Fix order saving, isMyOrder, blocked waiters, options pricing; add preferences, table groups, product images

Backend: - OrderItemInput accepts option objects {id,name,price_delta} instead of int IDs - extra_cost from selected options added to unit_price snapshot - GET /api/products/?all=true for manager (includes unavailable) - PUT /api/products/{id} now replaces options, ingredients, preference_sets - POST /api/products/{id}/image — persistent image upload to /app/data/product_images - New models: ProductPreferenceSet, ProductPreferenceChoice, TableGroup - tables: group_id FK, hard delete (?hard=true), batch create POST /api/tables/batch - GET /api/tables/groups + POST/PUT/DELETE groups endpoints - POST /api/auth/me endpoint for token rehydration - Auto-migration on startup for new columns PWA: - AuthRehydrator: fetches /auth/me on load so isMyOrder works after page reload - 401 response force-logs out (covers blocked waiters) - ItemOptionsModal: uses extra_cost correctly, shows preferences as radio buttons Manager: - ProductsPage: shows unavailable products greyed out, category color picker + reorder, full option/ingredient/preference editing, image upload - TablesPage: table groups, auto-increment, deactivate vs hard delete, batch add
2026-04-20 18:39:51 +03:00
parent 8f52156f5b
commit 24a029a8cc
16 changed files with 826 additions and 172 deletions
--- a/local_backend/routers/auth.py
+++ b/local_backend/routers/auth.py
@@ -62,3 +62,8 @@ def refresh(token: str, db: Session = Depends(get_db)):
 def logout(token: str):
    _blacklisted_tokens.add(token)
    return {"status": "logged out"}
+
+
+@router.get("/me", response_model=UserOut)
+def me(db: Session = Depends(get_db), user: User = Depends(get_current_user)):
+    return user
--- a/local_backend/routers/orders.py
+++ b/local_backend/routers/orders.py
@@ -109,13 +109,18 @@ def add_items(
        product = db.query(Product).filter(Product.id == item_in.product_id).first()
        if not product or not product.is_available:
            raise HTTPException(status_code=400, detail=f"Product {item_in.product_id} not available")
+        # Calculate extra cost from selected options
+        extra_cost = sum(
+            (o.price_delta or o.extra_cost or 0.0)
+            for o in (item_in.selected_options or [])
+        )
        item = OrderItem(
            order_id=order_id,
            product_id=item_in.product_id,
            added_by=user.id,
            quantity=item_in.quantity,
-            unit_price=product.base_price,  # price snapshot
-            selected_options=json.dumps(item_in.selected_options) if item_in.selected_options else None,
+            unit_price=product.base_price + extra_cost,  # price snapshot with options
+            selected_options=json.dumps([o.model_dump() for o in item_in.selected_options]) if item_in.selected_options else None,
            removed_ingredients=json.dumps(item_in.removed_ingredients) if item_in.removed_ingredients else None,
            notes=item_in.notes,
        )
--- a/local_backend/routers/products.py
+++ b/local_backend/routers/products.py
@@ -1,20 +1,53 @@
-from fastapi import APIRouter, Depends, HTTPException, status
+import os
+import uuid
+from fastapi import APIRouter, Depends, HTTPException, status, UploadFile, File
 from sqlalchemy.orm import Session
 from typing import List

 from database import get_db
-from models.product import Product, Category, ProductOption, ProductIngredient
+from models.product import Product, Category, ProductOption, ProductIngredient, ProductPreferenceSet, ProductPreferenceChoice
 from models.user import User
 from schemas.product import (
    ProductCreate, ProductUpdate, ProductOut,
-    CategoryCreate, CategoryUpdate, CategoryOut,
+    CategoryCreate, CategoryUpdate, CategoryOut, CategoryReorderItem,
+    PreferenceSetCreate,
 )
 from routers.deps import get_current_user, require_manager

 router = APIRouter()

+IMAGE_DIR = "/app/data/product_images"

