fastapi · blueoc-bachnguyen · Dec 5, 2024 · Dec 5, 2024 · Dec 5, 2024 · Dec 6, 2024
diff --git a/backend/app/alembic/versions/80580dd7587b_add_three_tables.py b/backend/app/alembic/versions/80580dd7587b_add_three_tables.py
@@ -0,0 +1,47 @@
+"""add three tables
+
+Revision ID: 80580dd7587b
+Revises: 1a31ce608336
+Create Date: 2024-12-05 16:24:28.872367
+
+"""
+from alembic import op
+import sqlalchemy as sa
+import sqlmodel.sql.sqltypes
+
+
+# revision identifiers, used by Alembic.
+revision = '80580dd7587b'
+down_revision = '1a31ce608336'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.create_table('todo',
+    sa.Column('title', sqlmodel.sql.sqltypes.AutoString(length=255), nullable=False),
+    sa.Column('desc', sqlmodel.sql.sqltypes.AutoString(length=255), nullable=True),
+    sa.Column('id', sa.Uuid(), nullable=False),
+    sa.Column('user_id', sa.Uuid(), nullable=False),
+    sa.Column('status', sqlmodel.sql.sqltypes.AutoString(length=20), nullable=False),
+    sa.ForeignKeyConstraint(['user_id'], ['user.id'], ondelete='CASCADE'),
+    sa.PrimaryKeyConstraint('id')
+    )
+    op.create_table('subtodo',
+    sa.Column('title', sqlmodel.sql.sqltypes.AutoString(length=255), nullable=False),
+    sa.Column('desc', sqlmodel.sql.sqltypes.AutoString(length=255), nullable=True),
+    sa.Column('id', sa.Uuid(), nullable=False),
+    sa.Column('todo_id', sa.Uuid(), nullable=False),
+    sa.Column('status', sqlmodel.sql.sqltypes.AutoString(length=20), nullable=False),
+    sa.ForeignKeyConstraint(['todo_id'], ['todo.id'], ondelete='CASCADE'),
+    sa.PrimaryKeyConstraint('id')
+    )
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_table('subtodo')
+    op.drop_table('todo')
+    # ### end Alembic commands ###
diff --git a/backend/app/alembic/versions/f2d6aba28d7d_refine_db.py b/backend/app/alembic/versions/f2d6aba28d7d_refine_db.py
@@ -0,0 +1,63 @@
+"""refine db
+
+Revision ID: f2d6aba28d7d
+Revises: 80580dd7587b
+Create Date: 2024-12-06 14:59:08.495370
+
+"""
+from alembic import op
+import sqlalchemy as sa
+import sqlmodel.sql.sqltypes
+
+
+# revision identifiers, used by Alembic.
+revision = 'f2d6aba28d7d'
+down_revision = '80580dd7587b'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.alter_column('subtodo', 'desc',
+               existing_type=sa.VARCHAR(length=255),
+               nullable=False)
+    op.alter_column('subtodo', 'status',
+               existing_type=sa.VARCHAR(length=20),
+               type_=sqlmodel.sql.sqltypes.AutoString(length=255),
+               existing_nullable=False)
+    op.add_column('todo', sa.Column('owner_id', sa.Uuid(), nullable=False))
+    op.alter_column('todo', 'desc',
+               existing_type=sa.VARCHAR(length=255),
+               nullable=False)
+    op.alter_column('todo', 'status',
+               existing_type=sa.VARCHAR(length=20),
+               type_=sqlmodel.sql.sqltypes.AutoString(length=255),
+               existing_nullable=False)
+    op.drop_constraint('todo_user_id_fkey', 'todo', type_='foreignkey')
+    op.create_foreign_key(None, 'todo', 'user', ['owner_id'], ['id'], ondelete='CASCADE')
+    op.drop_column('todo', 'user_id')
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.add_column('todo', sa.Column('user_id', sa.UUID(), autoincrement=False, nullable=False))
+    op.drop_constraint(None, 'todo', type_='foreignkey')
+    op.create_foreign_key('todo_user_id_fkey', 'todo', 'user', ['user_id'], ['id'], ondelete='CASCADE')
+    op.alter_column('todo', 'status',
+               existing_type=sqlmodel.sql.sqltypes.AutoString(length=255),
+               type_=sa.VARCHAR(length=20),
+               existing_nullable=False)
+    op.alter_column('todo', 'desc',
+               existing_type=sa.VARCHAR(length=255),
+               nullable=True)
+    op.drop_column('todo', 'owner_id')
+    op.alter_column('subtodo', 'status',
+               existing_type=sqlmodel.sql.sqltypes.AutoString(length=255),
+               type_=sa.VARCHAR(length=20),
+               existing_nullable=False)
+    op.alter_column('subtodo', 'desc',
+               existing_type=sa.VARCHAR(length=255),
+               nullable=True)
+    # ### end Alembic commands ###
diff --git a/backend/app/api/main.py b/backend/app/api/main.py
@@ -1,13 +1,15 @@
 from fastapi import APIRouter
 
-from app.api.routes import items, login, private, users, utils
+from app.api.routes import items, login, private, todos, users, utils, sub_todo
 from app.core.config import settings
 
 api_router = APIRouter()
 api_router.include_router(login.router)
 api_router.include_router(users.router)
 api_router.include_router(utils.router)
 api_router.include_router(items.router)
+api_router.include_router(todos.router)
+api_router.include_router(sub_todo.router)
 
 
 if settings.ENVIRONMENT == "local":

diff --git a/backend/app/api/routes/sub_todo.py b/backend/app/api/routes/sub_todo.py
@@ -0,0 +1,149 @@
+import uuid
+from typing import Any
+
+from fastapi import APIRouter, HTTPException
+from sqlmodel import func, select
+
+from app.api.deps import CurrentUser, SessionDep
+from app.models import SubTodo, SubTodoCreate, SubTodoPublic, SubTodosPublic, SubTodoUpdate, Message, Todo
+
+router = APIRouter(prefix="/subtodos", tags=["subtodos"])
+
+
+@router.get("/", response_model=SubTodosPublic)
+def read_sub_todos(
+    session: SessionDep, current_user: CurrentUser, todo_id=uuid.UUID, skip: int = 0, limit: int = 100
+) -> Any:
+    """
+    Retrieve sub todos.
