✨ Refactor item management to document management in API and models

monicasmith463 · monicasmith463 · commit 5cc088976622 · 2025-07-18T16:38:09.000-07:00
diff --git a/backend/app/api/main.py b/backend/app/api/main.py
@@ -1,13 +1,13 @@
 from fastapi import APIRouter
 
-from app.api.routes import items, login, private, users, utils
+from app.api.routes import documents, login, private, users, utils
 from app.core.config import settings
 
 api_router = APIRouter()
 api_router.include_router(login.router)
 api_router.include_router(users.router)
 api_router.include_router(utils.router)
-api_router.include_router(items.router)
+api_router.include_router(documents.router)
 
 
 if settings.ENVIRONMENT == "local":
diff --git a/backend/app/api/routes/documents.py b/backend/app/api/routes/documents.py
@@ -0,0 +1,109 @@
+import uuid
+from typing import Any
+
+from fastapi import APIRouter, HTTPException
+from sqlmodel import func, select
+
+from app.api.deps import CurrentUser, SessionDep
+from app.models import Document, DocumentCreate, DocumentPublic, DocumentsPublic, DocumentUpdate, Message
+
+router = APIRouter(prefix="/documents", tags=["documents"])
+
+
+@router.get("/", response_model=DocumentsPublic)
+def read_documents(
+    session: SessionDep, current_user: CurrentUser, skip: int = 0, limit: int = 100
+) -> Any:
+    """
+    Retrieve documents.
+    """
+
+    if current_user.is_superuser:
+        count_statement = select(func.count()).select_from(Document)
+        count = session.exec(count_statement).one()
+        statement = select(Document).offset(skip).limit(limit)
+        documents = session.exec(statement).all()
+    else:
+        count_statement = (
+            select(func.count())
+            .select_from(Document)
+            .where(Document.owner_id == current_user.id)
+        )
+        count = session.exec(count_statement).one()
+        statement = (
+            select(Document)
+            .where(Document.owner_id == current_user.id)
+            .offset(skip)
+            .limit(limit)
+        )
+        documents = session.exec(statement).all()
+
+    return DocumentsPublic(data=documents, count=count)
+
+
+@router.get("/{id}", response_model=DocumentPublic)
+def read_document(session: SessionDep, current_user: CurrentUser, id: uuid.UUID) -> Any:
+    """
+    Get document by ID.
+    """
+    document = session.get(Document, id)
+    if not document:
+        raise HTTPException(status_code=404, detail="Document not found")
+    if not current_user.is_superuser and (document.owner_id != current_user.id):
+        raise HTTPException(status_code=400, detail="Not enough permissions")
+    return document
+
+
+@router.post("/", response_model=DocumentPublic)
+def create_document(
+    *, session: SessionDep, current_user: CurrentUser, document_in: DocumentCreate
+) -> Any:
+    """
+    Create new document.
+    """
+    document = Document.model_validate(document_in, update={"owner_id": current_user.id})
+    session.add(document)
+    session.commit()
+    session.refresh(document)
+    return document
+
+
+@router.put("/{id}", response_model=DocumentPublic)
+def update_document(
+    *,
+    session: SessionDep,
+    current_user: CurrentUser,
+    id: uuid.UUID,
+    document_in: DocumentUpdate,
+) -> Any:
+    """
+    Update an document.
+    """
+    document = session.get(Document, id)
+    if not document:
+        raise HTTPException(status_code=404, detail="Document not found")
+    if not current_user.is_superuser and (document.owner_id != current_user.id):
+        raise HTTPException(status_code=400, detail="Not enough permissions")
+    update_dict = document_in.model_dump(exclude_unset=True)
+    document.sqlmodel_update(update_dict)
+    session.add(document)
+    session.commit()
+    session.refresh(document)
+    return document
+
+
+@router.delete("/{id}")
+def delete_document(
+    session: SessionDep, current_user: CurrentUser, id: uuid.UUID
+) -> Message:
+    """
+    Delete an document.
+    """
+    document = session.get(Document, id)
+    if not document:
+        raise HTTPException(status_code=404, detail="Document not found")
+    if not current_user.is_superuser and (document.owner_id != current_user.id):
+        raise HTTPException(status_code=400, detail="Not enough permissions")
+    session.delete(document)
+    session.commit()
+    return Message(message="Document deleted successfully")
diff --git a/backend/app/api/routes/users.py b/backend/app/api/routes/users.py
@@ -13,7 +13,7 @@
 from app.core.config import settings
 from app.core.security import get_password_hash, verify_password
 from app.models import (
-    Item,
+    Document,
     Message,
     UpdatePassword,
     User,
@@ -219,7 +219,7 @@ def delete_user(
         raise HTTPException(
             status_code=403, detail="Super users are not allowed to delete themselves"
         )
-    statement = delete(Item).where(col(Item.owner_id) == user_id)
+    statement = delete(Document).where(col(Document.owner_id) == user_id)
     session.exec(statement)  # type: ignore
     session.delete(user)
     session.commit()
diff --git a/backend/app/crud.py b/backend/app/crud.py
@@ -4,7 +4,7 @@
 from sqlmodel import Session, select
 
