vendor features for admin and vendor admin area

2025-10-19 16:03:25 +02:00
parent 06bb463468
commit 9aee314837
15 changed files with 1693 additions and 471 deletions
--- a/app/api/v1/vendor/auth.py
+++ b/app/api/v1/vendor/auth.py
@@ -9,21 +9,32 @@ This module provides:
 """

 import logging
-from fastapi import APIRouter, Depends, Request
+from fastapi import APIRouter, Depends, Request, HTTPException
 from sqlalchemy.orm import Session

 from app.core.database import get_db
 from app.services.auth_service import auth_service
 from app.exceptions import InvalidCredentialsException
 from middleware.vendor_context import get_current_vendor
-from models.schema.auth import LoginResponse, UserLogin
-from models.database.vendor import Vendor
+from models.schema.auth import UserLogin
+from models.database.vendor import Vendor, VendorUser, Role
+from pydantic import BaseModel

-router = APIRouter()
+router = APIRouter(prefix="/auth")
 logger = logging.getLogger(__name__)


-@router.post("/login", response_model=LoginResponse)
+# Response model for vendor login
+class VendorLoginResponse(BaseModel):
+    access_token: str
+    token_type: str
+    expires_in: int
+    user: dict
+    vendor: dict
+    vendor_role: str
+
+
+@router.post("/login", response_model=VendorLoginResponse)
 def vendor_login(
        user_credentials: UserLogin,
        request: Request,
@@ -35,6 +46,18 @@ def vendor_login(
    Authenticates users who are part of a vendor team.
    Validates against vendor context if available.
    """
+    # Try to get vendor from middleware first
+    vendor = get_current_vendor(request)
+
+    # If no vendor from middleware, try to get from request body
+    if not vendor and hasattr(user_credentials, 'vendor_code'):
+        vendor_code = getattr(user_credentials, 'vendor_code', None)
+        if vendor_code:
+            vendor = db.query(Vendor).filter(
+                Vendor.vendor_code == vendor_code.upper(),
+                Vendor.is_active == True
+            ).first()
+
    # Authenticate user
    login_result = auth_service.login_user(db=db, user_credentials=user_credentials)
    user = login_result["user"]
@@ -44,32 +67,79 @@ def vendor_login(
        logger.warning(f"Admin user attempted vendor login: {user.username}")
        raise InvalidCredentialsException("Please use admin portal to login")

-    # Optional: Validate user belongs to current vendor context
-    vendor = get_current_vendor(request)
+    # Determine vendor and role
+    vendor_role = "Member"
+
    if vendor:
-        # Check if user is vendor owner or team member
-        is_owner = any(v.id == vendor.id for v in user.owned_vendors)
-        is_team_member = any(
-            vm.vendor_id == vendor.id and vm.is_active
-            for vm in user.vendor_memberships
-        )
+        # Check if user is vendor owner
+        is_owner = vendor.owner_user_id == user.id

-        if not (is_owner or is_team_member):
-            logger.warning(
-                f"User {user.username} attempted login to vendor {vendor.vendor_code} "
-                f"but is not authorized"
+        if is_owner:
+            vendor_role = "Owner"
+        else:
+            # Check if user is team member
+            vendor_user = db.query(VendorUser).join(Role).filter(
+                VendorUser.user_id == user.id,
+                VendorUser.vendor_id == vendor.id,
+                VendorUser.is_active == True
+            ).first()
+
+            if vendor_user:
+                vendor_role = vendor_user.role.name
+            else:
+                logger.warning(
+                    f"User {user.username} attempted login to vendor {vendor.vendor_code} "
+                    f"but is not authorized"
+                )
+                raise InvalidCredentialsException(
+                    "You do not have access to this vendor"
+                )
+    else:
+        # No vendor context - find which vendor this user belongs to
+        # Check owned vendors first
+        if user.owned_vendors:
+            vendor = user.owned_vendors[0]
+            vendor_role = "Owner"
+        # Check vendor memberships
+        elif user.vendor_memberships:
+            active_membership = next(
+                (vm for vm in user.vendor_memberships if vm.is_active),
+                None
            )
+            if active_membership:
+                vendor = active_membership.vendor
+                vendor_role = active_membership.role.name
+
+        if not vendor:
            raise InvalidCredentialsException(
-                "You do not have access to this vendor"
+                "User is not associated with any vendor"
            )

-    logger.info(f"Vendor team login successful: {user.username}")
+    logger.info(
+        f"Vendor team login successful: {user.username} "
+        f"for vendor {vendor.vendor_code} as {vendor_role}"
+    )

-    return LoginResponse(
+    return VendorLoginResponse(
        access_token=login_result["token_data"]["access_token"],
        token_type=login_result["token_data"]["token_type"],
        expires_in=login_result["token_data"]["expires_in"],
-        user=login_result["user"],
+        user={
+            "id": user.id,
+            "username": user.username,
+            "email": user.email,
+            "role": user.role,
+            "is_active": user.is_active
+        },
+        vendor={
+            "id": vendor.id,
+            "vendor_code": vendor.vendor_code,
+            "subdomain": vendor.subdomain,
+            "name": vendor.name,
+            "is_active": vendor.is_active,
+            "is_verified": vendor.is_verified
+        },
+        vendor_role=vendor_role
    )


@@ -80,4 +150,4 @@ def vendor_logout():

    Client should remove token from storage.
    """
-    return {"message": "Logged out successfully"}
+    return {"message": "Logged out successfully"}