sysops
1fedd683e0
Stand: agent-06 (Audit-Log), agent-05 (Krankmeldung), agent-07 Phase 1 (Personalnummer), Busylight-Pull-Integration, TOTP/2FA, Abwesenheiten, Zeiterfassung, Kiosk-Grundgerüst. Migrations 0001–0023 deployed auf 192.168.1.137 + .164. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
92 lines
3.2 KiB
Python
92 lines
3.2 KiB
Python
from uuid import UUID
|
|
|
|
from fastapi import APIRouter, Depends
|
|
from sqlalchemy import select
|
|
from sqlalchemy.ext.asyncio import AsyncSession
|
|
|
|
from app.core.database import get_db
|
|
from app.core.dependencies import CurrentUser, require_role
|
|
from app.models import Company
|
|
from app.models.department import Department
|
|
from app.models.user import User, UserRole
|
|
from app.schemas.company import (
|
|
CompanyOut,
|
|
CompanyUpdate,
|
|
DepartmentCreate,
|
|
DepartmentOut,
|
|
DepartmentUpdate,
|
|
)
|
|
|
|
router = APIRouter(prefix="/companies", tags=["Companies"])
|
|
|
|
_admin_roles = (UserRole.COMPANY_ADMIN, UserRole.SUPER_ADMIN)
|
|
|
|
|
|
@router.get("/me", response_model=CompanyOut)
|
|
async def get_my_company(current_user: CurrentUser, db: AsyncSession = Depends(get_db)):
|
|
company = await db.get(Company, current_user.company_id)
|
|
return CompanyOut.model_validate(company)
|
|
|
|
|
|
@router.patch("/me", response_model=CompanyOut)
|
|
async def update_my_company(
|
|
data: CompanyUpdate,
|
|
current_user: User = require_role(*_admin_roles),
|
|
db: AsyncSession = Depends(get_db),
|
|
):
|
|
company = await db.get(Company, current_user.company_id)
|
|
for field, value in data.model_dump(exclude_none=True).items():
|
|
setattr(company, field, value)
|
|
return CompanyOut.model_validate(company)
|
|
|
|
|
|
# ── Departments ──────────────────────────────────────────────────────────────
|
|
|
|
@router.get("/me/departments", response_model=list[DepartmentOut])
|
|
async def list_departments(current_user: CurrentUser, db: AsyncSession = Depends(get_db)):
|
|
depts = await db.scalars(
|
|
select(Department).where(Department.company_id == current_user.company_id)
|
|
)
|
|
return [DepartmentOut.model_validate(d) for d in depts.all()]
|
|
|
|
|
|
@router.post("/me/departments", response_model=DepartmentOut, status_code=201)
|
|
async def create_department(
|
|
data: DepartmentCreate,
|
|
current_user: User = require_role(*_admin_roles),
|
|
db: AsyncSession = Depends(get_db),
|
|
):
|
|
dept = Department(company_id=current_user.company_id, **data.model_dump())
|
|
db.add(dept)
|
|
await db.flush()
|
|
return DepartmentOut.model_validate(dept)
|
|
|
|
|
|
@router.patch("/me/departments/{dept_id}", response_model=DepartmentOut)
|
|
async def update_department(
|
|
dept_id: UUID,
|
|
data: DepartmentUpdate,
|
|
current_user: User = require_role(*_admin_roles),
|
|
db: AsyncSession = Depends(get_db),
|
|
):
|
|
dept = await db.get(Department, dept_id)
|
|
if not dept or dept.company_id != current_user.company_id:
|
|
from fastapi import HTTPException
|
|
raise HTTPException(status_code=404, detail="Department not found")
|
|
for field, value in data.model_dump(exclude_none=True).items():
|
|
setattr(dept, field, value)
|
|
return DepartmentOut.model_validate(dept)
|
|
|
|
|
|
@router.delete("/me/departments/{dept_id}", status_code=204)
|
|
async def delete_department(
|
|
dept_id: UUID,
|
|
current_user: User = require_role(*_admin_roles),
|
|
db: AsyncSession = Depends(get_db),
|
|
):
|
|
dept = await db.get(Department, dept_id)
|
|
if not dept or dept.company_id != current_user.company_id:
|
|
from fastapi import HTTPException
|
|
raise HTTPException(status_code=404, detail="Department not found")
|
|
await db.delete(dept)
|