# app/api/v1/admin/vendors.py """ Vendor management endpoints for admin. """ import logging from typing import Optional from fastapi import APIRouter, Depends, Query, HTTPException from sqlalchemy.orm import Session from app.api.deps import get_current_admin_user from app.core.database import get_db from app.services.admin_service import admin_service from models.schema.vendor import VendorListResponse, VendorResponse, VendorCreate from models.database.user import User router = APIRouter(prefix="/vendors") logger = logging.getLogger(__name__) @router.post("", response_model=VendorResponse) def create_vendor_with_owner( vendor_data: VendorCreate, db: Session = Depends(get_db), current_admin: User = Depends(get_current_admin_user), ): """ Create a new vendor with owner user account (Admin only). This endpoint: 1. Creates a new vendor 2. Creates an owner user account for the vendor 3. Sets up default roles (Owner, Manager, Editor, Viewer) 4. Sends welcome email to vendor owner (if email service configured) Returns the created vendor with owner information. """ vendor, owner_user, temp_password = admin_service.create_vendor_with_owner( db=db, vendor_data=vendor_data ) return { **VendorResponse.model_validate(vendor).model_dump(), "owner_email": owner_user.email, "owner_username": owner_user.username, "temporary_password": temp_password, # Only shown once! "login_url": f"{vendor.subdomain}.platform.com/vendor/login" if vendor.subdomain else None } @router.get("", response_model=VendorListResponse) def get_all_vendors_admin( skip: int = Query(0, ge=0), limit: int = Query(100, ge=1, le=1000), search: Optional[str] = Query(None, description="Search by name or vendor code"), is_active: Optional[bool] = Query(None), is_verified: Optional[bool] = Query(None), db: Session = Depends(get_db), current_admin: User = Depends(get_current_admin_user), ): """Get all vendors with admin view (Admin only).""" vendors, total = admin_service.get_all_vendors( db=db, skip=skip, limit=limit, search=search, is_active=is_active, is_verified=is_verified ) return VendorListResponse(vendors=vendors, total=total, skip=skip, limit=limit) @router.get("/{vendor_id}", response_model=VendorResponse) def get_vendor_details( vendor_id: int, db: Session = Depends(get_db), current_admin: User = Depends(get_current_admin_user), ): """Get detailed vendor information (Admin only).""" vendor = admin_service.get_vendor_by_id(db, vendor_id) return VendorResponse.model_validate(vendor) @router.put("/{vendor_id}/verify") def verify_vendor( vendor_id: int, db: Session = Depends(get_db), current_admin: User = Depends(get_current_admin_user), ): """Verify/unverify vendor (Admin only).""" vendor, message = admin_service.verify_vendor(db, vendor_id) return {"message": message, "vendor": VendorResponse.model_validate(vendor)} @router.put("/{vendor_id}/status") def toggle_vendor_status( vendor_id: int, db: Session = Depends(get_db), current_admin: User = Depends(get_current_admin_user), ): """Toggle vendor active status (Admin only).""" vendor, message = admin_service.toggle_vendor_status(db, vendor_id) return {"message": message, "vendor": VendorResponse.model_validate(vendor)} @router.delete("/{vendor_id}") def delete_vendor( vendor_id: int, confirm: bool = Query(False, description="Must be true to confirm deletion"), db: Session = Depends(get_db), current_admin: User = Depends(get_current_admin_user), ): """ Delete vendor and all associated data (Admin only). WARNING: This is destructive and will delete: - Vendor account - All products - All orders - All customers - All team members Requires confirmation parameter. """ if not confirm: raise HTTPException( status_code=400, detail="Deletion requires confirmation parameter: confirm=true" ) message = admin_service.delete_vendor(db, vendor_id) return {"message": message} @router.get("/stats/vendors") def get_vendor_statistics( db: Session = Depends(get_db), current_admin: User = Depends(get_current_admin_user), ): """Get vendor statistics for admin dashboard (Admin only).""" return admin_service.get_vendor_statistics(db)