update: Add Global Search on Header, Add Global Audit log for all actions.
This commit is contained in:
@@ -2,16 +2,86 @@ import asyncio
|
||||
import logging
|
||||
from fastapi import APIRouter, Depends, Query, BackgroundTasks, Body
|
||||
from typing import Optional
|
||||
from sqlalchemy.ext.asyncio import AsyncSession
|
||||
|
||||
from auth.models import TokenPayload
|
||||
from auth.dependencies import require_permission
|
||||
from crm.models import CustomerCreate, CustomerUpdate, CustomerInDB, CustomerListResponse, TransactionEntry
|
||||
from crm import service, nextcloud
|
||||
from config import settings
|
||||
from database.postgres import get_pg_session
|
||||
from shared.audit import log_action
|
||||
|
||||
router = APIRouter(prefix="/api/crm/customers", tags=["crm-customers"])
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
# ── Diff helpers ──────────────────────────────────────────────────────────────
|
||||
|
||||
_SCALAR_FIELDS = {
|
||||
"name", "surname", "title", "organization", "religion", "language",
|
||||
"relationship_status", "nextcloud_folder",
|
||||
}
|
||||
_SKIP_FIELDS = {"updated_at", "firestore_id", "id"}
|
||||
|
||||
|
||||
def _scalar_diff(old, new) -> dict:
|
||||
result = {}
|
||||
for f in _SCALAR_FIELDS:
|
||||
ov = getattr(old, f, None)
|
||||
nv = getattr(new, f, None)
|
||||
if ov != nv:
|
||||
result[f] = {"old": ov, "new": nv}
|
||||
return result
|
||||
|
||||
|
||||
def _list_diff(field: str, old_list: list, new_list: list, label_fn) -> dict:
|
||||
old_labels = {label_fn(i) for i in (old_list or [])}
|
||||
new_labels = {label_fn(i) for i in (new_list or [])}
|
||||
added = new_labels - old_labels
|
||||
removed = old_labels - new_labels
|
||||
result = {}
|
||||
if added:
|
||||
result[f"{field}.added"] = {"old": None, "new": sorted(added)}
|
||||
if removed:
|
||||
result[f"{field}.removed"] = {"old": sorted(removed), "new": None}
|
||||
return result
|
||||
|
||||
|
||||
def _customer_diff(old, new, changed_fields: set) -> dict:
|
||||
changes = _scalar_diff(old, new)
|
||||
|
||||
# contacts — keyed by type+value string
|
||||
if "contacts" in changed_fields:
|
||||
changes.update(_list_diff(
|
||||
"contacts",
|
||||
old.contacts or [],
|
||||
new.contacts or [],
|
||||
lambda c: f"{c.get('type','?')}:{c.get('value','?')}" if isinstance(c, dict)
|
||||
else f"{getattr(c,'type','?')}:{getattr(c,'value','?')}",
|
||||
))
|
||||
|
||||
# location — flatten to individual sub-fields
|
||||
if "location" in changed_fields:
|
||||
old_loc = old.location or {}
|
||||
new_loc = new.location or {}
|
||||
if isinstance(old_loc, object) and not isinstance(old_loc, dict):
|
||||
old_loc = old_loc.model_dump() if hasattr(old_loc, "model_dump") else {}
|
||||
if isinstance(new_loc, object) and not isinstance(new_loc, dict):
|
||||
new_loc = new_loc.model_dump() if hasattr(new_loc, "model_dump") else {}
|
||||
for k in set(old_loc) | set(new_loc):
|
||||
ov, nv = old_loc.get(k), new_loc.get(k)
|
||||
if ov != nv:
|
||||
changes[f"location.{k}"] = {"old": ov, "new": nv}
|
||||
|
||||
# tags
|
||||
if "tags" in changed_fields:
|
||||
old_tags = set(old.tags or [])
|
||||
