)
+    
+    transaction_details = session.exec(statement).all()
+    return transaction_details
+
+# Read single Transaction Details by ID
+@router.get("/{transaction_details_id}", response_model=TransactionDetailsResponse)
+def read_transaction_details_by_id(
+    transaction_details_id: int, 
+    session: Session = Depends(get_session),
+    current_user: UserResponse = Depends(require_any_access)
+):
+    """Get specific transaction details by ID (requires authentication)."""
+    transaction_details = session.get(Transaction_details, transaction_details_id)
+    if not transaction_details:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND, 
+            detail="Transaction details not found"
+        )
+    return transaction_details
+
+# Update Transaction Details
+@router.put("/{transaction_details_id}", response_model=TransactionDetailsResponse)
+def update_transaction_details(
+    transaction_details_id: int, 
+    transaction_details: TransactionDetailsUpdate, 
+    session: Session = Depends(get_session),
+    current_user: UserResponse = Depends(require_write_access)
+):
+    """Update specific transaction details (requires write access)."""
+    db_transaction_details = session.get(Transaction_details, transaction_details_id)
+    if not db_transaction_details:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND, 
+            detail="Transaction details not found"
+        )
+    
+    update_data = transaction_details.model_dump(exclude_unset=True)
+    
+    # Validate partner if being updated
+    if "partner_id" in update_data:
+        partner = session.get(Partner, update_data["partner_id"])
+        if not partner:
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail="Partner not found"
+            )
+    
+    # Validate product if being updated
+    if "product_id" in update_data:
+        product = session.get(Product, update_data["product_id"])
+        if not product:
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail="Product not found"
+            )
+    
+    # Track who updated
+    update_data["updated_by"] = current_user.id
+    
+    # Update transaction details
+    for key, value in update_data.items():
+        setattr(db_transaction_details, key, value)
+    
+    session.add(db_transaction_details)
+    session.commit()
+    session.refresh(db_transaction_details)
+    return db_transaction_details
+
+# Delete Transaction Details
+@router.delete("/{transaction_details_id}", status_code=status.HTTP_204_NO_CONTENT)
+def delete_transaction_details(
+    transaction_details_id: int, 
+    session: Session = Depends(get_session),
+    current_user: UserResponse = Depends(require_admin)
+):
+    """Delete specific transaction details (admin only)."""
+    transaction_details = session.get(Transaction_details, transaction_details_id)
+    if not transaction_details:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND, 
+            detail="Transaction details not found"
+        )
+    
+    session.delete(transaction_details)
+    session.commit()
+    return None