+    """
+
+    if current_user.is_superuser:
+        count_statement = select(func.count()).select_from(SubTodo)
+        count = session.exec(count_statement).one()
+        statement = select(SubTodo).offset(skip).limit(limit)
+        todos = session.exec(statement).all()
+    else:
+        count_statement = (
+            select(func.count())
+            .select_from(SubTodo)
+            .where(SubTodo.todo_id == todo_id)
+        )
+        count = session.exec(count_statement).one()
+        statement = (
+            select(SubTodo)
+            .where(SubTodo.todo_id == todo_id)
+            .offset(skip)
+            .limit(limit)
+        )
+        todos = session.exec(statement).all()
+
+    return SubTodosPublic(data=todos, count=count)
+
+
+@router.get("/{id}", response_model=SubTodoPublic)
+def read_item(session: SessionDep, current_user: CurrentUser, id: uuid.UUID) -> Any:
+    """
+    Get sub todo by ID.
+    """
+    sub_todo = session.get(SubTodo, id)
+    if not sub_todo:
+        raise HTTPException(status_code=404, detail="Sub todo not found")
+    return sub_todo
+
+@router.post("/", response_model=SubTodoPublic)
+def create_sub_todo(
+    *, session: SessionDep, sub_todo_in: SubTodoCreate
+) -> Any:
+    """
+    Create new sub todo.
+    """
+    todo = session.get(Todo, sub_todo_in.todo_id)
+    if not todo:
+        raise HTTPException(status_code=404, detail="Todo not found")
+    sub_todo = SubTodoCreate.model_validate(sub_todo_in)
+    create_todo = SubTodo(**dict(sub_todo))
+    session.add(create_todo)
+    session.commit()
+    session.refresh(create_todo)
+    return create_todo
+
+
+# @router.put("/{id}", response_model=SubTodoPublic)
+# def update_sub_todo(
+#     *,
+#     session: SessionDep,
+#     current_user: CurrentUser,
+#     id: uuid.UUID,
+#     todo_in: SubTodoUpdate,
+# ) -> Any:
+#     """
+#     Update an item.
+#     """
+#     sub_todo = session.get(SubTodo, id)
+#     if not sub_todo:
+#         raise HTTPException(status_code=404, detail="SubTodo not found")
+#     if not current_user.is_superuser and (sub_todo.owner_id != current_user.id):
+#         raise HTTPException(status_code=400, detail="Not enough permissions")
+#     update_dict = todo_in.model_dump(exclude_unset=True)
+#     sub_todo.sqlmodel_update(update_dict)
+#     session.add(sub_todo)
+#     session.commit()
+#     session.refresh(sub_todo)
+#     return sub_todo
+
+@router.put("/{id}", response_model=SubTodoPublic)
+def update_sub_todo(
+    *,
+    session: SessionDep,
+    current_user: CurrentUser,
+    id: uuid.UUID,
+    sub_todo_in: SubTodoUpdate,
+) -> Any:
+    """
+    Update a sub todo by ID.