new_tags = set(new.tags or [])
|
||||
if old_tags != new_tags:
|
||||
changes["tags"] = {"old": sorted(old_tags), "new": sorted(new_tags)}
|
||||
|
||||
return changes
|
||||
|
||||
|
||||
@router.get("", response_model=CustomerListResponse)
|
||||
async def list_customers(
|
||||
@@ -46,10 +116,14 @@ async def create_customer(
|
||||
body: CustomerCreate,
|
||||
background_tasks: BackgroundTasks,
|
||||
_user: TokenPayload = Depends(require_permission("crm", "edit")),
|
||||
db: AsyncSession = Depends(get_pg_session),
|
||||
):
|
||||
customer = service.create_customer(body)
|
||||
if settings.nextcloud_url:
|
||||
background_tasks.add_task(_init_nextcloud_folder, customer)
|
||||
label = " ".join(filter(None, [customer.name, customer.surname])) or customer.organization or customer.id
|
||||
await log_action(db, _user.sub, _user.name or _user.email, "CREATE", "customer",
|
||||
customer.id, label)
|
||||
return customer
|
||||
|
||||
|
||||
@@ -65,12 +139,19 @@ async def _init_nextcloud_folder(customer) -> None:
|
||||
|
||||
|
||||
@router.put("/{customer_id}", response_model=CustomerInDB)
|
||||
def update_customer(
|
||||
async def update_customer(
|
||||
customer_id: str,
|
||||
body: CustomerUpdate,
|
||||
_user: TokenPayload = Depends(require_permission("crm", "edit")),
|
||||
db: AsyncSession = Depends(get_pg_session),
|
||||
):
|
||||
return service.update_customer(customer_id, body)
|
||||
old = service.get_customer(customer_id)
|
||||
customer = service.update_customer(customer_id, body)
|
||||
label = " ".join(filter(None, [customer.name, customer.surname])) or customer.organization or customer_id
|
||||
changes = _customer_diff(old, customer, body.model_fields_set)
|
||||
await log_action(db, _user.sub, _user.name or _user.email, "UPDATE", "customer",
|
||||
customer_id, label, changes=changes or None)
|
||||
return customer
|
||||
|
||||
|
||||
@router.delete("/{customer_id}", status_code=204)
|
||||
@@ -80,6 +161,7 @@ async def delete_customer(
|
||||
wipe_files: bool = Query(False),
|
||||
wipe_nextcloud: bool = Query(False),
|
||||
_user: TokenPayload = Depends(require_permission("crm", "edit")),
|
||||
db: AsyncSession = Depends(get_pg_session),
|
||||
):
|
||||
customer = service.delete_customer(customer_id)
|
||||
nc_path = service.get_customer_nc_path(customer)
|
||||
@@ -104,6 +186,10 @@ async def delete_customer(
|
||||
except Exception as e:
|
||||
logger.warning("Could not rename NC folder for customer %s: %s", customer_id, e)
|
||||
|
||||
label = " ".join(filter(None, [customer.name, customer.surname])) or customer.organization or customer_id
|
||||
await log_action(db, _user.sub, _user.name or _user.email, "DELETE", "customer",
|
||||
customer_id, label)
|
||||
|
||||
|
||||
@router.get("/{customer_id}/last-comm-direction")
|
||||
async def get_last_comm_direction(
|
||||
@@ -117,12 +203,17 @@ async def get_last_comm_direction(
|
||||
# ── Relationship Status ───────────────────────────────────────────────────────
|
||||
|
||||
@router.patch("/{customer_id}/relationship-status", response_model=CustomerInDB)
|
||||
def update_relationship_status(
|
||||
async def update_relationship_status(
|
||||
customer_id: str,
