Initial commit – TimeMaster Zeiterfassung & HR-Tool

Stand: agent-06 (Audit-Log), agent-05 (Krankmeldung), agent-07 Phase 1 (Personalnummer), Busylight-Pull-Integration, TOTP/2FA, Abwesenheiten, Zeiterfassung, Kiosk-Grundgerüst. Migrations 0001–0023 deployed auf 192.168.1.137 + .164. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-23 20:03:27 +02:00
commit 1fedd683e0
178 changed files with 29896 additions and 0 deletions
@@ -0,0 +1,91 @@
+from uuid import UUID
+
+from fastapi import APIRouter, Depends
+from sqlalchemy import select
+from sqlalchemy.ext.asyncio import AsyncSession
+
+from app.core.database import get_db
+from app.core.dependencies import CurrentUser, require_role
+from app.models import Company
+from app.models.department import Department
+from app.models.user import User, UserRole
+from app.schemas.company import (
+    CompanyOut,
+    CompanyUpdate,
+    DepartmentCreate,
+    DepartmentOut,
+    DepartmentUpdate,
+)
+
+router = APIRouter(prefix="/companies", tags=["Companies"])
+
+_admin_roles = (UserRole.COMPANY_ADMIN, UserRole.SUPER_ADMIN)
+
+
+@router.get("/me", response_model=CompanyOut)
+async def get_my_company(current_user: CurrentUser, db: AsyncSession = Depends(get_db)):
+    company = await db.get(Company, current_user.company_id)
+    return CompanyOut.model_validate(company)
+
+
+@router.patch("/me", response_model=CompanyOut)
+async def update_my_company(
+    data: CompanyUpdate,
+    current_user: User = require_role(*_admin_roles),
+    db: AsyncSession = Depends(get_db),
+):
+    company = await db.get(Company, current_user.company_id)
+    for field, value in data.model_dump(exclude_none=True).items():
+        setattr(company, field, value)
+    return CompanyOut.model_validate(company)
+
+
+# ── Departments ──────────────────────────────────────────────────────────────
+
+@router.get("/me/departments", response_model=list[DepartmentOut])
+async def list_departments(current_user: CurrentUser, db: AsyncSession = Depends(get_db)):
+    depts = await db.scalars(
+        select(Department).where(Department.company_id == current_user.company_id)
+    )
+    return [DepartmentOut.model_validate(d) for d in depts.all()]
+
+
+@router.post("/me/departments", response_model=DepartmentOut, status_code=201)
+async def create_department(
+    data: DepartmentCreate,
+    current_user: User = require_role(*_admin_roles),
+    db: AsyncSession = Depends(get_db),
+):
+    dept = Department(company_id=current_user.company_id, **data.model_dump())
+    db.add(dept)
+    await db.flush()
+    return DepartmentOut.model_validate(dept)
+
+
+@router.patch("/me/departments/{dept_id}", response_model=DepartmentOut)
+async def update_department(
+    dept_id: UUID,
+    data: DepartmentUpdate,
+    current_user: User = require_role(*_admin_roles),
+    db: AsyncSession = Depends(get_db),
+):
+    dept = await db.get(Department, dept_id)
+    if not dept or dept.company_id != current_user.company_id:
+        from fastapi import HTTPException
+        raise HTTPException(status_code=404, detail="Department not found")
+    for field, value in data.model_dump(exclude_none=True).items():
+        setattr(dept, field, value)
+    return DepartmentOut.model_validate(dept)
+
+
+@router.delete("/me/departments/{dept_id}", status_code=204)
+async def delete_department(
+    dept_id: UUID,
+    current_user: User = require_role(*_admin_roles),
+    db: AsyncSession = Depends(get_db),
+):
+    dept = await db.get(Department, dept_id)
+    if not dept or dept.company_id != current_user.company_id:
+        from fastapi import HTTPException
+        raise HTTPException(status_code=404, detail="Department not found")
+    await db.delete(dept)