feat: implement complete CMT backend with API endpoints and test suite

- Add 7 core API endpoints: users, transactions, partners, products, inventory, payments, credit
- Implement role-based authentication (admin/write/read-only access)
- Add comprehensive database models with proper relationships
- Include full test coverage for all endpoints and business logic
- Set up Alembic migrations and Docker configuration
- Configure FastAPI app with CORS and database integration

backend/app/api/v1/transactions.py

@@ -0,0 +1,88 @@
+from fastapi import APIRouter, Depends, HTTPException, status
+from sqlmodel import Session, select
+from app.core.db import get_session
+from app.core.auth import require_any_access, require_write_access, get_current_active_user
+from app.schemas.models import Transaction
+from app.schemas.schemas import TransactionCreate, TransactionUpdate, TransactionResponse, UserResponse
+
+from typing import List, Optional
+
+router = APIRouter(prefix="/transactions", tags=["transactions"])
+
+# Create Transaction
+@router.post("/", response_model=TransactionResponse, status_code=status.HTTP_201_CREATED)
+def create_transaction(
+    transaction: TransactionCreate, 
+    session: Session = Depends(get_session),
+    current_user: UserResponse = Depends(require_write_access)
+):
+    # Set created_by and updated_by to current user
+    transaction_data = transaction.model_dump(exclude_unset=True)
+    transaction_data["created_by"] = current_user.id
+    transaction_data["updated_by"] = current_user.id
+    
+    db_transaction = Transaction(**transaction_data)
+    session.add(db_transaction)
+    session.commit()
+    session.refresh(db_transaction)
+    return db_transaction
+
+# Read all Transactions
+@router.get("/", response_model=List[TransactionResponse])
+def read_transactions(
+    skip: int = 0, 
+    limit: int = 100, 
+    session: Session = Depends(get_session),
+    current_user: UserResponse = Depends(require_any_access)
+):
+    transactions = session.exec(select(Transaction).offset(skip).limit(limit)).all()
+    return transactions
+
+# Read single Transaction by ID
+@router.get("/{transaction_id}", response_model=TransactionResponse)
+def read_transaction(
+    transaction_id: int, 
+    session: Session = Depends(get_session),
+    current_user: UserResponse = Depends(require_any_access)
+):
+    transaction = session.get(Transaction, transaction_id)
+    if not transaction:
+        raise HTTPException(status_code=404, detail="Transaction not found")
+    return transaction
+
+# Update Transaction
+@router.put("/{transaction_id}", response_model=TransactionResponse)
+def update_transaction(
+    transaction_id: int, 
+    transaction: TransactionUpdate, 
+    session: Session = Depends(get_session),
+    current_user: UserResponse = Depends(require_write_access)
+):
+    db_transaction = session.get(Transaction, transaction_id)
+    if not db_transaction:
+        raise HTTPException(status_code=404, detail="Transaction not found")
+    
+    update_data = transaction.model_dump(exclude_unset=True)
+    update_data["updated_by"] = current_user.id  # Track who updated
+    
+    for key, value in update_data.items():
+        setattr(db_transaction, key, value)
+    
+    session.add(db_transaction)
+    session.commit()
+    session.refresh(db_transaction)
+    return db_transaction
+
+# Delete Transaction
+@router.delete("/{transaction_id}", status_code=status.HTTP_204_NO_CONTENT)
+def delete_transaction(
+    transaction_id: int, 
+    session: Session = Depends(get_session),
+    current_user: UserResponse = Depends(require_write_access)
+):
+    transaction = session.get(Transaction, transaction_id)
+    if not transaction:
+        raise HTTPException(status_code=404, detail="Transaction not found")
+    session.delete(transaction)
+    session.commit()
+    return None