-# ── Categories ───────────────────────────────────────────────────────────────
+
+def _replace_options(db, product, options):
+    for opt in product.options:
+        db.delete(opt)
+    db.flush()
+    for opt in options:
+        db.add(ProductOption(product_id=product.id, **opt.model_dump()))
+
+
+def _replace_ingredients(db, product, ingredients):
+    for ing in product.ingredients:
+        db.delete(ing)
+    db.flush()
+    for ing in ingredients:
+        db.add(ProductIngredient(product_id=product.id, **ing.model_dump()))
+
+
+def _replace_preference_sets(db, product, sets: List[PreferenceSetCreate]):
+    for ps in product.preference_sets:
+        db.delete(ps)
+    db.flush()
+    for ps in sets:
+        new_set = ProductPreferenceSet(product_id=product.id, name=ps.name)
+        db.add(new_set)
+        db.flush()
+        for ch in ps.choices:
+            db.add(ProductPreferenceChoice(set_id=new_set.id, **ch.model_dump()))
+
+
+# ── Categories ────────────────────────────────────────────────────────────────

@router.get("/categories", response_model=List[CategoryOut])
 def list_categories(db: Session = Depends(get_db), user: User = Depends(get_current_user)):
@@ -23,13 +56,23 @@ def list_categories(db: Session = Depends(get_db), user: User = Depends(get_curr

@router.post("/categories", response_model=CategoryOut, status_code=status.HTTP_201_CREATED)
 def create_category(body: CategoryCreate, db: Session = Depends(get_db), user: User = Depends(require_manager)):
-    cat = Category(**body.model_dump())
+    max_order = db.query(Category).count()
+    cat = Category(name=body.name, color=body.color, sort_order=max_order)
    db.add(cat)
    db.commit()
    db.refresh(cat)
    return cat


+@router.put("/categories/reorder", status_code=status.HTTP_204_NO_CONTENT)
+def reorder_categories(items: List[CategoryReorderItem], db: Session = Depends(get_db), user: User = Depends(require_manager)):
+    for item in items:
+        cat = db.query(Category).filter(Category.id == item.id).first()
+        if cat:
+            cat.sort_order = item.sort_order
+    db.commit()
+
+
@router.put("/categories/{category_id}", response_model=CategoryOut)
 def update_category(category_id: int, body: CategoryUpdate, db: Session = Depends(get_db), user: User = Depends(require_manager)):
    cat = db.query(Category).filter(Category.id == category_id).first()
@@ -54,13 +97,16 @@ def delete_category(category_id: int, db: Session = Depends(get_db), user: User
 # ── Products ──────────────────────────────────────────────────────────────────

@router.get("/", response_model=List[ProductOut])
-def list_products(db: Session = Depends(get_db), user: User = Depends(get_current_user)):
-    return db.query(Product).filter(Product.is_available == True).all()
+def list_products(all: bool = False, db: Session = Depends(get_db), user: User = Depends(get_current_user)):
+    q = db.query(Product)
+    if not all or user.role not in ("manager", "sysadmin"):
+        q = q.filter(Product.is_available == True)
+    return q.all()


