changes done

Author: Khushi Yadav

backend/.idea/.gitignore

@@ -1,10 +1,11 @@
 from collections.abc import Generator
 from typing import Annotated
+from jose import jwt, JWTError
 
-import jwt
+#import jwt
 from fastapi import Depends, HTTPException, status
 from fastapi.security import OAuth2PasswordBearer
-from jwt.exceptions import InvalidTokenError
+#from jwt.exceptions import InvalidTokenError
 from pydantic import ValidationError
 from sqlmodel import Session
 
@@ -36,7 +37,7 @@ def get_current_user(session: SessionDep, token: TokenDep) -> User:
             token, settings.SECRET_KEY, algorithms=[security.ALGORITHM]
         )
         token_data = TokenPayload(**payload)
-    except (InvalidTokenError, ValidationError):
+    except (JWTError, ValidationError):
         raise HTTPException(
             status_code=status.HTTP_403_FORBIDDEN,
             detail="Could not validate credentials",

backend/.idea/backend.iml

@@ -1,13 +1,14 @@
 from fastapi import APIRouter
 
-from app.api.routes import items, login, private, users, utils
+from app.api.routes import items, login, private, users, utils ,organizations
 from app.core.config import settings
 
 api_router = APIRouter()
 api_router.include_router(login.router)
 api_router.include_router(users.router)
 api_router.include_router(utils.router)
 api_router.include_router(items.router)
+api_router.include_router(organizations.router)
 
 
 if settings.ENVIRONMENT == "local":

backend/.idea/inspectionProfiles/profiles_settings.xml

@@ -36,7 +36,7 @@ def read_items(
         items = session.exec(statement).all()
 
     return ItemsPublic(data=items, count=count)
-
+     
 
 @router.get("/{id}", response_model=ItemPublic)
 def read_item(session: SessionDep, current_user: CurrentUser, id: str) -> Any:

backend/.idea/misc.xml

@@ -0,0 +1,137 @@
+from typing import Any
+from fastapi import APIRouter, HTTPException
+from sqlmodel import select, func
+
+from app.api.deps import SessionDep, CurrentUser
+from app.models import (
+    Organization,
+    OrganizationCreate,
+    OrganizationUpdate,
+    OrganizationPublic,
+    OrganizationsPublic,
+    Message,
+
+)
+
+router = APIRouter(prefix="/organizations", tags=["organizations"])
+
+
+
+# GET /organizations → List all organizations
+
+@router.get("/", response_model=OrganizationsPublic)
+def read_organizations(
+    session: SessionDep, current_user: CurrentUser, skip: int = 0, limit: int = 100
+) -> Any:
+    """
+    Retrieve organizations.
+    - Superusers see all organizations.
+    - Normal users see only the ones they own or belong to.
+    """
+
+    if current_user.is_superuser:
+        count_statement = select(func.count()).select_from(Organization)
+        count = session.exec(count_statement).one()
+        statement = select(Organization).offset(skip).limit(limit)
+        organizations = session.exec(statement).all()
+    else:
+        # assuming each org has an 'owner_id' field similar to items
+        count_statement = (
+            select(func.count())
+            .select_from(Organization)
+            .where(Organization.owner_id == current_user.id)
+        )
+        count = session.exec(count_statement).one()
+        statement = (
+            select(Organization)
+            .where(Organization.owner_id == current_user.id)
+            .offset(skip)
+            .limit(limit)
+        )
+        organizations = session.exec(statement).all()
+
+    return OrganizationsPublic(data=organizations, count=count)
+
+
+
+# GET /organizations/{id} → Get a specific organization
+
+@router.get("/{id}", response_model=OrganizationPublic)
+def read_organization(
+    session: SessionDep, current_user: CurrentUser, id: str
+) -> Any:
+    """
+    Get organization by ID.
+    """
+    org = session.get(Organization, id)
+    if not org:
+        raise HTTPException(status_code=404, detail="Organization not found")
+    if not current_user.is_superuser and (org.owner_id != current_user.id):
+        raise HTTPException(status_code=400, detail="Not enough permissions")
+    return org
+
+
+
+# POST /organizations → Create a new organization
+
+@router.post("/", response_model=OrganizationPublic)
+def create_organization(
+    *, session: SessionDep, current_user: CurrentUser, org_in: OrganizationCreate
+) -> Any:
+    """
+    Create a new organization.
+    """
+    db_org = Organization.model_validate(org_in, update={"owner_id": current_user.id})
+    session.add(db_org)
+    session.commit()
+    session.refresh(db_org)
+    return db_org
+
+
+
+# PUT /organizations/{id} → Update an organization
+
+@router.put("/{id}", response_model=OrganizationPublic)
+def update_organization(
+    *,
+    session: SessionDep,
+    current_user: CurrentUser,
+    id: str,
+    org_in: OrganizationUpdate,
+) -> Any:
+    """
+    Update an organization.
+    """
+    org = session.get(Organization, id)
+    if not org:
+        raise HTTPException(status_code=404, detail="Organization not found")
+    if not current_user.is_superuser and (org.owner_id != current_user.id):
+        raise HTTPException(status_code=400, detail="Not enough permissions")
+
+    update_data = org_in.model_dump(exclude_unset=True)
+    org.sqlmodel_update(update_data)
+    session.add(org)
+    session.commit()
+    session.refresh(org)
+    return org
+
+
+
+# DELETE /organizations/{id} → Delete an organization
+
+@router.delete("/{id}", response_model=Message)
+def delete_organization(
+    session: SessionDep, current_user: CurrentUser, id: str
+) -> Message:
+    """
+    Delete an organization.
+    """
+    org = session.get(Organization, id)
+    if not org:
+        raise HTTPException(status_code=404, detail="Organization not found")
+    if not current_user.is_superuser and (org.owner_id != current_user.id):
+        raise HTTPException(status_code=400, detail="Not enough permissions")
+
+    session.delete(org)
+    session.commit()
+    return Message(message="Organization deleted successfully")