|
||||
body: dict = Body(...),
|
||||
_user: TokenPayload = Depends(require_permission("crm", "edit")),
|
||||
db: AsyncSession = Depends(get_pg_session),
|
||||
):
|
||||
return service.update_relationship_status(customer_id, body.get("status", ""))
|
||||
customer = service.update_relationship_status(customer_id, body.get("status", ""))
|
||||
label = " ".join(filter(None, [customer.name, customer.surname])) or customer.organization or customer_id
|
||||
await log_action(db, _user.sub, _user.name or _user.email, "STATUS_CHANGE", "customer",
|
||||
customer_id, label, meta={"status": body.get("status", "")})
|
||||
return customer
|
||||
|
||||
|
||||
# ── Technical Issues ──────────────────────────────────────────────────────────
|
||||
|
||||
@@ -1,10 +1,13 @@
|
||||
from fastapi import APIRouter, Depends, Query
|
||||
from typing import Optional
|
||||
from sqlalchemy.ext.asyncio import AsyncSession
|
||||
|
||||
from auth.models import TokenPayload
|
||||
from auth.dependencies import require_permission
|
||||
from crm.models import OrderCreate, OrderUpdate, OrderInDB, OrderListResponse
|
||||
from crm import service
|
||||
from database.postgres import get_pg_session
|
||||
from shared.audit import log_action
|
||||
|
||||
router = APIRouter(prefix="/api/crm/customers/{customer_id}/orders", tags=["crm-orders"])
|
||||
|
||||
@@ -29,27 +32,35 @@ def get_next_order_number(
|
||||
|
||||
|
||||
@router.post("/init-negotiations", response_model=OrderInDB, status_code=201)
|
||||
def init_negotiations(
|
||||
async def init_negotiations(
|
||||
customer_id: str,
|
||||
body: dict,
|
||||
_user: TokenPayload = Depends(require_permission("crm", "edit")),
|
||||
db: AsyncSession = Depends(get_pg_session),
|
||||
):
|
||||
return service.init_negotiations(
|
||||
order = service.init_negotiations(
|
||||
customer_id=customer_id,
|
||||
title=body.get("title", ""),
|
||||
note=body.get("note", ""),
|
||||
date=body.get("date"),
|
||||
created_by=body.get("created_by", ""),
|
||||
)
|
||||
await log_action(db, _user.sub, _user.name or _user.email, "CREATE", "order",
|
||||
order.id, order.order_number or order.id, meta={"action_detail": "negotiations_started"})
|
||||
return order
|
||||
|
||||
|
||||
@router.post("", response_model=OrderInDB, status_code=201)
|
||||
def create_order(
|
||||
async def create_order(
|
||||
customer_id: str,
|
||||
body: OrderCreate,
|
||||
_user: TokenPayload = Depends(require_permission("crm", "edit")),
|
||||
db: AsyncSession = Depends(get_pg_session),
|
||||
):
|
||||
return service.create_order(customer_id, body)
|
||||
order = service.create_order(customer_id, body)
|
||||
await log_action(db, _user.sub, _user.name or _user.email, "CREATE", "order",
|
||||
order.id, order.order_number or order.id)
|
||||
return order
|
||||
|
||||
|
||||
@router.get("/{order_id}", response_model=OrderInDB)
|
||||
@@ -62,22 +73,37 @@ def get_order(
|
||||
|
||||
|
||||
@router.patch("/{order_id}", response_model=OrderInDB)
|
||||
def update_order(
|
||||
async def update_order(
|
||||
customer_id: str,
|
||||
order_id: str,
|
||||
body: OrderUpdate,
|
||||
_user: TokenPayload = Depends(require_permission("crm", "edit")),