@router.post("/", response_model=ProductOut, status_code=status.HTTP_201_CREATED)
 def create_product(body: ProductCreate, db: Session = Depends(get_db), user: User = Depends(require_manager)):
-    data = body.model_dump(exclude={"options", "ingredients"})
+    data = body.model_dump(exclude={"options", "ingredients", "preference_sets"})
    product = Product(**data)
    db.add(product)
    db.flush()
@@ -68,6 +114,12 @@ def create_product(body: ProductCreate, db: Session = Depends(get_db), user: Use
        db.add(ProductOption(product_id=product.id, **opt.model_dump()))
    for ing in body.ingredients:
        db.add(ProductIngredient(product_id=product.id, **ing.model_dump()))
+    for ps in body.preference_sets:
+        new_set = ProductPreferenceSet(product_id=product.id, name=ps.name)
+        db.add(new_set)
+        db.flush()
+        for ch in ps.choices:
+            db.add(ProductPreferenceChoice(set_id=new_set.id, **ch.model_dump()))
    db.commit()
    db.refresh(product)
    return product
@@ -78,8 +130,45 @@ def update_product(product_id: int, body: ProductUpdate, db: Session = Depends(g
    product = db.query(Product).filter(Product.id == product_id).first()
    if not product:
        raise HTTPException(status_code=404, detail="Product not found")
-    for field, value in body.model_dump(exclude_none=True).items():
+    for field, value in body.model_dump(exclude_none=True, exclude={"options", "ingredients", "preference_sets"}).items():
        setattr(product, field, value)
+    if body.options is not None:
+        _replace_options(db, product, body.options)
+    if body.ingredients is not None:
+        _replace_ingredients(db, product, body.ingredients)
+    if body.preference_sets is not None:
+        _replace_preference_sets(db, product, body.preference_sets)
+    db.commit()
+    db.refresh(product)
+    return product
+
+
+@router.post("/{product_id}/image", response_model=ProductOut)
+async def upload_product_image(product_id: int, file: UploadFile = File(...), db: Session = Depends(get_db), user: User = Depends(require_manager)):
+    product = db.query(Product).filter(Product.id == product_id).first()
+    if not product:
+        raise HTTPException(status_code=404, detail="Product not found")
+
+    if not file.content_type.startswith("image/"):
+        raise HTTPException(status_code=400, detail="File must be an image")
+
+    os.makedirs(IMAGE_DIR, exist_ok=True)
+
+    # Delete old image if exists
+    if product.image_url:
+        old_path = os.path.join(IMAGE_DIR, os.path.basename(product.image_url))
+        if os.path.exists(old_path):
+            os.remove(old_path)
+
+    ext = file.filename.rsplit(".", 1)[-1].lower() if "." in file.filename else "jpg"
+    filename = f"{product_id}_{uuid.uuid4().hex[:8]}.{ext}"
+    filepath = os.path.join(IMAGE_DIR, filename)
+
+    contents = await file.read()
+    with open(filepath, "wb") as f:
+        f.write(contents)
+
+    product.image_url = f"/static/product_images/{filename}"
    db.commit()
    db.refresh(product)
    return product
--- a/local_backend/routers/tables.py
+++ b/local_backend/routers/tables.py
@@ -3,24 +3,72 @@ from sqlalchemy.orm import Session
 from typing import List

 from database import get_db
-from models.table import Table
+from models.table import Table, TableGroup
 from models.order import Order
 from models.user import User
-from schemas.table import TableCreate, TableUpdate, TableFloorplanUpdate, TableOut
+from schemas.table import (
+    TableCreate, TableUpdate, TableFloorplanUpdate, TableOut,
+    TableGroupCreate, TableGroupUpdate, TableGroupOut,
+    TableBatchCreate,
+)
 from routers.deps import get_current_user, require_manager

 router = APIRouter()


