orion/app/modules/tenancy/routes/api/vendor_profile.py

# app/modules/tenancy/routes/api/vendor_profile.py
"""
Vendor profile management endpoints.

Vendor Context: Uses token_vendor_id from JWT token (authenticated vendor API pattern).
The get_current_vendor_api dependency guarantees token_vendor_id is present.
"""

import logging

from fastapi import APIRouter, Depends
from sqlalchemy.orm import Session

from app.api.deps import get_current_vendor_api
from app.core.database import get_db
from app.services.vendor_service import vendor_service
from models.schema.auth import UserContext
from models.schema.vendor import VendorResponse, VendorUpdate

vendor_profile_router = APIRouter(prefix="/profile")
logger = logging.getLogger(__name__)


@vendor_profile_router.get("", response_model=VendorResponse)
def get_vendor_profile(
    current_user: UserContext = Depends(get_current_vendor_api),
    db: Session = Depends(get_db),
):
    """Get current vendor profile information."""
    vendor = vendor_service.get_vendor_by_id(db, current_user.token_vendor_id)
    return vendor


@vendor_profile_router.put("", response_model=VendorResponse)
def update_vendor_profile(
    vendor_update: VendorUpdate,
    current_user: UserContext = Depends(get_current_vendor_api),
    db: Session = Depends(get_db),
):
    """Update vendor profile information."""
    # Service handles permission checking and raises InsufficientPermissionsException if needed
    return vendor_service.update_vendor(
        db, current_user.token_vendor_id, vendor_update, current_user
    )