from fastapi import APIRouter, Depends, HTTPException from sqlalchemy.orm import Session from app.core.database import SessionLocal from app.models.product import Product from app.schemas.product import ProductCreate, ProductUpdate, ProductOut from app.core.auth import get_current_user, requires_role from app.models.user import User router = APIRouter(prefix="/products", tags=["products"]) def get_db(): db = SessionLocal() try: yield db finally: db.close() @router.post("/", response_model=ProductOut, dependencies=[Depends(requires_role("manager", "admin"))]) def create_product(product: ProductCreate, db: Session = Depends(get_db), user: User = Depends(get_current_user)): db_product = Product(**product.dict()) db.add(db_product) db.commit() db.refresh(db_product) return db_product @router.get("/", response_model=list[ProductOut]) def list_products(db: Session = Depends(get_db)): return db.query(Product).all() @router.get("/{product_id}", response_model=ProductOut) def get_product(product_id: int, db: Session = Depends(get_db)): product = db.query(Product).get(product_id) if not product: raise HTTPException(status_code=404, detail="Product not found") return product @router.put("/{product_id}", response_model=ProductOut, dependencies=[Depends(requires_role("manager", "admin"))]) def update_product(product_id: int, product: ProductUpdate, db: Session = Depends(get_db), user: User = Depends(get_current_user)): db_product = db.query(Product).get(product_id) if not db_product: raise HTTPException(status_code=404, detail="Product not found") for key, value in product.dict(exclude_unset=True).items(): setattr(db_product, key, value) db.commit() db.refresh(db_product) return db_product @router.delete("/{product_id}", status_code=204, dependencies=[Depends(requires_role("manager", "admin"))]) def delete_product(product_id: int, db: Session = Depends(get_db), user: User = Depends(get_current_user)): db_product = db.query(Product).get(product_id) if not db_product: raise HTTPException(status_code=404, detail="Product not found") db.delete(db_product) db.commit()