collabrix/backend/app/routers/departments.py

from fastapi import APIRouter, Depends, HTTPException, status
from sqlmodel import Session, select
from typing import List
from app.database import get_session
from app.models import Department, User
from app.schemas import DepartmentCreate, DepartmentResponse, UserResponse
from app.auth import get_current_user

router = APIRouter(prefix="/departments", tags=["Departments"])


@router.post("/", response_model=DepartmentResponse, status_code=status.HTTP_201_CREATED)
def create_department(
    department_data: DepartmentCreate,
    session: Session = Depends(get_session),
    current_user: User = Depends(get_current_user)
):
    """Create a new department"""
    # Check if department already exists
    statement = select(Department).where(Department.name == department_data.name)
    existing_dept = session.exec(statement).first()
    if existing_dept:
        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST,
            detail="Department already exists"
        )
    
    new_dept = Department(
        name=department_data.name,
        description=department_data.description
    )
    
    session.add(new_dept)
    session.commit()
    session.refresh(new_dept)
    
    return new_dept


@router.get("/", response_model=List[DepartmentResponse])
def get_departments(
    session: Session = Depends(get_session),
    current_user: User = Depends(get_current_user)
):
    """Get all departments"""
    statement = select(Department)
    departments = session.exec(statement).all()
    return departments


@router.get("/my", response_model=List[DepartmentResponse])
def get_my_departments(
    session: Session = Depends(get_session),
    current_user: User = Depends(get_current_user)
):
    """Get departments that current user belongs to"""
    statement = select(User).where(User.id == current_user.id)
    user = session.exec(statement).first()
    return user.departments if user else []


@router.get("/{department_id}/users", response_model=List[UserResponse])
def get_department_users(
    department_id: int,
    session: Session = Depends(get_session),
    current_user: User = Depends(get_current_user)
):
    """Get all users in a department"""
    # Check if department exists
    department = session.get(Department, department_id)
    if not department:
        raise HTTPException(
            status_code=status.HTTP_404_NOT_FOUND,
            detail="Department not found"
        )
    
    # Check if current user has access to this department
    user_departments = [dept.id for dept in current_user.departments]
    if department_id not in user_departments and current_user.role not in ["admin", "superadmin"]:
        raise HTTPException(
            status_code=status.HTTP_403_FORBIDDEN,
            detail="Access denied"
        )
    
    return department.users


@router.post("/{department_id}/users/{user_id}")
def add_user_to_department(
    department_id: int,
    user_id: int,
    session: Session = Depends(get_session),
    current_user: User = Depends(get_current_user)
):
    """Add a user to a department"""
    # Get department
    department = session.get(Department, department_id)
    if not department:
        raise HTTPException(
            status_code=status.HTTP_404_NOT_FOUND,
            detail="Department not found"
        )
    
    # Get user
    user = session.get(User, user_id)
    if not user:
        raise HTTPException(
            status_code=status.HTTP_404_NOT_FOUND,
            detail="User not found"
        )
    
    # Add user to department
    if user not in department.users:
        department.users.append(user)
        session.add(department)
        session.commit()
    
    return {"message": "User added to department successfully"}


@router.delete("/{department_id}/users/{user_id}")
def remove_user_from_department(
    department_id: int,
    user_id: int,
    session: Session = Depends(get_session),
    current_user: User = Depends(get_current_user)
):
    """Remove a user from a department"""
    # Get department
    department = session.get(Department, department_id)
    if not department:
        raise HTTPException(
            status_code=status.HTTP_404_NOT_FOUND,
            detail="Department not found"
        )
    
    # Get user
    user = session.get(User, user_id)
    if not user:
        raise HTTPException(
            status_code=status.HTTP_404_NOT_FOUND,
            detail="User not found"
        )
    
    # Remove user from department
    if user in department.users:
        department.users.remove(user)
        session.add(department)
        session.commit()
    
    return {"message": "User removed from department successfully"}