 from app.core.security import get_password_hash, verify_password
-from app.models import Item, ItemCreate, User, UserCreate, UserUpdate
+from app.models import Document, DocumentCreate, User, UserCreate, UserUpdate
 
 
 def create_user(*, session: Session, user_create: UserCreate) -> User:
@@ -46,9 +46,9 @@ def authenticate(*, session: Session, email: str, password: str) -> User | None:
     return db_user
 
 
-def create_item(*, session: Session, item_in: ItemCreate, owner_id: uuid.UUID) -> Item:
-    db_item = Item.model_validate(item_in, update={"owner_id": owner_id})
-    session.add(db_item)
+def create_document(*, session: Session, document_in: DocumentCreate, owner_id: uuid.UUID) -> Document:
+    db_document = Document.model_validate(document_in, update={"owner_id": owner_id})
+    session.add(db_document)
     session.commit()
-    session.refresh(db_item)
-    return db_item
+    session.refresh(db_document)
+    return db_document
diff --git a/backend/app/models.py b/backend/app/models.py
@@ -43,7 +43,7 @@ class UpdatePassword(SQLModel):
 class User(UserBase, table=True):
     id: uuid.UUID = Field(default_factory=uuid.uuid4, primary_key=True)
     hashed_password: str
-    items: list["Item"] = Relationship(back_populates="owner", cascade_delete=True)
+    documents: list["Document"] = Relationship(back_populates="owner", cascade_delete=True)
 
 
 # Properties to return via API, id is always required
@@ -57,38 +57,38 @@ class UsersPublic(SQLModel):
 
 
 # Shared properties
-class ItemBase(SQLModel):
+class DocumentBase(SQLModel):
     title: str = Field(min_length=1, max_length=255)
     description: str | None = Field(default=None, max_length=255)
 
 
-# Properties to receive on item creation
-class ItemCreate(ItemBase):
+# Properties to receive on document creation
+class DocumentCreate(DocumentBase):
     pass
 
 
-# Properties to receive on item update
-class ItemUpdate(ItemBase):
+# Properties to receive on document update
+class DocumentUpdate(DocumentBase):
     title: str | None = Field(default=None, min_length=1, max_length=255)  # type: ignore
 
 
 # Database model, database table inferred from class name
-class Item(ItemBase, table=True):
+class Document(DocumentBase, table=True):
     id: uuid.UUID = Field(default_factory=uuid.uuid4, primary_key=True)
     owner_id: uuid.UUID = Field(
         foreign_key="user.id", nullable=False, ondelete="CASCADE"
     )
-    owner: User | None = Relationship(back_populates="items")
+    owner: User | None = Relationship(back_populates="documents")
 
 
 # Properties to return via API, id is always required
-class ItemPublic(ItemBase):
+class DocumentPublic(DocumentBase):
     id: uuid.UUID
     owner_id: uuid.UUID
 
 
-class ItemsPublic(SQLModel):
-    data: list[ItemPublic]
+class DocumentsPublic(SQLModel):
+    data: list[DocumentPublic]
     count: int
 
 
diff --git a/backend/app/tests/conftest.py b/backend/app/tests/conftest.py
@@ -7,7 +7,7 @@
 from app.core.config import settings
 from app.core.db import engine, init_db
 from app.main import app
-from app.models import Item, User
+from app.models import Document, User
 from app.tests.utils.user import authentication_token_from_email
 from app.tests.utils.utils import get_superuser_token_headers
 
@@ -17,7 +17,7 @@ def db() -> Generator[Session, None, None]:
     with Session(engine) as session:
         init_db(session)
         yield session
-        statement = delete(Item)
+        statement = delete(Document)
         session.execute(statement)
         statement = delete(User)
         session.execute(statement)
diff --git a/backend/app/tests/utils/document.py b/backend/app/tests/utils/document.py
@@ -0,0 +1,16 @@
+from sqlmodel import Session
+
+from app import crud
+from app.models import Document, DocumentCreate
+from app.tests.utils.user import create_random_user
+from app.tests.utils.utils import random_lower_string
+
+
+def create_random_document(db: Session) -> Document:
+    user = create_random_user(db)
+    owner_id = user.id
+    assert owner_id is not None
+    title = random_lower_string()
+    description = random_lower_string()
+    document_in = DocumentCreate(title=title, description=description)
+    return crud.create_document(session=db, document_in=document_in, owner_id=owner_id)
