from fastapi import APIRouter, Depends, HTTPException, status from sqlmodel import Session, select from typing import List from app.database import get_session from app.models import Department, User from app.schemas import DepartmentCreate, DepartmentResponse, UserResponse from app.auth import get_current_user router = APIRouter(prefix="/departments", tags=["Departments"]) @router.post("/", response_model=DepartmentResponse, status_code=status.HTTP_201_CREATED) def create_department( department_data: DepartmentCreate, session: Session = Depends(get_session), current_user: User = Depends(get_current_user) ): """Create a new department""" # Check if department already exists statement = select(Department).where(Department.name == department_data.name) existing_dept = session.exec(statement).first() if existing_dept: raise HTTPException( status_code=status.HTTP_400_BAD_REQUEST, detail="Department already exists" ) new_dept = Department( name=department_data.name, description=department_data.description ) session.add(new_dept) session.commit() session.refresh(new_dept) return new_dept @router.get("/", response_model=List[DepartmentResponse]) def get_departments( session: Session = Depends(get_session), current_user: User = Depends(get_current_user) ): """Get all departments""" statement = select(Department) departments = session.exec(statement).all() return departments @router.get("/my", response_model=List[DepartmentResponse]) def get_my_departments( session: Session = Depends(get_session), current_user: User = Depends(get_current_user) ): """Get departments that current user belongs to""" statement = select(User).where(User.id == current_user.id) user = session.exec(statement).first() return user.departments if user else [] @router.get("/{department_id}/users", response_model=List[UserResponse]) def get_department_users( department_id: int, session: Session = Depends(get_session), current_user: User = Depends(get_current_user) ): """Get all users in a department""" # Check if department exists department = session.get(Department, department_id) if not department: raise HTTPException( status_code=status.HTTP_404_NOT_FOUND, detail="Department not found" ) # Check if current user has access to this department user_departments = [dept.id for dept in current_user.departments] if department_id not in user_departments and current_user.role not in ["admin", "superadmin"]: raise HTTPException( status_code=status.HTTP_403_FORBIDDEN, detail="Access denied" ) return department.users @router.post("/{department_id}/users/{user_id}") def add_user_to_department( department_id: int, user_id: int, session: Session = Depends(get_session), current_user: User = Depends(get_current_user) ): """Add a user to a department""" # Get department department = session.get(Department, department_id) if not department: raise HTTPException( status_code=status.HTTP_404_NOT_FOUND, detail="Department not found" ) # Get user user = session.get(User, user_id) if not user: raise HTTPException( status_code=status.HTTP_404_NOT_FOUND, detail="User not found" ) # Add user to department if user not in department.users: department.users.append(user) session.add(department) session.commit() return {"message": "User added to department successfully"} @router.delete("/{department_id}/users/{user_id}") def remove_user_from_department( department_id: int, user_id: int, session: Session = Depends(get_session), current_user: User = Depends(get_current_user) ): """Remove a user from a department""" # Get department department = session.get(Department, department_id) if not department: raise HTTPException( status_code=status.HTTP_404_NOT_FOUND, detail="Department not found" ) # Get user user = session.get(User, user_id) if not user: raise HTTPException( status_code=status.HTTP_404_NOT_FOUND, detail="User not found" ) # Remove user from department if user in department.users: department.users.remove(user) session.add(department) session.commit() return {"message": "User removed from department successfully"}