|
||||
db: AsyncSession = Depends(get_pg_session),
|
||||
):
|
||||
return service.update_order(customer_id, order_id, body)
|
||||
old = service.get_order(customer_id, order_id)
|
||||
order = service.update_order(customer_id, order_id, body)
|
||||
action = "STATUS_CHANGE" if body.status is not None else "UPDATE"
|
||||
_SKIP = {"updated_at", "id", "customer_id", "items", "timeline", "discount", "shipping", "payment_status"}
|
||||
changes = {
|
||||
k: {"old": getattr(old, k, None), "new": getattr(order, k, None)}
|
||||
for k in body.model_fields_set
|
||||
if k not in _SKIP and getattr(old, k, None) != getattr(order, k, None)
|
||||
}
|
||||
await log_action(db, _user.sub, _user.name or _user.email, action, "order",
|
||||
order_id, order.order_number or order_id, changes=changes or None)
|
||||
return order
|
||||
|
||||
|
||||
@router.delete("/{order_id}", status_code=204)
|
||||
def delete_order(
|
||||
async def delete_order(
|
||||
customer_id: str,
|
||||
order_id: str,
|
||||
_user: TokenPayload = Depends(require_permission("crm", "edit")),
|
||||
db: AsyncSession = Depends(get_pg_session),
|
||||
):
|
||||
service.delete_order(customer_id, order_id)
|
||||
await log_action(db, _user.sub, _user.name or _user.email, "DELETE", "order",
|
||||
order_id, order_id)
|
||||
|
||||
|
||||
@router.post("/{order_id}/timeline", response_model=OrderInDB)
|
||||
|
||||
@@ -2,6 +2,7 @@ from fastapi import APIRouter, Depends, Query, UploadFile, File
|
||||
from fastapi.responses import StreamingResponse
|
||||
from typing import Optional
|
||||
import io
|
||||
from sqlalchemy.ext.asyncio import AsyncSession
|
||||
|
||||
from auth.dependencies import require_permission
|
||||
from auth.models import TokenPayload
|
||||
@@ -13,6 +14,8 @@ from crm.quotation_models import (
|
||||
QuotationUpdate,
|
||||
)
|
||||
from crm import quotations_service as svc
|
||||
from database.postgres import get_pg_session
|
||||
from shared.audit import log_action
|
||||
|
||||
router = APIRouter(prefix="/api/crm/quotations", tags=["crm-quotations"])
|
||||
|
||||
@@ -72,11 +75,15 @@ async def create_quotation(
|
||||
body: QuotationCreate,
|
||||
generate_pdf: bool = Query(False),
|
||||
_user: TokenPayload = Depends(require_permission("crm", "edit")),
|
||||
db: AsyncSession = Depends(get_pg_session),
|
||||
):
|
||||
"""
|
||||
Create a quotation. Pass ?generate_pdf=true to immediately generate and upload the PDF.
|
||||
"""
|
||||
return await svc.create_quotation(body, generate_pdf=generate_pdf)
|
||||
q = await svc.create_quotation(body, generate_pdf=generate_pdf)
|
||||
await log_action(db, _user.sub, _user.name or _user.email, "CREATE", "quotation",
|
||||
str(q.id), q.quotation_number or str(q.id))
|
||||
return q
|
||||
|
||||
|
||||
@router.put("/{quotation_id}", response_model=QuotationInDB)
|
||||
@@ -85,19 +92,34 @@ async def update_quotation(
|
||||
body: QuotationUpdate,
|
||||
generate_pdf: bool = Query(False),
|
||||
_user: TokenPayload = Depends(require_permission("crm", "edit")),
|
||||
db: AsyncSession = Depends(get_pg_session),
|
||||
):
|
||||
"""
|
||||
Update a quotation. Pass ?generate_pdf=true to regenerate the PDF.
