144 lines
5.1 KiB
Python
144 lines
5.1 KiB
Python
from fastapi import APIRouter, Depends, Query, UploadFile, File
|
|
from fastapi.responses import StreamingResponse
|
|
from typing import Optional
|
|
import io
|
|
from sqlalchemy.ext.asyncio import AsyncSession
|
|
|
|
from auth.dependencies import require_permission
|
|
from auth.models import TokenPayload
|
|
from crm.quotation_models import (
|
|
NextNumberResponse,
|
|
QuotationCreate,
|
|
QuotationInDB,
|
|
QuotationListResponse,
|
|
QuotationUpdate,
|
|
)
|
|
from crm import quotations_service as svc
|
|
from database.postgres import get_pg_session
|
|
from shared.audit import log_action
|
|
|
|
router = APIRouter(prefix="/api/crm/quotations", tags=["crm-quotations"])
|
|
|
|
|
|
# IMPORTANT: Static paths must come BEFORE /{id} to avoid route collision in FastAPI
|
|
|
|
@router.get("/next-number", response_model=NextNumberResponse)
|
|
async def get_next_number(
|
|
_user: TokenPayload = Depends(require_permission("crm", "view")),
|
|
):
|
|
"""Returns the next available quotation number (preview only — does not commit)."""
|
|
next_num = await svc.get_next_number()
|
|
return NextNumberResponse(next_number=next_num)
|
|
|
|
|
|
@router.get("/all", response_model=list[dict])
|
|
async def list_all_quotations(
|
|
_user: TokenPayload = Depends(require_permission("crm", "view")),
|
|
):
|
|
"""Returns all quotations across all customers, each including customer_name."""
|
|
return await svc.list_all_quotations()
|
|
|
|
|
|
@router.get("/customer/{customer_id}", response_model=QuotationListResponse)
|
|
async def list_quotations_for_customer(
|
|
customer_id: str,
|
|
_user: TokenPayload = Depends(require_permission("crm", "view")),
|
|
):
|
|
quotations = await svc.list_quotations(customer_id)
|
|
return QuotationListResponse(quotations=quotations, total=len(quotations))
|
|
|
|
|
|
@router.get("/{quotation_id}/pdf")
|
|
async def proxy_quotation_pdf(
|
|
quotation_id: str,
|
|
_user: TokenPayload = Depends(require_permission("crm", "view")),
|
|
):
|
|
"""Proxy the quotation PDF from Nextcloud to bypass browser cookie restrictions."""
|
|
pdf_bytes = await svc.get_quotation_pdf_bytes(quotation_id)
|
|
return StreamingResponse(
|
|
io.BytesIO(pdf_bytes),
|
|
media_type="application/pdf",
|
|
headers={"Content-Disposition": "inline"},
|
|
)
|
|
|
|
|
|
@router.get("/{quotation_id}", response_model=QuotationInDB)
|
|
async def get_quotation(
|
|
quotation_id: str,
|
|
_user: TokenPayload = Depends(require_permission("crm", "view")),
|
|
):
|
|
return await svc.get_quotation(quotation_id)
|
|
|
|
|
|
@router.post("", response_model=QuotationInDB, status_code=201)
|
|
async def create_quotation(
|
|
body: QuotationCreate,
|
|
generate_pdf: bool = Query(False),
|
|
_user: TokenPayload = Depends(require_permission("crm", "edit")),
|
|
db: AsyncSession = Depends(get_pg_session),
|
|
):
|
|
"""
|
|
Create a quotation. Pass ?generate_pdf=true to immediately generate and upload the PDF.
|
|
"""
|
|
q = await svc.create_quotation(body, generate_pdf=generate_pdf)
|
|
await log_action(db, _user.sub, _user.name or _user.email, "CREATE", "quotation",
|
|
str(q.id), q.quotation_number or str(q.id))
|
|
return q
|
|
|
|
|
|
@router.put("/{quotation_id}", response_model=QuotationInDB)
|
|
async def update_quotation(
|
|
quotation_id: str,
|
|
body: QuotationUpdate,
|
|
generate_pdf: bool = Query(False),
|
|
_user: TokenPayload = Depends(require_permission("crm", "edit")),
|
|
db: AsyncSession = Depends(get_pg_session),
|
|
):
|
|
"""
|
|
Update a quotation. Pass ?generate_pdf=true to regenerate the PDF.
|
|
"""
|
|
old = await svc.get_quotation(quotation_id)
|
|
q = await svc.update_quotation(quotation_id, body, generate_pdf=generate_pdf)
|
|
_SKIP = {"updated_at", "id", "items", "pdf_path"}
|
|
changes = {
|
|
k: {"old": getattr(old, k, None), "new": getattr(q, k, None)}
|
|
for k in body.model_fields_set
|
|
if k not in _SKIP and getattr(old, k, None) != getattr(q, k, None)
|
|
}
|
|
await log_action(db, _user.sub, _user.name or _user.email, "UPDATE", "quotation",
|
|
quotation_id, q.quotation_number or quotation_id, changes=changes or None)
|
|
return q
|
|
|
|
|
|
@router.delete("/{quotation_id}", status_code=204)
|
|
async def delete_quotation(
|
|
quotation_id: str,
|
|
_user: TokenPayload = Depends(require_permission("crm", "edit")),
|
|
db: AsyncSession = Depends(get_pg_session),
|
|
):
|
|
q = await svc.get_quotation(quotation_id)
|
|
await svc.delete_quotation(quotation_id)
|
|
await log_action(db, _user.sub, _user.name or _user.email, "DELETE", "quotation",
|
|
quotation_id, q.quotation_number if q else quotation_id)
|
|
|
|
|
|
@router.post("/{quotation_id}/regenerate-pdf", response_model=QuotationInDB)
|
|
async def regenerate_pdf(
|
|
quotation_id: str,
|
|
_user: TokenPayload = Depends(require_permission("crm", "edit")),
|
|
):
|
|
"""Force PDF regeneration and re-upload to Nextcloud."""
|
|
return await svc.regenerate_pdf(quotation_id)
|
|
|
|
|
|
@router.post("/{quotation_id}/legacy-pdf", response_model=QuotationInDB)
|
|
async def upload_legacy_pdf(
|
|
quotation_id: str,
|
|
file: UploadFile = File(...),
|
|
_user: TokenPayload = Depends(require_permission("crm", "edit")),
|
|
):
|
|
"""Upload a PDF file for a legacy quotation and store its Nextcloud path."""
|
|
pdf_bytes = await file.read()
|
|
filename = file.filename or f"legacy-{quotation_id}.pdf"
|
|
return await svc.upload_legacy_pdf(quotation_id, pdf_bytes, filename)
|