+# ── Table Groups ──────────────────────────────────────────────────────────────
+
+@router.get("/groups", response_model=List[TableGroupOut])
+def list_groups(db: Session = Depends(get_db), user: User = Depends(get_current_user)):
+    return db.query(TableGroup).order_by(TableGroup.sort_order).all()
+
+
+@router.post("/groups", response_model=TableGroupOut, status_code=status.HTTP_201_CREATED)
+def create_group(body: TableGroupCreate, db: Session = Depends(get_db), user: User = Depends(require_manager)):
+    if db.query(TableGroup).filter(TableGroup.name == body.name).first():
+        raise HTTPException(status_code=400, detail="Group name already exists")
+    sort_order = db.query(TableGroup).count()
+    group = TableGroup(name=body.name, sort_order=sort_order)
+    db.add(group)
+    db.commit()
+    db.refresh(group)
+    return group
+
+
+@router.put("/groups/{group_id}", response_model=TableGroupOut)
+def update_group(group_id: int, body: TableGroupUpdate, db: Session = Depends(get_db), user: User = Depends(require_manager)):
+    group = db.query(TableGroup).filter(TableGroup.id == group_id).first()
+    if not group:
+        raise HTTPException(status_code=404, detail="Group not found")
+    for field, value in body.model_dump(exclude_none=True).items():
+        setattr(group, field, value)
+    db.commit()
+    db.refresh(group)
+    return group
+
+
+@router.delete("/groups/{group_id}", status_code=status.HTTP_204_NO_CONTENT)
+def delete_group(group_id: int, db: Session = Depends(get_db), user: User = Depends(require_manager)):
+    group = db.query(TableGroup).filter(TableGroup.id == group_id).first()
+    if not group:
+        raise HTTPException(status_code=404, detail="Group not found")
+    db.query(Table).filter(Table.group_id == group_id).update({"group_id": None})
+    db.delete(group)
+    db.commit()
+
+
+# ── Tables ────────────────────────────────────────────────────────────────────
+
@router.get("/", response_model=List[TableOut])
-def list_tables(db: Session = Depends(get_db), user: User = Depends(get_current_user)):
-    return db.query(Table).filter(Table.is_active == True).all()
+def list_tables(include_inactive: bool = False, db: Session = Depends(get_db), user: User = Depends(get_current_user)):
+    q = db.query(Table)
+    if not include_inactive:
+        q = q.filter(Table.is_active == True)
+    return q.order_by(Table.group_id, Table.number).all()


@router.post("/", response_model=TableOut, status_code=status.HTTP_201_CREATED)
 def create_table(body: TableCreate, db: Session = Depends(get_db), user: User = Depends(require_manager)):
-    if db.query(Table).filter(Table.number == body.number).first():
-        raise HTTPException(status_code=400, detail="Table number already exists")
    table = Table(**body.model_dump())
    db.add(table)
    db.commit()
@@ -28,6 +76,28 @@ def create_table(body: TableCreate, db: Session = Depends(get_db), user: User =
    return table


+@router.post("/batch", response_model=List[TableOut], status_code=status.HTTP_201_CREATED)
+def batch_create_tables(body: TableBatchCreate, db: Session = Depends(get_db), user: User = Depends(require_manager)):
+    if body.count < 1 or body.count > 200:
+        raise HTTPException(status_code=400, detail="Count must be between 1 and 200")
+    created = []
+    for i in range(body.count):
+        n = body.start_number + i
+        table = Table(
+            number=n,
+            label=f"{body.name_prefix}{n}",
+            group_id=body.group_id,
+            is_active=True,
+        )
+        db.add(table)
+        db.flush()
+        created.append(table)
+    db.commit()
+    for t in created:
+        db.refresh(t)
+    return created
+
+
@router.put("/{table_id}", response_model=TableOut)
 def update_table(table_id: int, body: TableUpdate, db: Session = Depends(get_db), user: User = Depends(require_manager)):
    table = db.query(Table).filter(Table.id == table_id).first()
@@ -41,11 +111,20 @@ def update_table(table_id: int, body: TableUpdate, db: Session = Depends(get_db)


@router.delete("/{table_id}", status_code=status.HTTP_204_NO_CONTENT)
-def deactivate_table(table_id: int, db: Session = Depends(get_db), user: User = Depends(require_manager)):
+def delete_table(table_id: int, hard: bool = False, db: Session = Depends(get_db), user: User = Depends(require_manager)):
    table = db.query(Table).filter(Table.id == table_id).first()
    if not table:
        raise HTTPException(status_code=404, detail="Table not found")
-    table.is_active = False
+    if hard:
+        active_order = db.query(Order).filter(
+            Order.table_id == table_id,
+            Order.status.in_(["open", "partially_paid"])
+        ).first()
+        if active_order:
+            raise HTTPException(status_code=400, detail="Cannot delete table with active order")
+        db.delete(table)
+    else:
+        table.is_active = False
    db.commit()