feat: update API endpoints for company-vendor architecture

- Add transfer-ownership endpoint to companies API - Add user search endpoint for autocomplete (/admin/users/search) - Update company detail endpoint to include owner info and vendors list - Update vendor endpoints to use company relationship for ownership - Update deps.py vendor access check to use company.owner_user_id 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-02 19:39:31 +01:00
parent ec2885dab5
commit 66c967a04e
6 changed files with 194 additions and 143 deletions
--- a/app/api/deps.py
+++ b/app/api/deps.py
@@ -513,13 +513,20 @@ def get_user_vendor(
        VendorNotFoundException: If vendor doesn't exist
        UnauthorizedVendorAccessException: If user doesn't have access
    """
-    vendor = db.query(Vendor).filter(Vendor.vendor_code == vendor_code.upper()).first()
+    from sqlalchemy.orm import joinedload
+
+    vendor = (
+        db.query(Vendor)
+        .options(joinedload(Vendor.company))
+        .filter(Vendor.vendor_code == vendor_code.upper())
+        .first()
+    )

    if not vendor:
        raise VendorNotFoundException(vendor_code)

-    # Check if user owns this vendor
-    if vendor.owner_user_id == current_user.id:
+    # Check if user owns this vendor (via company ownership)
+    if vendor.company and vendor.company.owner_user_id == current_user.id:
        return vendor

    # Check if user is team member