+    """
+    # Fetch the sub todo by ID
+    sub_todo = session.get(SubTodo, id)
+    if not sub_todo:
+        raise HTTPException(status_code=404, detail="SubTodo not found")
+
+    # Fetch the associated parent todo for ownership verification
+    parent_todo = session.get(Todo, sub_todo.todo_id)
+    if not parent_todo:
+        raise HTTPException(status_code=404, detail="Parent Todo not found")
+
+    # Permission check: Ensure the user is the owner or a superuser
+    if not current_user.is_superuser and (parent_todo.owner_id != current_user.id):
+        raise HTTPException(status_code=403, detail="Not enough permissions")
+
+    # Update the SubTodo with the new data
+    update_data = sub_todo_in.model_dump(exclude_unset=True)
+    for key, value in update_data.items():
+        setattr(sub_todo, key, value)
+
+    # Commit changes to the database
+    session.add(sub_todo)
+    session.commit()
+    session.refresh(sub_todo)
+
+    return sub_todo
+
+@router.delete("/{id}")
+def delete_sub_todo(
+    session: SessionDep, current_user: CurrentUser, id: uuid.UUID
+) -> Message:
+    """
+    Delete a sub todo.
+    """
+    sub_todo = session.get(SubTodo, id)
+    if not sub_todo:
+        raise HTTPException(status_code=404, detail="SubTodo not found")
+    todo = session.get(Todo, sub_todo.todo_id)
+    if not todo:
+        raise HTTPException(status_code=404, detail="Todo not found")
+    if not current_user.is_superuser and (todo.owner_id != current_user.id):
+        raise HTTPException(status_code=400, detail="Not enough permissions")
+    session.delete(sub_todo)
+    session.commit()
+    return Message(message="SubTodo deleted successfully")
diff --git a/backend/app/api/routes/todos.py b/backend/app/api/routes/todos.py
@@ -0,0 +1,109 @@
+import uuid
+from typing import Any
+
+from fastapi import APIRouter, HTTPException
+from sqlmodel import func, select
+
+from app.api.deps import CurrentUser, SessionDep
+from app.models import Todo, TodoCreate, TodoPublic, TodosPublic, TodoUpdate, Message
+
+router = APIRouter(prefix="/todos", tags=["todos"])
+
+
+@router.get("/", response_model=TodosPublic)
+def read_todos(
+    session: SessionDep, current_user: CurrentUser, skip: int = 0, limit: int = 100
+) -> Any:
+    """
+    Retrieve todos.
+    """
+
+    if current_user.is_superuser:
+        count_statement = select(func.count()).select_from(Todo)
+        count = session.exec(count_statement).one()
+        statement = select(Todo).offset(skip).limit(limit)
+        todos = session.exec(statement).all()
+    else:
+        count_statement = (
+            select(func.count())
+            .select_from(Todo)
+            .where(Todo.owner_id == current_user.id)
+        )
+        count = session.exec(count_statement).one()
+        statement = (
+            select(Todo)
+            .where(Todo.owner_id == current_user.id)
+            .offset(skip)
+            .limit(limit)
+        )
+        todos = session.exec(statement).all()
+
+    return TodosPublic(data=todos, count=count)
+
+
+@router.get("/{id}", response_model=TodoPublic)
+def read_todo(session: SessionDep, current_user: CurrentUser, id: uuid.UUID) -> Any:
+    """
+    Get todo by ID.
+    """
+    todo = session.get(Todo, id)
+    if not todo:
+        raise HTTPException(status_code=404, detail="Task not found")
+    if not current_user.is_superuser and (todo.owner_id != current_user.id):
+        raise HTTPException(status_code=400, detail="Not enough permissions")
+    return todo
+
+# CurrentUser to authenticat ->middleware
+@router.post("/", response_model=TodoPublic)
+def create_todo(
+    *, session: SessionDep, current_user: CurrentUser, todo_in: TodoCreate
+) -> TodoPublic:
+    """
+    Create new todo.
+    """
+    todo = Todo.model_validate(todo_in, update={"owner_id": current_user.id})
+    session.add(todo)
+    session.commit()
+    session.refresh(todo)
+    return todo
+
+
+@router.put("/{id}", response_model=TodoPublic)
+def update_todo(
+    *,
+    session: SessionDep,
+    current_user: CurrentUser,
+    id: uuid.UUID,
+    todo_in: TodoUpdate,
+) -> Any:
+    """
+    Update an item.
+    """
+    todo = session.get(Todo, id)
+    if not todo:
+        raise HTTPException(status_code=404, detail="Task not found")
+    if not current_user.is_superuser and (todo.owner_id != current_user.id):
+        raise HTTPException(status_code=400, detail="Not enough permissions")
+    update_dict = todo_in.model_dump(exclude_unset=True)
+    todo.sqlmodel_update(update_dict)
+    session.add(todo)
+    session.commit()
+    session.refresh(todo)
+    return todo
+
+
+@router.delete("/{id}")
+def delete_item(
+    session: SessionDep, current_user: CurrentUser, id: uuid.UUID
+) -> Message:
+    """
+    Delete a todo.
+    """
+    todo = session.get(Todo, id)
+    if not todo:
+        raise HTTPException(status_code=404, detail="Task not found")
+    if not current_user.is_superuser and (todo.owner_id != current_user.id):
+        raise HTTPException(status_code=400, detail="Not enough permissions")
+    session.delete(todo)
+    session.commit()
+    return Message(message="Task deleted successfully")