|
||||
"""
|
||||
return await svc.update_quotation(quotation_id, body, generate_pdf=generate_pdf)
|
||||
old = await svc.get_quotation(quotation_id)
|
||||
q = await svc.update_quotation(quotation_id, body, generate_pdf=generate_pdf)
|
||||
_SKIP = {"updated_at", "id", "items", "pdf_path"}
|
||||
changes = {
|
||||
k: {"old": getattr(old, k, None), "new": getattr(q, k, None)}
|
||||
for k in body.model_fields_set
|
||||
if k not in _SKIP and getattr(old, k, None) != getattr(q, k, None)
|
||||
}
|
||||
await log_action(db, _user.sub, _user.name or _user.email, "UPDATE", "quotation",
|
||||
quotation_id, q.quotation_number or quotation_id, changes=changes or None)
|
||||
return q
|
||||
|
||||
|
||||
@router.delete("/{quotation_id}", status_code=204)
|
||||
async def delete_quotation(
|
||||
quotation_id: str,
|
||||
_user: TokenPayload = Depends(require_permission("crm", "edit")),
|
||||
db: AsyncSession = Depends(get_pg_session),
|
||||
):
|
||||
q = await svc.get_quotation(quotation_id)
|
||||
await svc.delete_quotation(quotation_id)
|
||||
await log_action(db, _user.sub, _user.name or _user.email, "DELETE", "quotation",
|
||||
quotation_id, q.quotation_number if q else quotation_id)
|
||||
|
||||
|
||||
@router.post("/{quotation_id}/regenerate-pdf", response_model=QuotationInDB)
|
||||
|
||||
@@ -3,11 +3,14 @@ from fastapi.responses import FileResponse
|
||||
from typing import Optional
|
||||
import os
|
||||
import shutil
|
||||
from sqlalchemy.ext.asyncio import AsyncSession
|
||||
|
||||
from auth.models import TokenPayload
|
||||
from auth.dependencies import require_permission
|
||||
from crm.models import ProductCreate, ProductUpdate, ProductInDB, ProductListResponse
|
||||
from crm import service
|
||||
from database.postgres import get_pg_session
|
||||
from shared.audit import log_action
|
||||
|
||||
router = APIRouter(prefix="/api/crm/products", tags=["crm-products"])
|
||||
|
||||
@@ -35,28 +38,47 @@ def get_product(
|
||||
|
||||
|
||||
@router.post("", response_model=ProductInDB, status_code=201)
|
||||
def create_product(
|
||||
async def create_product(
|
||||
body: ProductCreate,
|
||||
_user: TokenPayload = Depends(require_permission("crm", "edit")),
|
||||
db: AsyncSession = Depends(get_pg_session),
|
||||
):
|
||||
return service.create_product(body)
|
||||
product = service.create_product(body)
|
||||
await log_action(db, _user.sub, _user.name or _user.email, "CREATE", "product",
|
||||
product.id, product.name)
|
||||
return product
|
||||
|
||||
|
||||
@router.put("/{product_id}", response_model=ProductInDB)
|
||||
def update_product(
|
||||
async def update_product(
|
||||
product_id: str,
|
||||
body: ProductUpdate,
|
||||
_user: TokenPayload = Depends(require_permission("crm", "edit")),
|
||||
db: AsyncSession = Depends(get_pg_session),
|
||||
):
|
||||
return service.update_product(product_id, body)
|
||||
old = service.get_product(product_id)
|
||||
product = service.update_product(product_id, body)
|
||||
_SKIP = {"updated_at", "id", "photo_url"}
|
||||
changes = {
|
||||
k: {"old": getattr(old, k, None), "new": getattr(product, k, None)}
|
||||
for k in body.model_fields_set
|
||||
if k not in _SKIP and getattr(old, k, None) != getattr(product, k, None)
|
||||
}
|
||||
await log_action(db, _user.sub, _user.name or _user.email, "UPDATE", "product",
|
||||
product_id, product.name, changes=changes or None)
|
||||
return product
|
||||
|
||||
|
||||
@router.delete("/{product_id}", status_code=204)
|
||||
def delete_product(
|
||||
async def delete_product(
|
||||
product_id: str,
|
||||
_user: TokenPayload = Depends(require_permission("crm", "edit")),
|
||||
db: AsyncSession = Depends(get_pg_session),
|
||||
):
|
||||
product = service.get_product(product_id)
|
||||
service.delete_product(product_id)
|
||||
await log_action(db, _user.sub, _user.name or _user.email, "DELETE", "product",
|
||||
product_id, product.name)
|
||||
|
||||
|
||||
@router.post("/{product_id}/photo", response_model=ProductInDB)
|
||||
|
||||
Reference in New Issue
Block a user