orion/app/api/v1/vendor/profile.py

# app/api/v1/vendor/profile.py
"""
Vendor profile management endpoints.

Vendor Context: Uses token_vendor_id from JWT token (authenticated vendor API pattern)
"""

import logging

from fastapi import APIRouter, Depends
from sqlalchemy.orm import Session

from app.api.deps import get_current_vendor_api
from app.core.database import get_db
from app.exceptions import InsufficientPermissionsException, InvalidTokenException
from app.services.vendor_service import vendor_service
from models.database.user import User
from models.schema.vendor import VendorResponse, VendorUpdate

router = APIRouter(prefix="/profile")
logger = logging.getLogger(__name__)


def _get_vendor_from_token(current_user: User, db: Session):
    """Helper to get vendor from JWT token."""
    if not hasattr(current_user, "token_vendor_id"):
        raise InvalidTokenException("Token missing vendor information. Please login again.")
    return vendor_service.get_vendor_by_id(db, current_user.token_vendor_id)


@router.get("", response_model=VendorResponse)
def get_vendor_profile(
    current_user: User = Depends(get_current_vendor_api),
    db: Session = Depends(get_db),
):
    """Get current vendor profile information."""
    vendor = _get_vendor_from_token(current_user, db)
    return vendor


@router.put("", response_model=VendorResponse)
def update_vendor_profile(
    vendor_update: VendorUpdate,
    current_user: User = Depends(get_current_vendor_api),
    db: Session = Depends(get_db),
):
    """Update vendor profile information."""
    vendor = _get_vendor_from_token(current_user, db)

    # Verify user has permission to update vendor
    if not vendor_service.can_update_vendor(vendor, current_user):
        raise InsufficientPermissionsException(required_permission="vendor:profile:update")

    return vendor_service.update_vendor(db, vendor.id, vendor_update)